Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Dell Subscribe
Filtered by product Unity Operating Environment
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-29084 1 Dell 3 Unity Operating Environment, Unity Xt Operating Environment, Unityvsa Operating Environment 2022-06-13 10.0 HIGH 9.8 CRITICAL
Dell Unity, Dell UnityVSA, and Dell Unity XT versions before 5.2.0.0.5.173 do not restrict excessive authentication attempts in Unisphere GUI. A remote unauthenticated attacker may potentially exploit this vulnerability to brute-force passwords and gain access to the system as the victim. Account takeover is possible if weak passwords are used by users.
CVE-2022-29085 1 Dell 3 Unity Operating Environment, Unity Xt Operating Environment, Unityvsa Operating Environment 2022-06-13 4.6 MEDIUM 6.7 MEDIUM
Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0.5.173 contain a plain-text password storage vulnerability when certain off-array tools are run on the system. The credentials of a user with high privileges are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user.
CVE-2022-29091 1 Dell 3 Unity Operating Environment, Unity Xt Operating Environment, Unityvsa Operating Environment 2022-06-08 4.3 MEDIUM 6.1 MEDIUM
Dell Unity, Dell UnityVSA, and Dell UnityXT versions prior to 5.2.0.0.5.173 contain a Reflected Cross-Site Scripting Vulnerability in Unisphere GUI. An Unauthenticated Remote Attacker could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.
CVE-2021-21547 1 Dell 3 Unity Operating Environment, Unity Xt Operating Environment, Unityvsa Operating Environment 2021-05-11 2.1 LOW 6.7 MEDIUM
Dell EMC Unity, UnityVSA, and Unity XT versions prior to 5.0.7.0.5.008 contain a plain-text password storage vulnerability when the Dell Upgrade Readiness Utility is run on the system. The credentials of the Unisphere Administrator are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user.