Vulnerabilities > Dell > Unityvsa Operating Environment

DATE CVE VULNERABILITY TITLE RISK
2024-01-24 CVE-2024-22229 Improper Encoding or Escaping of Output vulnerability in Dell products
Dell Unity, versions prior to 5.4, contain a vulnerability whereby log messages can be spoofed by an authenticated attacker.
network
low complexity
dell CWE-116
4.3
4.3
2023-11-22 CVE-2023-43082 Improper Certificate Validation vulnerability in Dell products
Dell Unity prior to 5.3 contains a 'man in the middle' vulnerability in the vmadapter component.
network
high complexity
dell CWE-295
5.9
5.9
2023-10-23 CVE-2023-43066 OS Command Injection vulnerability in Dell products
Dell Unity prior to 5.3 contains a Restricted Shell Bypass vulnerability.
local
low complexity
dell CWE-78
7.8
7.8
2023-10-23 CVE-2023-43067 XXE vulnerability in Dell products
Dell Unity prior to 5.3 contains an XML External Entity injection vulnerability.
network
low complexity
dell CWE-611
6.5
6.5
2023-10-23 CVE-2023-43065 Cross-site Scripting vulnerability in Dell products
Dell Unity prior to 5.3 contains a Cross-site scripting vulnerability.
network
low complexity
dell CWE-79
5.4
5.4
2023-10-23 CVE-2023-43074 Unspecified vulnerability in Dell products
Dell Unity 5.3 contain(s) an Arbitrary File Creation vulnerability.
network
low complexity
dell
7.5
7.5
2022-06-02 CVE-2022-29084 Improper Restriction of Excessive Authentication Attempts vulnerability in Dell products
Dell Unity, Dell UnityVSA, and Dell Unity XT versions before 5.2.0.0.5.173 do not restrict excessive authentication attempts in Unisphere GUI.
network
low complexity
dell CWE-307
critical
 10.0
10
2022-06-02 CVE-2022-29085 Insufficiently Protected Credentials vulnerability in Dell products
Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0.5.173 contain a plain-text password storage vulnerability when certain off-array tools are run on the system.
local
low complexity
dell CWE-522
4.6
4.6
2022-05-26 CVE-2022-29091 Cross-site Scripting vulnerability in Dell products
Dell Unity, Dell UnityVSA, and Dell UnityXT versions prior to 5.2.0.0.5.173 contain a Reflected Cross-Site Scripting Vulnerability in Unisphere GUI.
network
dell CWE-79
4.3
4.3
2021-04-30 CVE-2021-21547 Cleartext Storage of Sensitive Information vulnerability in Dell products
Dell EMC Unity, UnityVSA, and Unity XT versions prior to 5.0.7.0.5.008 contain a plain-text password storage vulnerability when the Dell Upgrade Readiness Utility is run on the system.
local
low complexity
dell CWE-312
2.1
2.1