Multiple vulnerabilities in Dell EMC Unisphere for PowerMax and Dell EMC Solutions Enabler
| Risk | Critical |
| Patch available | YES |
| Number of vulnerabilities | 289 |
| CVE-ID | CVE-2021-31199 CVE-2021-31959 CVE-2021-31958 CVE-2021-31956 CVE-2021-31954 CVE-2021-31953 CVE-2021-31201 CVE-2021-31194 CVE-2021-31968 CVE-2021-31193 CVE-2021-31188 CVE-2021-31186 CVE-2021-31184 CVE-2021-31183 CVE-2021-31182 CVE-2021-31962 CVE-2021-31971 CVE-2021-28446 CVE-2021-33765 CVE-2021-34446 CVE-2021-34441 CVE-2021-34440 CVE-2021-33788 CVE-2021-33783 CVE-2021-33782 CVE-2021-33757 CVE-2021-31973 CVE-2021-33756 CVE-2021-33752 CVE-2021-33750 CVE-2021-33749 CVE-2021-33742 CVE-2021-31979 CVE-2021-28455 CVE-2021-28445 CVE-2021-34448 CVE-2021-28335 CVE-2021-28341 CVE-2021-28340 CVE-2021-28339 CVE-2021-28338 CVE-2021-28337 CVE-2021-28336 CVE-2021-28334 CVE-2021-28343 CVE-2021-28333 CVE-2021-28332 CVE-2021-28331 CVE-2021-28330 CVE-2021-28329 CVE-2021-28328 CVE-2021-28342 CVE-2021-28344 CVE-2021-28443 CVE-2021-28356 CVE-2021-28440 CVE-2021-28439 CVE-2021-28437 CVE-2021-28434 CVE-2021-28358 CVE-2021-28357 CVE-2021-28355 CVE-2021-28345 CVE-2021-28354 CVE-2021-28353 CVE-2021-28352 CVE-2021-28350 CVE-2021-28349 CVE-2021-28348 CVE-2021-28346 CVE-2021-34447 CVE-2021-34456 CVE-2021-28323 CVE-2021-33763 CVE-2021-33785 CVE-2021-33784 CVE-2021-33781 CVE-2021-33774 CVE-2021-33773 CVE-2021-33771 CVE-2021-33761 CVE-2021-34445 CVE-2021-33759 CVE-2021-33751 CVE-2021-33743 CVE-2021-33740 CVE-2021-31976 CVE-2021-31975 CVE-2021-34438 CVE-2021-34449 CVE-2021-31972 CVE-2021-34491 CVE-2021-34512 CVE-2021-34510 CVE-2021-34509 CVE-2021-34508 CVE-2021-34503 CVE-2021-34493 CVE-2021-34490 CVE-2021-34454 CVE-2021-34489 CVE-2021-34488 CVE-2021-34466 CVE-2021-34462 CVE-2021-34460 CVE-2021-34459 CVE-2021-34455 CVE-2021-31974 CVE-2021-31970 CVE-2021-34457 CVE-2021-34497 CVE-2021-34514 CVE-2021-34511 CVE-2021-34507 CVE-2021-34504 CVE-2021-34500 CVE-2021-34498 CVE-2021-34496 CVE-2021-34527 CVE-2021-34492 CVE-2021-34484 CVE-2021-34483 CVE-2021-34481 CVE-2021-34480 CVE-2021-34476 CVE-2021-34516 CVE-2021-34533 CVE-2021-31969 CVE-2021-31187 CVE-2021-31961 CVE-2021-31955 CVE-2021-31952 CVE-2021-31951 CVE-2021-31191 CVE-2021-31190 CVE-2021-31170 CVE-2021-34535 CVE-2021-31167 CVE-2021-28479 CVE-2021-36947 CVE-2021-36937 CVE-2021-36936 CVE-2021-36927 CVE-2021-34537 CVE-2021-28327 CVE-2021-28318 CVE-2020-17000 CVE-2020-17036 CVE-2020-17029 CVE-2020-17014 CVE-2020-17011 CVE-2020-17004 CVE-2020-17001 CVE-2020-16997 CVE-2020-17042 CVE-2020-16976 CVE-2020-16975 CVE-2020-16974 CVE-2020-16973 CVE-2020-16972 CVE-2020-16964 CVE-2020-17038 CVE-2020-17043 CVE-2020-16962 CVE-2020-17140 CVE-2021-1652 CVE-2021-1649 CVE-2021-1640 CVE-2020-26144 CVE-2020-24588 CVE-2020-24587 CVE-2020-17098 CVE-2020-17044 CVE-2020-17088 CVE-2020-17087 CVE-2020-17069 CVE-2020-17068 CVE-2020-17047 CVE-2020-17045 CVE-2020-16963 CVE-2020-16961 CVE-2021-1654 CVE-2021-26419 CVE-2020-1599 CVE-2021-31204 CVE-2021-31957 CVE-2021-34477 CVE-2020-17052 CVE-2021-26411 CVE-2021-2341 CVE-2020-16887 CVE-2021-2432 CVE-2021-2369 CVE-2020-28928 CVE-2021-2388 CVE-2021-29921 CVE-2020-16863 CVE-2020-16889 CVE-2020-16960 CVE-2020-16924 CVE-2020-16959 