| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2022-26856 |
522 |
|
|
2022-04-21 |
2022-05-03 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Dell EMC Repository Manager version 3.4.0 contains a plain-text password storage vulnerability. A local attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application's database with privileges of the compromised account. |
|
2 |
CVE-2022-26855 |
276 |
|
DoS |
2022-04-08 |
2022-04-14 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Dell PowerScale OneFS, versions 8.2.x-9.3.0.x, contains an incorrect default permissions vulnerability. A local malicious user could potentially exploit this vulnerability, leading to a denial of service. |
|
3 |
CVE-2022-24413 |
367 |
|
|
2022-04-12 |
2022-04-20 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
|
Dell PowerScale OneFS, versions 8.2.2-9.3.x, contain a time-of-check-to-time-of-use vulnerability. A local user with access to the filesystem could potentially exploit this vulnerability, leading to data loss. |
|
4 |
CVE-2022-23163 |
668 |
|
DoS |
2022-04-12 |
2022-04-20 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Dell PowerScale OneFS, 8.2,x, 9.1.0.x, 9.2.1.x, and 9.3.0.x contain a denial of service vulnerability. A local malicious user could potentially exploit this vulnerability, leading to denial of service/data unavailability. |
|
5 |
CVE-2022-23158 |
200 |
|
+Info |
2022-04-01 |
2022-04-08 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Wyse Device Agent version 14.6.1.4 and below contain a sensitive data exposure vulnerability. A local authenticated user with standard privilege could potentially exploit this vulnerability and provide incorrect port information and get connected to valid WMS server |
|
6 |
CVE-2022-23157 |
200 |
|
+Info |
2022-04-01 |
2022-04-08 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Wyse Device Agent version 14.6.1.4 and below contain a sensitive data exposure vulnerability. A authenticated malicious user could potentially exploit this vulnerability in order to view sensitive information from the WMS Server. |
|
7 |
CVE-2022-22563 |
|
|
|
2022-04-08 |
2022-04-14 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
Dell EMC Powerscale OneFS 8.2.x - 9.2.x omit security-relevant information in /etc/master.passwd. A high-privileged user can exploit this vulnerability to not record information identifying the source of account information changes. |
|
8 |
CVE-2022-22554 |
522 |
|
|
2022-01-24 |
2022-01-28 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Dell EMC System Update, version 1.9.2 and prior, contain an Unprotected Storage of Credentials vulnerability. A local attacker with user privleges could potentially exploit this vulnerability leading to the disclosure of user passwords. |
|
9 |
CVE-2021-43590 |
312 |
|
|
2022-03-04 |
2022-03-12 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
Dell EMC Enterprise Storage Analytics for vRealize Operations, versions 4.0.1 to 6.2.1, contain a Plain-text password storage vulnerability. A local high privileged malicious user may potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. |
|
10 |
CVE-2021-36341 |
200 |
|
+Info |
2021-12-21 |
2021-12-27 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Dell Wyse Device Agent version 14.5.4.1 and below contain a sensitive data exposure vulnerability. A local authenticated user with low privileges could potentially exploit this vulnerability in order to access sensitive information. |
|
11 |
CVE-2021-36340 |
532 |
|
|
2021-11-20 |
2021-11-23 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Dell EMC SCG 5.00.00.10 and earlier, contain a sensitive information disclosure vulnerability. A local malicious user may exploit this vulnerability to read sensitive information and use it. |
|
12 |
CVE-2021-36333 |
120 |
|
Overflow |
2021-11-23 |
2021-11-27 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Dell EMC CloudLink 7.1 and all prior versions contain a Buffer Overflow Vulnerability. A local low privileged attacker, may potentially exploit this vulnerability, leading to an application crash. |
|
13 |
CVE-2021-36319 |
668 |
|
+Priv |
2021-11-20 |
2021-11-23 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Dell Networking OS10 versions 10.4.3.x, 10.5.0.x and 10.5.1.x contain an information exposure vulnerability. A low privileged authenticated malicious user can gain access to SNMP authentication failure messages. |
|
14 |
CVE-2021-36317 |
256 |
|
|
2021-12-21 |
2022-01-05 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Dell EMC Avamar Server version 19.4 contains a plain-text password storage vulnerability in AvInstaller. A local attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. |
|
15 |
CVE-2021-36286 |
22 |
|
Dir. Trav. |
2021-09-28 |
2021-10-01 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
Dell SupportAssist Client Consumer versions 3.9.13.0 and any versions prior to 3.9.13.0 contain an arbitrary file deletion vulnerability that can be exploited by using the Windows feature of NTFS called Symbolic links. Symbolic links can be created by any(non-privileged) user under some object directories, but by themselves are not sufficient to successfully escalate privileges. However, combining them with a different object, such as the NTFS junction point allows for the exploitation. Support assist clean files functionality do not distinguish junction points from the physical folder and proceeds to clean the target of the junction that allows nonprivileged users to create junction points and delete arbitrary files on the system which can be accessed only by the admin. |
