9.8
CVE-2025-43995
- EPSS 0.17%
- Veröffentlicht 24.10.2025 14:09:55
- Zuletzt bearbeitet 04.11.2025 14:43:05
- Quelle security_alert@emc.com
- CVE-Watchlists
- Unerledigt
Dell Storage Center - Dell Storage Manager, version(s) 20.1.21, contain(s) an Improper Authentication vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass. Authentication Bypass in DSM Data Collector. An unauthenticated remote attacker can access APIs exposed by ApiProxy.war in DataCollectorEar.ear by using a special SessionKey and UserId. These userid are special users created in compellentservicesapi for special purposes.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Dell ≫ Storage Manager Version < 2020
Dell ≫ Storage Manager Version2020 Updater1
Dell ≫ Storage Manager Version2020 Updater1.10
Dell ≫ Storage Manager Version2020 Updater1.2
Dell ≫ Storage Manager Version2020 Updater1.20
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.17% | 0.383 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security_alert@emc.com | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.