6.5
CVE-2026-54468
- EPSS -
- Veröffentlicht 10.07.2026 12:17:23
- Zuletzt bearbeitet 10.07.2026 19:17:24
- Quelle security_alert@emc.com
- CVE-Watchlists
- Unerledigt
Dell Unisphere for PowerMax, version(s) 10.3.0.5 and prior, contain(s) a path traversal vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability to read arbitrary files.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerDell
≫
Produkt
Unisphere for PowerMax
Default Statusunaffected
Version
0
Version <
10.3.0.7 or later
Status
affected
Version
0
Version <
10.3.1.1 Patch 11360 or later
Status
affected
VulnDex Vulnerability Enrichment
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security_alert@emc.com | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
https://www.dell.com/support/kbdoc/en-us/000483543/dsa-2026-272-dell-powermaxos-dell-powermax-eem-dell-unisphere-for-powermax-dell-unisphere-for-powermax-virtualappliance-dell-unisphere-360-dell-solutionsenabler-and-dell-solutionsenabler-virtualappliance-security-update-for-multiple-vulnerabilities