8

CVE-2021-36338

Unisphere for PowerMax versions prior to 9.2.2.2 contains a privilege escalation vulnerability. An adjacent malicious user could potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to. CVE-2022-31233 addresses the partial fix in CVE-2021-36338.

Data is provided by the National Vulnerability Database (NVD)
DellSolutions Enabler Version < 9.1.0.18
DellSolutions Enabler Version >= 9.2.0.0 < 9.2.3.0
DellSolutions Enabler Virtual Appliance Version >= 9.2.0.0 < 9.2.3.0
DellUnisphere 360 Version < 9.1.0.29
DellUnisphere 360 Version >= 9.2.0.0 < 9.2.3.3
DellUnisphere For Powermax Version < 9.1.0.31
DellUnisphere For Powermax Version >= 9.2.0.0 < 9.2.3.4
DellUnisphere For Powermax Virtual Appliance Version >= 9.2.0.0 < 9.2.3.4
DellVasa Version < 9.1.0.723
DellVasa Version >= 9.2.0.0 < 9.2.3.0
DellPowermax Os Version5978
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.16% 0.375
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 8 2.1 5.9
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 5.2 5.1 6.4
AV:A/AC:L/Au:S/C:P/I:P/A:P
security_alert@emc.com 6.3 2.1 4.2
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
CWE-565 Reliance on Cookies without Validation and Integrity Checking

The product relies on the existence or values of cookies when performing security-critical operations, but it does not properly ensure that the setting is valid for the associated user.

CWE-602 Client-Side Enforcement of Server-Side Security

The product is composed of a server that relies on the client to implement a mechanism that is intended to protect the server.