CVE-2020-16958 CVE-2020-16940 CVE-2020-16939 CVE-2020-16936 CVE-2020-16935 CVE-2020-16923 CVE-2020-16897 CVE-2020-16922 CVE-2020-16920 CVE-2020-16916 CVE-2020-16914 CVE-2020-16912 CVE-2020-16902 CVE-2020-16900 CVE-2021-1653 CVE-2021-1655 CVE-2021-28317 CVE-2021-26414 CVE-2021-26869 CVE-2021-26862 CVE-2021-26861 CVE-2021-26425 CVE-2021-26424 CVE-2021-26415 CVE-2021-26413 CVE-2021-26873 CVE-2021-25195 CVE-2021-24107 CVE-2021-24103 CVE-2021-24102 CVE-2021-24094 CVE-2021-24088 CVE-2021-26872 CVE-2021-26875 CVE-2021-24083 CVE-2021-27091 CVE-2021-28316 CVE-2021-28315 CVE-2021-28309 CVE-2021-27096 CVE-2021-27095 CVE-2021-27093 CVE-2021-27089 CVE-2021-26878 CVE-2021-27077 CVE-2021-26901 CVE-2021-26899 CVE-2021-26898 CVE-2021-26887 CVE-2021-26882 CVE-2021-26881 CVE-2021-24086 CVE-2021-24080 CVE-2021-1656 CVE-2021-1666 CVE-2021-1675 CVE-2021-1674 CVE-2021-1673 CVE-2021-1671 CVE-2021-1668 CVE-2021-1667 CVE-2021-1665 CVE-2021-1678 CVE-2021-1664 CVE-2021-1661 CVE-2021-1660 CVE-2021-1659 CVE-2021-1658 CVE-2021-1657 CVE-2021-1676 CVE-2021-1679 CVE-2021-24077 CVE-2021-1706 CVE-2021-24074 CVE-2021-1734 CVE-2021-1727 CVE-2021-1722 CVE-2021-1709 CVE-2021-1708 CVE-2021-1702 CVE-2021-1688 CVE-2021-1701 CVE-2021-1700 CVE-2021-1699 CVE-2021-1696 CVE-2021-1695 CVE-2021-1694 CVE-2021-1693 |
| CWE-ID | CWE-264 CWE-119 CWE-122 CWE-94 CWE-254 CWE-125 CWE-20 CWE-451 CWE-200 CWE-822 CWE-269 CWE-367 CWE-415 CWE-347 CWE-835 |
| Exploitation vector | Network |
| Public exploit |
Vulnerability #1 is being exploited in the wild. Vulnerability #4 is being exploited in the wild. Vulnerability #7 is being exploited in the wild. Public exploit code for vulnerability #13 is available. Vulnerability #32 is being exploited in the wild. Vulnerability #33 is being exploited in the wild. Vulnerability #36 is being exploited in the wild. Vulnerability #80 is being exploited in the wild. Public exploit code for vulnerability #84 is available. Vulnerability #119 is being exploited in the wild. Vulnerability #121 is being exploited in the wild. Public exploit code for vulnerability #123 is available. Vulnerability #124 is being exploited in the wild. Vulnerability #131 is being exploited in the wild. Vulnerability #175 is being exploited in the wild. Vulnerability #189 is being exploited in the wild. Public exploit code for vulnerability #204 is available. Public exploit code for vulnerability #225 is available. Public exploit code for vulnerability #251 is available. Public exploit code for vulnerability #253 is available. Public exploit code for vulnerability #255 is available. Vulnerability #257 is being exploited in the wild. Public exploit code for vulnerability #277 is available. Public exploit code for vulnerability #285 is available. |
| Vulnerable software Subscribe |
Solutions Enabler Virtual Appliance Server applications / Virtualization software Solutions Enabler Other software / Other software solutions Unisphere for PowerMax Virtual Appliance Other software / Other software solutions Unisphere for PowerMax Other software / Other software solutions |
| Vendor | Dell |
Security Bulletin
This security bulletin contains information about 289 vulnerabilities.
