2.7
CVE-2022-34452
- EPSS 0.44%
- Veröffentlicht 10.02.2023 10:15:10
- Zuletzt bearbeitet 21.11.2024 07:09:35
- Quelle security_alert@emc.com
- CVE-Watchlists
- Unerledigt
PowerPath Management Appliance with versions 3.3, 3.2*, 3.1 & 3.0* contains sensitive information disclosure vulnerability. An Authenticated admin user can able to exploit the issue and view sensitive information stored in the logs.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Dell ≫ Powerpath Management Appliance Version >= 3.0 < 3.4
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.44% | 0.346 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 2.7 | 1.2 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
|
| security_alert@emc.com | 2.7 | 1.2 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
|
CWE-598 Use of HTTP Request With Sensitive Query String
The web application uses an HTTP method to process a request, but the request includes sensitive information in the query string.
CWE-668 Exposure of Resource to Wrong Sphere
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.
https://www.dell.com/support/kbdoc/en-us/000205404/dsa-2022-283-powerpath-management-appliance-security-update-for-multiple-security-vulnerabilities