DSA-2022-340: Dell Unisphere for PowerMax, Dell Unisphere for PowerMax vApp, Dell Solutions Enabler vApp, Dell Unisphere 360, Dell VASA Provider vApp, and Dell PowerMax EMB Mgmt Security Update for Multiple Vulnerabilities
Summary: Dell Unisphere for PowerMax, Dell Unisphere for PowerMax Virtual Appliance, Dell Solutions Enabler, Dell Solutions Enabler Virtual Appliance, Dell Unisphere 360, Dell VASA Provider Virtual Appliance, and Dell PowerMax Embedded Management remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system. ...
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Impact
High
Details
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String | |
| CVE-2022-45104 | Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solutions Enabler vApp version 9.2.3.x contains an Improper Input Validation in vApp Manager’s Download Logs feature. A low privileged remote attacker may potentially exploit this vulnerability, leading to obtaining Remote Code Execution on the underlying system. | 8.0 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H | |
| CVE-2022-34397 | Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solutions Enabler vApp version 10.0.0.2 and earlier contains an authorization bypass vulnerability, allowing users to perform actions for which they are not authorized. | 6.9 | CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N | |
| CVE-2022-45103 | Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solutions Enabler vApp version 9.2.3.x contains an Improper Input Validation in vApp Manager’s Download Logs feature. A low privileged remote attacker may potentially exploit this vulnerability, leading to an authenticated user to read arbitrary files on the underlying file system. | 5.7 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N | |
| CVE-2022-34363 | Dell Unisphere for PowerMax vApp version prior to 10.0.0.2, contains an authorization bypass vulnerability in the Unisphere for VMAX application running in vApp | 6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
| Third-party Component | CVEs | More information |
| Apache Commons Text | CVE-2022-42889 | https://nvd.nist.gov/vuln/detail/CVE-2022-42889  |
| Apache Commons Configuration | CVE-2022-33980 | https://nvd.nist.gov/vuln/detail/CVE-2022-33980 |
| Oxygen XML WebHelp | CVE-2021-46827 | https://nvd.nist.gov/vuln/detail/CVE-2021-46827 |
| SLES 12 SP5 (9.2.3) | ||
| SLES 15 SP3 | See SUSE Update Advisories. | |
| Oracle | CVE-2022-32215, CVE-2022-21634, CVE-2022-21597, CVE-2022-21628, CVE-2022-21626, CVE-2022-21618, CVE-2022-39399, CVE-2022-21624, CVE-2022-21619 |
See NVD (http://nvd.nist.gov/ ) for individual scores for each CVE. |
| Windows 10 | CVE-2022-38041, CVE-2022-38040, CVE-2022-38045, CVE-2022-37995, CVE-2022-38022, CVE-2022-38028, CVE-2022 34689, CVE-2022-38026, CVE-2022-37986, CVE-2022-33645, CVE-2022-30198, CVE-2022-38043, CVE-2022-37987, CVE-2022-38021, CVE-2022-37984, CVE-2022-33635, CVE-2022-33634, CVE-2022-35770, CVE-2022-37975, CVE-2022-37994, CVE-2022-37965, CVE-2022-24504, CVE-2022-37997, CVE-2022-38042, CVE-2022-37993, CVE-2022-37991, CVE-2022-37990, CVE-2022-38038, CVE-2022-37989, CVE-2022-38037, CVE-2022-37988, CVE-2022-38033, CVE-2022-38032, CVE-2022-38031, CVE-2022-37982, CVE-2022-38029, CVE-2022-37977, CVE-2022-38034, CVE-2022-37978, CVE-2022-37970, CVE-2022-37983, CVE-2022-38016, CVE-2022-38030, CVE-2022-38039, CVE-2022-41081, CVE-2022-41033, CVE-2022-37981, CVE-2022-38003, CVE-2022-38051, CVE-2022-38050, CVE-2022-38000, CVE-2022-37996, CVE-2022-38027, CVE-2022-38044, CVE-2022-37999, CVE-2022-38047, CVE-2022-35803, CVE-2022-38006, CVE-2022