PT-2025-19886 · Dell · Dell Storage Manager
Published
2025-05-05
·
Updated
2025-05-07
·
CVE-2025-22478
CVSS v3.1
8.1
High
| Vector | AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Dell Storage Center - Dell Storage Manager version 20.1.20
Description
The issue is related to an Improper Restriction of XML External Entity Reference, which could be exploited by an unauthenticated attacker with adjacent network access. This could lead to information disclosure and information tampering.
Recommendations
For version 20.1.20, update to a version that addresses the Improper Restriction of XML External Entity Reference vulnerability. As a temporary workaround, consider restricting access to the XML external entity references to minimize the risk of exploitation.
Fix
XXE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dell Storage Manager