Description
Dell Unisphere for PowerMax vApp version prior to 10.0.0.2, contains an authorization bypass vulnerability in the  Unisphere for VMAX application running in vApp
Published: 2026-05-22
Score: 6.5 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an authorization bypass flaw in Dell Unisphere for PowerMax vApp that allows an attacker to gain privileged access to the Unisphere for VMAX application. By exploiting this weakness, an attacker could elevate privileges and perform administrative functions normally restricted to authorized users, potentially compromising the confidentiality, integrity, and availability of the VMAX storage environment. The weakness maps to CWE‑285, indicating that improper authorization checks exist within the application code.

Affected Systems

This flaw affects Dell Unisphere 360, Dell Unisphere for PowerMax, and Dell Unisphere for PowerMax Virtual Appliance. Any deployment running Unisphere for PowerMax vApp before version 10.0.0.2 is vulnerable. The affected systems are typically a virtual appliance that hosts the Unisphere UI and backend processes, used for managing VMAX storage arrays.

Risk and Exploitability

The CVSS score of 6.5 reflects a medium‑to‑high severity, and there is no EPSS data available. The flaw is not listed in the CISA KEV catalog, which suggests no confirmed widespread exploitation yet. Based on the description, the attack vector is likely remote, as the Unisphere UI is accessed over a network. Exploitation would require the attacker to be able to reach the vApp, bypass authentication or authorization checks, and then perform administrative operations. Consequently, the risk is significant for organizations that expose the vApp to untrusted networks or do not enforce strict role‑based access controls.

Generated by OpenCVE AI on May 22, 2026 at 16:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Unisphere for PowerMax vApp to version 10.0.0.2 or later, ensuring the patch that eliminates the authorization bypass is applied.
  • Verify that all users authorized to access the vApp have the least‑privilege roles and that no privileged accounts are unnecessarily exposed.
  • Restrict network access to the vApp by permitting traffic only from approved management hosts, using firewall rules or a dedicated management VLAN to limit potential attackers’ reach.

Generated by OpenCVE AI on May 22, 2026 at 16:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 22 May 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 22 May 2026 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Dell
Dell unisphere 360
Dell unisphere For Powermax
Dell unisphere For Powermax Virtual Appliance
Vendors & Products Dell
Dell unisphere 360
Dell unisphere For Powermax
Dell unisphere For Powermax Virtual Appliance

Fri, 22 May 2026 16:45:00 +0000

Type Values Removed Values Added
Title Authorization Bypass in Dell Unisphere for PowerMax vApp

Fri, 22 May 2026 15:45:00 +0000

Type Values Removed Values Added
Description Dell Unisphere for PowerMax vApp version prior to 10.0.0.2, contains an authorization bypass vulnerability in the  Unisphere for VMAX application running in vApp
Weaknesses CWE-285
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N'}

Subscriptions

Dell Unisphere 360 Unisphere For Powermax Unisphere For Powermax Virtual Appliance
cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-05-22T18:31:21.633Z

Reserved: 2022-06-23T18:55:17.081Z

Link: CVE-2022-34363

cve-icon Vulnrichment

Updated: 2026-05-22T18:31:18.451Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-22T18:00:12Z

Weaknesses