CVE-2022-34397 - OpenCVE

Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 10.0.0.5 and below contains an authorization bypass vulnerability, allowing users to perform actions in which they are not authorized.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact High

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Dell	Evasa Provider Virtual Appliance Solutions Enabler Virtual Appliance Unisphere For Powermax Virtual Appliance

Configuration 1 [-]

OR	cpe:2.3:a:dell:evasa_provider_virtual_appliance::::::::
	cpe:2.3:a:dell:solutions_enabler_virtual_appliance::::::::
	cpe:2.3:a:dell:solutions_enabler_virtual_appliance:::::eem:::*
	cpe:2.3:a:dell:unisphere_for_powermax_virtual_appliance::::::::
	cpe:2.3:a:dell:unisphere_for_powermax_virtual_appliance:::::eem:::*

No data.

References

Link	Providers
https://www.dell.com/support/kbdoc/en-us/000207177/dsa-2022-340-dell-unisphere-for-powermax-dell-unisphere-for-powermax-vapp-dell-solutions-enabler-vapp-dell-unisphere-360-dell-vasa-provider-vapp-and-dell-powermax-emb-mgmt-security-update-for-multiple-vulnerabilities

History

No history.

MITRE

Status: PUBLISHED

Assigner: dell

Published: 2023-02-13T09:06:03.573Z

Updated: 2024-08-03T09:07:16.297Z

Reserved: 2022-06-23T18:55:17.096Z

Link: CVE-2022-34397

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-02-13T10:15:13.470

Modified: 2023-07-21T19:05:05.893

Link: CVE-2022-34397

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-34397", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "state": "PUBLISHED", "assignerShortName": "dell", "dateReserved": "2022-06-23T18:55:17.096Z", "datePublished": "2023-02-13T09:06:03.573Z", "dateUpdated": "2024-08-03T09:07:16.297Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Unisphere for PowerMax", "vendor": "Dell", "versions": [{"lessThan": "10.0.0.5", "status": "affected", "version": "0", "versionType": "custom"}]}], "datePublic": "2023-01-04T06:30:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 10.0.0.5 and below contains an authorization bypass vulnerability, allowing users to perform actions in which they are not authorized.</span>\n\n"}], "value": "\nDell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 10.0.0.5 and below contains an authorization bypass vulnerability, allowing users to perform actions in which they are not authorized.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-863", "description": "CWE-863: Incorrect Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2023-05-31T05:03:28.028Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000207177/dsa-2022-340-dell-unisphere-for-powermax-dell-unisphere-for-powermax-vapp-dell-solutions-enabler-vapp-dell-unisphere-360-dell-vasa-provider-vapp-and-dell-powermax-emb-mgmt-security-update-for-multiple-vulnerabilities"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T09:07:16.297Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.dell.com/support/kbdoc/en-us/000207177/dsa-2022-340-dell-unisphere-for-powermax-dell-unisphere-for-powermax-vapp-dell-solutions-enabler-vapp-dell-unisphere-360-dell-vasa-provider-vapp-and-dell-powermax-emb-mgmt-security-update-for-multiple-vulnerabilities"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dell:evasa_provider_virtual_appliance:*:*:*:*:*:*:*:*", "matchCriteriaId": "B4691FFF-9A8A-4C46-A1D7-DFD8F01C1569", "versionEndExcluding": "9.2.4.15", "vulnerable": true}, {"criteria": "cpe:2.3:a:dell:solutions_enabler_virtual_appliance:*:*:*:*:*:*:*:*", "matchCriteriaId": "0B8429AF-3AE4-4B5F-B5F8-79C6EAD7DC5A", "versionEndExcluding": "9.2.3.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:dell:solutions_enabler_virtual_appliance:*:*:*:*:eem:*:*:*", "matchCriteriaId": "B47DD3E9-CBEB-4625-975E-BD9A3817E9BE", "versionEndExcluding": "9.2.4.26", "vulnerable": true}, {"criteria": "cpe:2.3:a:dell:unisphere_for_powermax_virtual_appliance:*:*:*:*:*:*:*:*", "matchCriteriaId": "74DE8B9F-60D9-4597-A477-4F73501C8C35", "versionEndExcluding": "9.2.3.22", "vulnerable": true}, {"criteria": "cpe:2.3:a:dell:unisphere_for_powermax_virtual_appliance:*:*:*:*:eem:*:*:*", "matchCriteriaId": "F34932BB-8083-4380-B3DA-F5721B127F50", "versionEndExcluding": "9.2.4.26", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "\nDell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 10.0.0.5 and below contains an authorization bypass vulnerability, allowing users to perform actions in which they are not authorized.\n\n"}], "id": "CVE-2022-34397", "lastModified": "2023-07-21T19:05:05.893", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.7, "impactScore": 4.7, "source": "security_alert@emc.com", "type": "Secondary"}]}, "published": "2023-02-13T10:15:13.470", "references": [{"source": "security_alert@emc.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000207177/dsa-2022-340-dell-unisphere-for-powermax-dell-unisphere-for-powermax-vapp-dell-solutions-enabler-vapp-dell-unisphere-360-dell-vasa-provider-vapp-and-dell-powermax-emb-mgmt-security-update-for-multiple-vulnerabilities"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-863"}], "source": "security_alert@emc.com", "type": "Secondary"}]}