Vulnerabilities > Dell

DATE CVE VULNERABILITY TITLE RISK
2022-01-24 CVE-2022-22554 Insufficiently Protected Credentials vulnerability in Dell EMC System Update
Dell EMC System Update, version 1.9.2 and prior, contain an Unprotected Storage of Credentials vulnerability.
local
low complexity
dell CWE-522
5.5
5.5
2022-01-21 CVE-2021-36338 Reliance on Cookies without Validation and Integrity Checking vulnerability in Dell products
Unisphere for PowerMax versions prior to 9.2.2.2 contains a privilege escalation vulnerability.
low complexity
dell CWE-565
8.0
8.0
2022-01-21 CVE-2021-36339 Unspecified vulnerability in Dell products
The Dell EMC Virtual Appliances before 9.2.2.2 contain undocumented user accounts.
local
low complexity
dell
7.8
7.8
2022-01-21 CVE-2022-22551 Session Fixation vulnerability in Dell EMC Appsync 3.9.0.0/4.2.0.0/4.3.0.0
DELL EMC AppSync versions 3.9 to 4.3 use GET request method with sensitive query strings.
low complexity
dell CWE-384
8.8
8.8
2022-01-21 CVE-2022-22552 Improper Restriction of Rendered UI Layers or Frames vulnerability in Dell EMC Appsync 3.9.0.0/4.2.0.0/4.3.0.0
Dell EMC AppSync versions 3.9 to 4.3 contain a clickjacking vulnerability in AppSync.
network
low complexity
dell CWE-1021
6.1
6.1
2022-01-21 CVE-2022-22553 Improper Restriction of Excessive Authentication Attempts vulnerability in Dell EMC Appsync 3.9.0.0/4.2.0.0/4.3.0.0
Dell EMC AppSync versions 3.9 to 4.3 contain an Improper Restriction of Excessive Authentication Attempts Vulnerability that can be exploited from UI and CLI.
network
low complexity
dell CWE-307
critical
 9.8
9.8
2021-12-21 CVE-2021-36316 Improper Privilege Management vulnerability in Dell EMC Avamar Server
Dell EMC Avamar Server versions 18.2, 19.1, 19.2, 19.3, and 19.4 contain an improper privilege management vulnerability in AUI.
network
low complexity
dell CWE-269
7.2
7.2
2021-12-21 CVE-2021-36317 Insufficiently Protected Credentials vulnerability in Dell products
Dell EMC Avamar Server version 19.4 contains a plain-text password storage vulnerability in AvInstaller.
local
low complexity
dell CWE-522
6.7
6.7
2021-12-21 CVE-2021-36318 Insufficiently Protected Credentials vulnerability in Dell EMC Avamar Server
Dell EMC Avamar versions 18.2,19.1,19.2,19.3,19.4 contain a plain-text password storage vulnerability.
local
low complexity
dell CWE-522
6.7
6.7
2021-12-21 CVE-2021-36336 Unspecified vulnerability in Dell Wyse Management Suite
Wyse Management Suite 3.3.1 and below versions contain a deserialization vulnerability that could allow an unauthenticated attacker to execute code on the affected system.
network
low complexity
dell
critical
 9.8
9.8