Impact
Dell PowerFlex Manager versions prior to 5.1.0.1 contain an inclusion of functionality from an untrusted control sphere that allows an unauthenticated attacker with remote access to potentially disclose information. This flaw is classified as CWE-829 and represents a data‑related weakness that can compromise confidentiality by leaking data from the system.
Affected Systems
The affected system is Dell PowerFlex Manager, specifically all releases before version 5.1.0.1, running on Dell PowerFlex infrastructure; devices operating these management components are vulnerable.
Risk and Exploitability
The CVSS score of 7.5 reflects a high impact, while the EPSS score of less than one percent indicates a very low probability of exploitation currently; Dell has not listed this vulnerability in the CISA KEV catalog; exploitation would require remote, unauthenticated access to the manager’s control sphere, and the attacker could send specially crafted requests to trigger the vulnerability and extract data.
OpenCVE Enrichment