Description
Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Improper Access Control vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to denial of service.
Published: 2026-06-17
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Dell PowerFlex Manager contains an Improper Access Control weakness (CWE‑284). A low‑privileged attacker who obtains remote access to the management interface could exploit this flaw, causing the PowerFlex Manager to become unavailable to legitimate users.

Affected Systems

The vulnerability affects Dell PowerFlex Manager. Versions prior to 5.1.0.1 are impacted, as the description indicates.

Risk and Exploitability

The CVSS score of 4.3 indicates low overall severity, and the EPSS score of < 1 % reflects a very low probability of exploitation. The vulnerability is not catalogued in CISA’s KEV list. Based on the description, it is inferred that the attack vector requires remote access to the PowerFlex Manager, likely via its management API or console. With the low privileges required, successful exploitation would lead to a denial of service of the management service, limiting operational availability of the underlying storage system.

Generated by OpenCVE AI on June 25, 2026 at 17:09 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Dell PowerFlex security update for versions prior to 5.1.0.1 as recommended by Dell's support site.
  • Limit remote management access to trusted networks and enforce strong authentication on the PowerFlex Manager interface.
  • Monitor the PowerFlex Manager service for unresponsive behavior and review logs for denied access attempts.

Generated by OpenCVE AI on June 25, 2026 at 17:09 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 26 Jun 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Dell
Dell powerflex
Vendors & Products Dell
Dell powerflex

Thu, 25 Jun 2026 17:30:00 +0000

Type Values Removed Values Added
Title Improper Access Control in Dell PowerFlex Manager Allows Remote Denial of Service

Thu, 25 Jun 2026 14:00:00 +0000

Type Values Removed Values Added
Description Dell PowerFlex Manager, version(s) [Versions], contain(s) an Improper Access Control vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to denial of service. Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Improper Access Control vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to denial of service.

Thu, 18 Jun 2026 19:45:00 +0000

Type Values Removed Values Added
Title Improper Access Control in Dell PowerFlex Manager Allows Remote Denial of Service

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Description Dell PowerFlex Manager, version(s) [Versions], contain(s) an Improper Access Control vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to denial of service.
Weaknesses CWE-284
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-06-25T13:01:49.812Z

Reserved: 2026-04-01T17:04:27.475Z

Link: CVE-2026-35162

cve-icon Vulnrichment

Updated: 2026-06-17T15:41:42.573Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T09:41:01Z

Weaknesses