-37958, CVE-2022-38005, CVE-2022-37957, CVE-2022-38004, CVE-2022-37956, CVE-2022-37955, CVE-2022-37954, CVE-2022-34734, CVE-2022-34733, CVE-2022-34732, CVE-2022-34731, CVE-2022-34730, CVE-2022-34729, CVE-2022-34728, CVE-2022-34727, CVE-2022-34726, CVE-2022-34725, CVE-2022-34722, CVE-2022-34721, CVE-2022-34720, CVE-2022-34719, CVE-2022-34718, CVE-2022-35841, CVE-2022-35840, CVE-2022-35837, CVE-2022-35836, CVE-2022-35835, CVE-2022-35834, CVE-2022-35833, CVE-2022-35832, CVE-2022-35831, CVE-2022-30200, CVE-2022-30196, CVE-2022-30170, CVE-2022-26928, CVE-2022-37969, CVE-2022-35822, CVE-2022-34711, CVE-2022-35771, CVE-2022-35794, CVE-2022-35766, CVE-2022-35765, CVE-2022-35764, CVE-2022-35760, CVE-2022-35754, CVE-2022-35820, CVE-2022-35768, CVE-2022-35767, CVE-2022-35769, CVE-2022-33670, CVE-2022-35793, CVE-2022-35757, CVE-2022-35797, CVE-2022-35763, CVE-2022-34703, CVE-2022-35795, CVE-2022-35792, CVE-2022-35762, CVE-2022-35761, CVE-2022-35759, CVE-2022-35758, CVE-2022-35756, CVE-2022-35755, CVE-2022-35753, CVE-2022-35752, CVE-2022-35750, CVE-2022-35749, CVE-2022-35747, CVE-2022-35746, CVE-2022-35745, CVE-2022-35744, CVE-2022-35743, CVE-2022-34714, CVE-2022-34713, CVE-2022-34710, CVE-2022-34709, CVE-2022-34708, CVE-2022-34707, CVE-2022-34706, CVE-2022-34705, CVE-2022-34704, CVE-2022-34702, CVE-2022-34701, CVE-2022-34699, CVE-2022-34691, CVE-2022-34690, CVE-2022-34302, CVE-2022-30194, CVE-2022-30144, CVE-2022-30133, CVE-2022-30197, CVE-2022-34301, CVE-2022-34303, CVE-2022-22035, CVE-2022-37985 |
See NVD (http://nvd.nist.gov/ ) for individual scores for each CVE. |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String | |
| CVE-2022-45104 | Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solutions Enabler vApp version 9.2.3.x contains an Improper Input Validation in vApp Manager’s Download Logs feature. A low privileged remote attacker may potentially exploit this vulnerability, leading to obtaining Remote Code Execution on the underlying system. | 8.0 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H | |
| CVE-2022-34397 | Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solutions Enabler vApp version 10.0.0.2 and earlier contains an authorization bypass vulnerability, allowing users to perform actions for which they are not authorized. | 6.9 | CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N | |
| CVE-2022-45103 | Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solutions Enabler vApp version 9.2.3.x contains an Improper Input Validation in vApp Manager’s Download Logs feature. A low privileged remote attacker may potentially exploit this vulnerability, leading to an authenticated user to read arbitrary files on the underlying file system. | 5.7 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N | |
| CVE-2022-34363 | Dell Unisphere for PowerMax vApp version prior to 10.0.0.2, contains an authorization bypass vulnerability in the Unisphere for VMAX application running in vApp | 6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
| Third-party Component | CVEs | More information |
| Apache Commons Text | CVE-2022-42889 | https://nvd.nist.gov/vuln/detail/CVE-2022-42889 |
| Apache Commons Configuration | CVE-2022-33980 | https://nvd.nist.gov/vuln/detail/CVE-2022-33980 |
| Oxygen XML WebHelp | CVE-2021-46827 | https://nvd.nist.gov/vuln/detail/CVE-2021-46827 |
| SLES 12 SP5 (9.2.3) | ||
| SLES 15 SP3 | See SUSE Update Advisories. | |
| Oracle | CVE-2022-32215, CVE-2022-21634, CVE-2022-21597, CVE-2022-21628, CVE-2022-21626, CVE-2022-21618, CVE-2022-39399, CVE-2022-21624, CVE-2022-21619 |
See NVD (http://nvd.nist.gov/ ) for individual scores for each CVE. |
