Impact
According to the updated description, Dell PowerFlex Manager prior to version 5.1.0.1 is vulnerable to an SQL injection flaw that occurs when special characters in SQL commands are not properly neutralised. A low‑privileged attacker with adjacent network access could exploit this flaw to execute malicious SQL statements, potentially leading to unauthorized data disclosure, data modification, or privilege escalation.
Affected Systems
Dell PowerFlex Manager, versions prior to 5.1.0.1, are affected by this SQL injection flaw.
Risk and Exploitability
The CVSS score of 5.7 indicates moderate severity, while the EPSS score of less than 1% reflects a very low probability of exploitation at present. The vulnerability is not mentioned in CISA’s KEV catalog, meaning no widespread exploitation is known. Attackers would need local network access to the management interface and only low‑level credentials to exploit the flaw.
OpenCVE Enrichment