|
16 |
CVE-2021-36282 |
908 |
|
+Priv |
2021-08-16 |
2022-05-03 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Dell EMC PowerScale OneFS versions 8.2.x - 9.1.0.x contain a use of uninitialized resource vulnerability. This can potentially allow an authenticated user with ISI_PRIV_LOGIN_CONSOLE or ISI_PRIV_LOGIN_SSH privileges to gain access up to 24 bytes of data within the /ifs kernel stack under certain conditions. |
|
17 |
CVE-2021-36280 |
732 |
|
|
2021-08-16 |
2021-08-25 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment for critical resource vulnerability. This could allow a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to access privileged information about the cluster. |
|
18 |
CVE-2021-36278 |
532 |
|
|
2021-08-16 |
2022-05-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Dell EMC PowerScale OneFS versions 8.2.x, 9.1.0.x, and 9.1.1.1 contain a sensitive information exposure vulnerability in log files. A local malicious user with ISI_PRIV_LOGIN_SSH, ISI_PRIV_LOGIN_CONSOLE, or ISI_PRIV_SYS_SUPPORT privileges may exploit this vulnerability to access sensitive information. If any third-party consumes those logs, the same sensitive information is available to those systems as well. |
|
19 |
CVE-2021-21601 |
532 |
|
|
2021-08-10 |
2021-08-18 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Dell EMC Data Protection Search, 19.4 and prior, and IDPA, 2.6.1 and prior, contain an Information Exposure in Log File Vulnerability in CIS. A local low privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with the privileges of the compromised account. |
|
20 |
CVE-2021-21587 |
200 |
|
+Info |
2021-07-15 |
2021-07-31 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Dell Wyse Management Suite versions 3.2 and earlier contain a full path disclosure vulnerability. A local unauthenticated attacker could exploit this vulnerability in order to obtain the path of files and folders. |
|
21 |
CVE-2021-21562 |
426 |
|
|
2021-08-03 |
2021-08-11 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
Dell EMC PowerScale OneFS contains an untrusted search path vulnerability. This vulnerability allows a user with (ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE) and (ISI_PRIV_SYS_UPGRADE or ISI_PRIV_AUDIT) to provide an untrusted path which can lead to run resources that are not under the application’s direct control. |
|
22 |
CVE-2021-21561 |
532 |
|
+Priv |
2021-11-23 |
2021-11-27 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Dell PowerScale OneFS version 8.1.2 contains a sensitive information exposure vulnerability. This would allow a malicious user with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE privileges to gain access to sensitive information in the log files. |
|
23 |
CVE-2021-21559 |
295 |
|
|
2021-06-08 |
2021-06-16 |
2.9 |
None |
Local Network |
Medium |
Not required |
None |
Partial |
None |
|
Dell EMC NetWorker, versions 18.x, 19.1.x, 19.2.x 19.3.x, 19.4, and 19.4.0.1 contain an Improper Certificate Validation vulnerability in the client (NetWorker Management Console) components which uses SSL encrypted connection in order to communicate with the application server. An unauthenticated attacker in the same network collision domain as the NetWorker Management Console client could potentially exploit this vulnerability to perform man-in-the-middle attacks to intercept and tamper the traffic between the client and the application server. |
|
24 |
CVE-2021-21558 |
532 |
|
|
2021-06-08 |
2021-06-16 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Dell EMC NetWorker, 18.x, 19.1.x, 19.2.x 19.3.x, 19.4 and 19.4.0.1, contains an Information Disclosure vulnerability. A local administrator of the gstd system may potentially exploit this vulnerability to read LDAP credentials from local logs and use the stolen credentials to make changes to the network domain. |
|
25 |
CVE-2021-21547 |
312 |
|
+Priv |
2021-04-30 |
2021-05-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Dell EMC Unity, UnityVSA, and Unity XT versions prior to 5.0.7.0.5.008 contain a plain-text password storage vulnerability when the Dell Upgrade Readiness Utility is run on the system. The credentials of the Unisphere Administrator are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user. |
|
26 |
CVE-2021-21546 |
532 |
|
|
2021-07-29 |
2021-08-05 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Dell EMC NetWorker versions 18.x,19.x prior to 19.3.0.4 and 19.4.0.0 contain an Information Disclosure in Log Files vulnerability. A local low-privileged user of the Networker server could potentially exploit this vulnerability to read plain-text credentials from server log files. |
|
27 |
CVE-2021-21543 |
79 |
|
Exec Code XSS |
2021-04-30 |