| Windows 10 | CVE-2022-38041, CVE-2022-38040, CVE-2022-38045, CVE-2022-37995, CVE-2022-38022, CVE-2022-38028, CVE-2022 34689, CVE-2022-38026, CVE-2022-37986, CVE-2022-33645, CVE-2022-30198, CVE-2022-38043, CVE-2022-37987, CVE-2022-38021, CVE-2022-37984, CVE-2022-33635, CVE-2022-33634, CVE-2022-35770, CVE-2022-37975, CVE-2022-37994, CVE-2022-37965, CVE-2022-24504, CVE-2022-37997, CVE-2022-38042, CVE-2022-37993, CVE-2022-37991, CVE-2022-37990, CVE-2022-38038, CVE-2022-37989, CVE-2022-38037, CVE-2022-37988, CVE-2022-38033, CVE-2022-38032, CVE-2022-38031, CVE-2022-37982, CVE-2022-38029, CVE-2022-37977, CVE-2022-38034, CVE-2022-37978, CVE-2022-37970, CVE-2022-37983, CVE-2022-38016, CVE-2022-38030, CVE-2022-38039, CVE-2022-41081, CVE-2022-41033, CVE-2022-37981, CVE-2022-38003, CVE-2022-38051, CVE-2022-38050, CVE-2022-38000, CVE-2022-37996, CVE-2022-38027, CVE-2022-38044, CVE-2022-37999, CVE-2022-38047, CVE-2022-35803, CVE-2022-38006, CVE-2022-37958, CVE-2022-38005, CVE-2022-37957, CVE-2022-38004, CVE-2022-37956, CVE-2022-37955, CVE-2022-37954, CVE-2022-34734, CVE-2022-34733, CVE-2022-34732, CVE-2022-34731, CVE-2022-34730, CVE-2022-34729, CVE-2022-34728, CVE-2022-34727, CVE-2022-34726, CVE-2022-34725, CVE-2022-34722, CVE-2022-34721, CVE-2022-34720, CVE-2022-34719, CVE-2022-34718, CVE-2022-35841, CVE-2022-35840, CVE-2022-35837, CVE-2022-35836, CVE-2022-35835, CVE-2022-35834, CVE-2022-35833, CVE-2022-35832, CVE-2022-35831, CVE-2022-30200, CVE-2022-30196, CVE-2022-30170, CVE-2022-26928, CVE-2022-37969, CVE-2022-35822, CVE-2022-34711, CVE-2022-35771, CVE-2022-35794, CVE-2022-35766, CVE-2022-35765, CVE-2022-35764, CVE-2022-35760, CVE-2022-35754, CVE-2022-35820, CVE-2022-35768, CVE-2022-35767, CVE-2022-35769, CVE-2022-33670, CVE-2022-35793, CVE-2022-35757, CVE-2022-35797, CVE-2022-35763, CVE-2022-34703, CVE-2022-35795, CVE-2022-35792, CVE-2022-35762, CVE-2022-35761, CVE-2022-35759, CVE-2022-35758, CVE-2022-35756, CVE-2022-35755, CVE-2022-35753, CVE-2022-35752, CVE-2022-35750, CVE-2022-35749, CVE-2022-35747, CVE-2022-35746, CVE-2022-35745, CVE-2022-35744, CVE-2022-35743, CVE-2022-34714, CVE-2022-34713, CVE-2022-34710, CVE-2022-34709, CVE-2022-34708, CVE-2022-34707, CVE-2022-34706, CVE-2022-34705, CVE-2022-34704, CVE-2022-34702, CVE-2022-34701, CVE-2022-34699, CVE-2022-34691, CVE-2022-34690, CVE-2022-34302, CVE-2022-30194, CVE-2022-30144, CVE-2022-30133, CVE-2022-30197, CVE-2022-34301, CVE-2022-34303, CVE-2022-22035, CVE-2022-37985 |
See NVD (http://nvd.nist.gov/ ) for individual scores for each CVE. |
Affected Products & Remediation
| Product | Affected Versions | Updated Versions | Link to Update |
| Unisphere for PowerMax | Versions before 10.0.0.5 | 10.0.0.5 EEM: 10.0.0.968 |
https://www.dell.com/support/home/en-us/product-support/product/unisphere-powermax/drivers |
| Unisphere for PowerMax | Versions before 9.2.3.22 | 9.2.3.22 EEM: 9.2.4.26 |
https://www.dell.com/support/home/en-us/product-support/product/unisphere-powermax/drivers |
| Unisphere for PowerMax Virtual Appliance | Versions before 9.2.3.22 | 9.2.3.22 EEM: 9.2.4.26 |
https://www.dell.com/support/home/en-us/product-support/product/unisphere-powermax/drivers |
| Unisphere 360 | Versions before 9.2.3.12 | 9.2.3.12 | https://www.dell.com/support/home/en-us/product-support/product/unisphere-360/drivers |
| Solutions Enabler | Versions before 10.0.0.5 | 10.0.0.5 EEM: 10.0.0.968 |
https://www.dell.com/support/home/en-us/product-support/product/solutions-enabler/drivers |
| Solutions Enabler | Versions before 9.2.3.6 | 9.2.3.6 EEM: 9.2.4.26 |
https://www.dell.com/support/home/en-us/product-support/product/solutions-enabler/drivers |
