Impact
The vulnerability is a Host Header Injection in Dell PowerFlex Manager in versions prior to 5.1.0.1 that allows an unauthenticated remote attacker to send a malicious Host header and trigger HTTP redirects to arbitrary URLs. This flaw can cause users to be redirected to attacker‑controlled sites. The flaw does not enable execution, data disclosure, or other direct impacts beyond the redirect effect.
Affected Systems
Dell PowerFlex Manager, versions prior to 5.1.0.1, is affected.
Risk and Exploitability
The CVSS score of 4.3 indicates moderate risk, while the EPSS of less than 1% suggests low exploitation probability. The issue is not listed in the CISA KEV catalog. Attack vector is remote and unauthenticated, requiring network access to the PowerFlex Manager interface. Exploitation would involve crafting an HTTP request with a malicious Host header to force the system to redirect users to malicious destinations.
OpenCVE Enrichment