CVE-2025-43995

Name of the Vulnerable Software and Affected Versions Dell Storage Manager versions 20.1.21

Description An improper authentication issue exists in Dell Storage Manager that could allow an unauthenticated remote attacker to bypass protection mechanisms. Specifically, an attacker can access APIs exposed by ApiProxy.war within DataCollectorEar.ear by utilizing a specific SessionKey and UserId. These UserId values are associated with special users created within compellentservicesapi for specific purposes.

Recommendations Update Dell Storage Manager to a version that addresses this authentication bypass. As a temporary workaround, restrict access to the ApiProxy.war component within DataCollectorEar.ear to minimize the risk of exploitation.