| Solutions Enabler Virtual Appliance | Versions before 9.2.3.6 | 9.2.3.6 EEM: 9.2.4.26 |
https://www.dell.com/support/home/en-us/product-support/product/solutions-enabler/drivers |
| eVASA Provider Virtual Appliance | Versions before 9.2.4.15 | 9.2.4.15 |
https://www.dell.com/support/home/en-us/product-support/product/vasa-provider/drivers |
| VASA Provider Standalone | Versions before 9.2.4.22 | 9.2.4.22 |
https://www.dell.com/support/home/en-us/product-support/product/vasa-provider/drivers |
| PowerMaxOS | versions before 10.0.0.2 patch 9824 | version 10.0.0.2 patch 9824 or later | Request DSA-2022-340 |
| PowerMaxOS | 5978.711.711 patch 9823 | 5978.711.711 patch 9823 | Request DSA-2022-340 |
| Product | Affected Versions | Updated Versions | Link to Update |
| Unisphere for PowerMax | Versions before 10.0.0.5 | 10.0.0.5 EEM: 10.0.0.968 |
https://www.dell.com/support/home/en-us/product-support/product/unisphere-powermax/drivers |
| Unisphere for PowerMax | Versions before 9.2.3.22 | 9.2.3.22 EEM: 9.2.4.26 |
https://www.dell.com/support/home/en-us/product-support/product/unisphere-powermax/drivers |
| Unisphere for PowerMax Virtual Appliance | Versions before 9.2.3.22 | 9.2.3.22 EEM: 9.2.4.26 |
https://www.dell.com/support/home/en-us/product-support/product/unisphere-powermax/drivers |
| Unisphere 360 | Versions before 9.2.3.12 | 9.2.3.12 | https://www.dell.com/support/home/en-us/product-support/product/unisphere-360/drivers |
| Solutions Enabler | Versions before 10.0.0.5 | 10.0.0.5 EEM: 10.0.0.968 |
https://www.dell.com/support/home/en-us/product-support/product/solutions-enabler/drivers |
| Solutions Enabler | Versions before 9.2.3.6 | 9.2.3.6 EEM: 9.2.4.26 |
https://www.dell.com/support/home/en-us/product-support/product/solutions-enabler/drivers |
| Solutions Enabler Virtual Appliance | Versions before 9.2.3.6 | 9.2.3.6 EEM: 9.2.4.26 |
https://www.dell.com/support/home/en-us/product-support/product/solutions-enabler/drivers |
| eVASA Provider Virtual Appliance | Versions before 9.2.4.15 | 9.2.4.15 |
https://www.dell.com/support/home/en-us/product-support/product/vasa-provider/drivers |
| VASA Provider Standalone | Versions before 9.2.4.22 | 9.2.4.22 |
https://www.dell.com/support/home/en-us/product-support/product/vasa-provider/drivers |
| PowerMaxOS | versions before 10.0.0.2 patch 9824 | version 10.0.0.2 patch 9824 or later | Request DSA-2022-340 |
| PowerMaxOS | 5978.711.711 patch 9823 | 5978.711.711 patch 9823 | Request DSA-2022-340 |
Revision History
| Revision | Date | Description |
| 1.0 | 2023-01-04 | Initial Version |
| 2.0 | 2023-01-10 | Minor Update to Acknowledgements |
| 3.0 | 2023-03-02 | Update Proprietary Code CVE |
| 4.0 | 2023-12-01 | formatting changes with content update. |
| 5.0 | 2024-09-11 | refining the details of version impacted/remediated |
Acknowledgements
CVE-2022-45103, CVE-2022-45104: Dell Technologies would like to thank Antoine Carrincazeaux of Synacktiv for reporting these issues.
CVE-2022-34363: Dell Technologies would like to thank Cristian Mocanu at Deloitte for reporting this issue.
CVE-2022-34397: Dell Technologies would like to thank Mateusz Dabrowski for reporting this issue.
Related Information
Legal Disclaimer
Affected Products
PowerMax, PowerMax, PowerMax 2000, PowerMax 2500, PowerMax 8000, PowerMax 8500, PowerMax Engine, PowerMaxOS 10, PowerMaxOS 5978, Product Security Information, Unisphere for PowerMaxArticle Properties
Article Number: 000207177
Article Type: Dell Security Advisory
Last Modified: 11 Sep 2024
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.