2021-05-10 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Dell EMC iDRAC9 versions prior to 4.40.00.00 contain multiple stored cross-site scripting vulnerabilities. A remote authenticated malicious user with high privileges could potentially exploit these vulnerabilities to store malicious HTML or JavaScript code through multiple affected parameters. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. |
|
28 |
CVE-2021-21542 |
79 |
|
Exec Code XSS |
2021-04-30 |
2021-05-10 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Dell EMC iDRAC9 versions prior to 4.40.10.00 contain multiple stored cross-site scripting vulnerabilities. A remote authenticated malicious user with high privileges could potentially exploit these vulnerabilities to store malicious HTML or JavaScript code through multiple affected while generating a certificate. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. |
|
29 |
CVE-2021-21515 |
79 |
|
XSS |
2021-03-01 |
2021-03-08 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Dell EMC SourceOne, versions 7.2SP10 and prior, contain a Stored Cross-Site Scripting vulnerability. A remote low privileged attacker may potentially exploit this vulnerability, to hijack user sessions or to trick a victim application user to unknowingly send arbitrary requests to the server. |
|
30 |
CVE-2021-21512 |
200 |
|
+Info |
2021-02-19 |
2021-02-25 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
Dell EMC PowerProtect Cyber Recovery, version 19.7.0.1, contains an Information Disclosure vulnerability. A locally authenticated high privileged Cyber Recovery user may potentially exploit this vulnerability leading to the takeover of the notification email account. |
|
31 |
CVE-2020-35170 |
79 |
|
XSS |
2021-01-05 |
2021-01-08 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Dell EMC Unisphere for PowerMax versions prior to 9.1.0.9, Dell EMC Unisphere for PowerMax versions prior to 9.0.2.16, and Dell EMC PowerMax OS 5978.221.221 and 5978.479.479 contain a Cross-Site Scripting (XSS) vulnerability. An authenticated malicious user may potentially exploit this vulnerability to inject javascript code and affect other authenticated users’ sessions. |
|
32 |
CVE-2020-29503 |
276 |
|
|
2021-07-19 |
2021-08-02 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Dell EMC PowerStore versions prior to 1.0.3.0.5.xxx contain a file permission Vulnerability. A locally authenticated attacker could potentially exploit this vulnerability, leading to the information disclosure of certain system directory. |
|
33 |
CVE-2020-29497 |
79 |
|
Exec Code XSS |
2021-01-04 |
2021-01-06 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Dell Wyse Management Suite versions prior to 3.1 contain a stored cross-site scripting vulnerability. A remote authenticated malicious user with low privileges could exploit this vulnerability to store malicious HTML or JavaScript code under the device tag. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. |
|
34 |
CVE-2020-29496 |
79 |
|
Exec Code XSS |
2021-01-04 |
2021-01-06 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Dell Wyse Management Suite versions prior to 3.1 contain a stored cross-site scripting vulnerability. A remote authenticated malicious user with high privileges could exploit this vulnerability to store malicious HTML or JavaScript code while creating the Enduser. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. |
|
35 |
CVE-2020-26199 |
532 |
|
+Priv |
2021-01-05 |
2021-01-08 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contain a plain-text password storage vulnerability. A user credentials (including the Unisphere admin privilege user) password is stored in a plain text in multiple log files. A local authenticated attacker with access to the log files may use the exposed password to gain access with the privileges of the compromised user. |
|
36 |
CVE-2020-26196 |
732 |
|
|
2021-02-09 |
2021-02-12 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
Dell EMC PowerScale OneFS versions 8.1.0-9.1.0 contain a Backup/Restore Privilege implementation issue. A user with the BackupAdmin role may potentially exploit this vulnerability resulting in the ability to write data outside of the intended file system location. |
|
37 |
CVE-2020-5317 |
79 |
|
Exec Code XSS |
2020-02-06 |
2020-02-12 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Dell EMC ECS versions prior to 3.4.0.1 contain an XSS vulnerability. A remote authenticated malicious user could exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. |
|
38 |
CVE-2020-5315 |
522 |
|
|
2021-07-19 |
2021-08-02 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Dell EMC Repository Manager (DRM) version 3.2 contains a plain-text password storage vulnerability. Proxy server user password is stored in a plain text in a local database. A local authenticated malicious user with access to the local file system may use the exposed password to access the with privileges of the compromised user. |
|
39 |
CVE-2019-19620 |
281 |
|
Bypass |
2019-12-06 |
2019-12-17 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
In SecureWorks Red Cloak Windows Agent before 2.0.7.9, a local user can bypass the generation of telemetry alerts by removing NT AUTHORITY\SYSTEM permissions from a file. This is limited in scope to the collection of process-execution telemetry, for executions against specific files where the SYSTEM user was denied access to the source file. |
