PT-2023-13378 · Dell · Vasa Provider Vapp+2

Mateusz Dabrowski

Published

2023-02-13

Updated

2023-07-21

CVE-2022-34397

CVSS v3.1

6.9

Medium

Vector

AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N

Name of the Vulnerable Software and Affected Versions Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp versions 10.0.0.5 and below

Description The issue allows users to perform actions for which they are not authorized due to an authorization bypass.

Recommendations For versions 10.0.0.5 and below, update to a version above 10.0.0.5 to resolve the issue.

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

CVE-2022-34397

Affected Products

Dell Unisphere For Powermax Vapp

Solution Enabler Vapp

Vasa Provider Vapp

PT-2023-13378 · Dell · Vasa Provider Vapp+2

CVE-2022-34397

Weakness Enumeration

Related Identifiers

Affected Products

References · 6