Description
Dell VxRail versions before 7.0.200 contain a Plain-text Password Storage Vulnerability in VxRail Manager. A sys-admin user may exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.
Published: 2026-05-22
Score: 6.7 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability allows a system administrator to read stored user credentials in plain text within VxRail Manager. This flaw enables the attacker to learn legitimate usernames and passwords, potentially gaining unauthorized access to the application under the privileges of the compromised account. The weakness is a plain-text password storage issue, classified as CWE-532.

Affected Systems

Dell VxRail, all versions earlier than 7.0.200, includes the VxRail Manager component.

Risk and Exploitability

The CVSS score of 6.7 reflects a moderate severity. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector requires the attacker to have sys‑administrator privileges on the VxRail system; thus, compromise of a privileged local account can expose credentials and allow escalation within the application. No remote code execution or denial of service is described. Given the moderate CVSS score and the need for elevated local access, the risk is considered moderate but significant for environments that rely on credential integrity.

Generated by OpenCVE AI on May 22, 2026 at 15:38 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Dell VxRail to version 7.0.200 or later to eliminate the plain‑text credential storage flaw.
  • Verify that the VxRail Manager no longer stores passwords in plain text and that all stored credentials are encrypted.
  • Revoke any credentials that may have been exposed, reset passwords for affected accounts, and enforce a policy of strong, unique passwords.

Generated by OpenCVE AI on May 22, 2026 at 15:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 22 May 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 22 May 2026 16:00:00 +0000

Type Values Removed Values Added
Title Plain-text Password Storage Vulnerability in Dell VxRail Manager Exposes User Credentials

Fri, 22 May 2026 14:30:00 +0000

Type Values Removed Values Added
Description Dell VxRail versions before 7.0.200 contain a Plain-text Password Storage Vulnerability in VxRail Manager. A sys-admin user may exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.
Weaknesses CWE-532
References
Metrics cvssV3_1

{'score': 6.7, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-05-23T03:55:54.259Z

Reserved: 2021-01-04T15:38:42.768Z

Link: CVE-2021-21508

cve-icon Vulnrichment

Updated: 2026-05-22T16:04:35.755Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-22T15:45:16Z

Weaknesses