|
40 |
CVE-2019-18588 |
79 |
|
XSS |
2020-01-10 |
2020-01-22 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Dell EMC Unisphere for PowerMax versions prior to 9.1.0.9, Dell EMC Unisphere for PowerMax versions prior to 9.0.2.16, and Dell EMC PowerMax OS 5978.221.221 and 5978.479.479 contain a Cross-Site Scripting (XSS) vulnerability. An authenticated malicious user may potentially exploit this vulnerability to inject javascript code and affect other authenticated users' sessions. |
|
41 |
CVE-2019-18576 |
532 |
|
+Priv |
2020-03-13 |
2020-03-18 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Dell EMC XtremIO XMS versions prior to 6.3.0 contain an information disclosure vulnerability where OS users’ passwords are logged in local files. Malicious local users with access to the log files may use the exposed passwords to gain access to XtremIO with the privileges of the compromised user. |
|
42 |
CVE-2019-18571 |
79 |
|
Exec Code XSS |
2019-12-18 |
2020-08-31 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.1 P03 contain a reflected cross-site scripting vulnerability in the My Access Live module [MAL]. An authenticated malicious local user could potentially exploit this vulnerability by sending crafted URL with scripts. When victim users access the module through their browsers, the malicious code gets injected and executed by the web browser in the context of the vulnerable web application. |
|
43 |
CVE-2019-3770 |
79 |
|
Exec Code XSS |
2020-03-13 |
2020-03-18 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Dell Wyse Management Suite versions prior to 1.4.1 contain a stored cross-site scripting vulnerability when unregistering a device. A remote authenticated malicious user with low privileges could exploit this vulnerability to store malicious HTML or JavaScript code. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. |
|
44 |
CVE-2019-3769 |
79 |
|
Exec Code XSS |
2020-03-13 |
2020-03-18 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Dell Wyse Management Suite versions prior to 1.4.1 contain a stored cross-site scripting vulnerability. A remote authenticated malicious user with low privileges could exploit this vulnerability to store malicious payload in the device heartbeat request. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. |
|
45 |
CVE-2019-3767 |
312 |
|
|
2019-10-14 |
2020-10-16 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Dell ImageAssist versions prior to 8.7.15 contain an information disclosure vulnerability. Dell ImageAssist stores some sensitive encrypted information in the images it creates. A privileged user of a system running an operating system that was deployed with Dell ImageAssist could potentially retrieve this sensitive information to then compromise the system and related systems. |
|
46 |
CVE-2019-3763 |
532 |
|
+Info |
2019-09-11 |
2020-10-16 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain an information exposure vulnerability. The Office 365 user password may get logged in a plain text format in the Office 365 connector debug log file. An authenticated malicious local user with access to the debug logs may obtain the exposed password to use in further attacks. |
|
47 |
CVE-2019-3761 |
79 |
|
Exec Code XSS |
2019-09-11 |
2020-08-31 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain a stored cross-site scripting vulnerability in the Access Request module. A remote authenticated malicious user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the stored malicious code would gets executed by the web browser in the context of the vulnerable web application. |
|
48 |
CVE-2019-3750 |
59 |
|
|
2019-12-03 |
2019-12-10 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
Dell Command Update versions prior to 3.1 contain an Arbitrary File Deletion Vulnerability. A local authenticated malicious user with low privileges potentially could exploit this vulnerability to delete arbitrary files by creating a symlink from the "Temp\IC\ICDebugLog.txt" to any targeted file. This issue occurs because of insecure handling of Temp directory permissions that were set incorrectly. |
|
49 |
CVE-2019-3749 |
59 |
|
|
2019-12-03 |
2019-12-10 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
Dell Command Update versions prior to 3.1 contain an Arbitrary File Deletion Vulnerability. A local authenticated malicious user with low privileges potentially could exploit this vulnerability to delete arbitrary files by creating a symlink from the "Temp\ICProgress\Dell_InventoryCollector_Progress.xml" to any targeted file. This issue occurs because permissions on the Temp directory were set incorrectly. |
|
50 |
CVE-2019-3741 |
693 |
|
+Priv |
2019-07-18 |
2020-02-10 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Dell EMC Unity and UnityVSA versions prior to 5.0.0.0.5.116 contain a plain-text password storage vulnerability. A Unisphere user’s (including the admin privilege user) password is stored in a plain text in Unity Data Collection bundle (logs files for troubleshooting). A local authenticated attacker with access to the Data Collection bundle may use the exposed password to gain access with the privileges of the compromised user. |
