Headline
CVE-2022-34452: DSA-2022-283: PowerPath Management Appliance Security Update for Multiple Security Vulnerabilities
PowerPath Management Appliance with versions 3.3, 3.2, 3.1 & 3.0 contains sensitive information disclosure vulnerability. An Authenticated admin user can able to exploit the issue and view sensitive information stored in the logs.
Vaikutus
High
Tiedot
Proprietary Code CVEs
Description
CVSS Base Score
CVSS Vector String
CVE-2022-34446
PowerPath Management Appliance with versions 3.3 and 3.2* contains Authorization Bypass vulnerability. An authenticated remote user with limited privileges (such as, of role Monitoring) may potentially exploit this issue and gain access to sensitive information and modify the configuration.
8.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-34447
PowerPath Management Appliance with versions 3.3, 3.2*, 3.1, and 3.0* contains operating system Command Injection vulnerability. An authenticated remote attacker with administrative privileges may potentially exploit the issue and perform commands on the system as the root user.
7.2
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-34448
PowerPath Management Appliance with versions 3.3, 3.2*, 3.1, and 3.0* contains a Cross-site Request Forgery vulnerability. An unauthenticated nonprivileged user may potentially exploit the issue and perform any privileged state-changing actions.
8.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-34449
PowerPath Management Appliance with versions 3.3 and 3.2* contains a hard-coded Cryptographic Keys vulnerability. Authenticated admin users may potentially exploit the issue that leads to view and modifying sensitive information that is stored in the application.
6.0
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
CVE-2022-34450
PowerPath Management Appliance with version 3.3 contains Privilege Escalation vulnerability. An authenticated admin user may potentially exploit this issue and gain unrestricted control/code execution on the system as root.
6.7
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-34451
PowerPath Management Appliance with versions 3.3, 3.2*, 3.1, and 3.0* contains a Stored Cross-site Scripting Vulnerability. An authenticated admin user may potentially exploit this vulnerability to hijack user sessions or trick a victim application user into unknowingly send arbitrary requests to the server.
4.8
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
CVE-2022-34452
PowerPath Management Appliance with versions 3.3, 3.2*, 3.1, and 3.0* contains sensitive information disclosure vulnerability. An Authenticated admin user may potentially be able to exploit the issue and view sensitive information that is stored in the logs.
2.7
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Proprietary Code CVEs
Description
CVSS Base Score
CVSS Vector String
CVE-2022-34446
PowerPath Management Appliance with versions 3.3 and 3.2* contains Authorization Bypass vulnerability. An authenticated remote user with limited privileges (such as, of role Monitoring) may potentially exploit this issue and gain access to sensitive information and modify the configuration.
8.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-34447
PowerPath Management Appliance with versions 3.3, 3.2*, 3.1, and 3.0* contains operating system Command Injection vulnerability. An authenticated remote attacker with administrative privileges may potentially exploit the issue and perform commands on the system as the root user.
7.2
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-34448
PowerPath Management Appliance with versions 3.3, 3.2*, 3.1, and 3.0* contains a Cross-site Request Forgery vulnerability. An unauthenticated nonprivileged user may potentially exploit the issue and perform any privileged state-changing actions.
8.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-34449
PowerPath Management Appliance with versions 3.3 and 3.2* contains a hard-coded Cryptographic Keys vulnerability. Authenticated admin users may potentially exploit the issue that leads to view and modifying sensitive information that is stored in the application.
6.0
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
CVE-2022-34450
PowerPath Management Appliance with version 3.3 contains Privilege Escalation vulnerability. An authenticated admin user may potentially exploit this issue and gain unrestricted control/code execution on the system as root.
6.7
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-34451
PowerPath Management Appliance with versions 3.3, 3.2*, 3.1, and 3.0* contains a Stored Cross-site Scripting Vulnerability. An authenticated admin user may potentially exploit this vulnerability to hijack user sessions or trick a victim application user into unknowingly send arbitrary requests to the server.
4.8
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
CVE-2022-34452
PowerPath Management Appliance with versions 3.3, 3.2*, 3.1, and 3.0* contains sensitive information disclosure vulnerability. An Authenticated admin user may potentially be able to exploit the issue and view sensitive information that is stored in the logs.
2.7
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.
Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen
CVEs Addressed
Product
Affected Versions
Updated Versions
Link to Update
CVE-2022-34447
PowerPath Management Appliance
3.3, 3.2*, 3.1 & 3.0*
3.4
https://www.dell.com/support/home/en-us/product-support/product/powerpath-management-appliance/drivers
CVE-2022-34448
CVE-2022-34451
CVE-2022-34452
CVE-2022-34446
PowerPath Management Appliance
3.3 & 3.2*
3.4
https://www.dell.com/support/home/en-us/product-support/product/powerpath-management-appliance/drivers
CVE-2022-34449
CVE-2022-34450
PowerPath Management Appliance
3.3
3.4
https://www.dell.com/support/home/en-us/product-support/product/powerpath-management-appliance/drivers
CVEs Addressed
Product
Affected Versions
Updated Versions
Link to Update
CVE-2022-34447
PowerPath Management Appliance
3.3, 3.2*, 3.1 & 3.0*
3.4
https://www.dell.com/support/home/en-us/product-support/product/powerpath-management-appliance/drivers
CVE-2022-34448
CVE-2022-34451
CVE-2022-34452
CVE-2022-34446
PowerPath Management Appliance
3.3 & 3.2*
3.4
https://www.dell.com/support/home/en-us/product-support/product/powerpath-management-appliance/drivers
CVE-2022-34449
CVE-2022-34450
PowerPath Management Appliance
3.3
3.4
https://www.dell.com/support/home/en-us/product-support/product/powerpath-management-appliance/drivers
Versiohistoria
Revision
Date
Description
1.0
2022-11-15
Initial Release
Asiaan liittyvät tiedot
Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide
15 marrask. 2022
Related news
PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* contains a Stored Cross-site Scripting Vulnerability. An authenticated admin user could potentially exploit this vulnerability, to hijack user sessions or trick a victim application user into unknowingly send arbitrary requests to the server.