1) Security restrictions bypass
EUVDB-ID: #VU53909
Risk: Medium
CVSSv3.1: 4.2 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:H/RL:O/RC:C]
CVE-ID: CVE-2021-31199
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions in Microsoft Enhanced Cryptographic Provider. A local user can bypass implemented security restrictions and read or modify otherwise restricted information.
Note, the vulnerability is being actively exploited in the wild and related to a zero-day vulnerability in Adobe Reader #VU53125 (CVE-2021-28550) patched on May 11.
Install update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
2) Buffer overflow
EUVDB-ID: #VU53880
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-31959
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the Scripting Engine. A remote attacker can trick a victim to open a specially crafted file or visit a malicious website, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU53882
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-31958
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in the Windows NTLM. A remote attacker can trick a victim to visit a specially crafted server share or website, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU53891
Risk: Medium
CVSSv3.1: 7.5 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2021-31956
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists within the NTFS subsystem in Microsoft Windows. A local user can run a specially crafted program to execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
5) Heap-based buffer overflow
EUVDB-ID: #VU53883
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-31954
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the Windows Common Log File System Driver. A local user can run a specially crafted program to trigger a heap-based buffer overflow and execute arbitrary code with SYSTEM privileges. MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU53884
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-31953
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Windows Filter Manager, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Security restrictions bypass
EUVDB-ID: #VU53910
Risk: Medium
CVSSv3.1: 4.2 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:H/RL:O/RC:C]
CVE-ID: CVE-2021-31201
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions in Microsoft Enhanced Cryptographic Provider. A local user can bypass implemented security restrictions and read or modify otherwise restricted information.
Note, the vulnerability is being actively exploited in the wild and related to a zero-day vulnerability in Adobe Reader #VU53125 (CVE-2021-28550) patched on May 11. MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
8) Code Injection
EUVDB-ID: #VU53095
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-31194
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in OLE Automation. A remote authenticated attacker can execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Security features bypass
EUVDB-ID: #VU53920
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-31968
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to security feature bypass issue in Windows Remote Desktop Services. A remote attacker can cause a denial of service condition on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU53105
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-31193
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Windows SSDP Service, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU53093
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-31188
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Windows Graphics Component, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Out-of-bounds read
EUVDB-ID: #VU53109
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-31186
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in Windows Remote Desktop Protocol (RDP). A remote attacker can trick a victim to connect to a malicious RDP server, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Out-of-bounds read
EUVDB-ID: #VU53111
Risk: Low
CVSSv3.1: 5 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2021-31184
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in Microsoft Windows Infrared Data Association (IrDA). A local user can trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
14) Input validation error
EUVDB-ID: #VU54699
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-31183
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the Windows TCP/IP Driver. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Spoofing attack
EUVDB-ID: #VU53118
Risk: Low
CVSSv3.1: 6.2 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-31182
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data in Microsoft Bluetooth Driver. A remote attacker on the local network can spoof page content.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Security features bypass
EUVDB-ID: #VU53918
Risk: High
CVSSv3.1: 8.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-31962
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to security feature bypass issue in Kerberos AppContainer. A remote attacker can bypass Kerberos authentication.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Security restrictins bypass
EUVDB-ID: #VU53914
Risk: Medium
CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-31971
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to Windows HTML Platform does not properly impose security restrictions. A remote attacker can create a specially crafted web page, trick the victim into opening it and bypass implemented security restrictions.
Install update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Information disclosure
EUVDB-ID: #VU52169
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-28446
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in Windows Portmapping. A local user can gain unauthorized access to sensitive information on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Spoofing attack
EUVDB-ID: #VU54750
Risk: Low
CVSSv3.1: 5.4 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-33765
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data in the Windows Installer. A local attacker can spoof page content.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Security features bypass
EUVDB-ID: #VU54831
Risk: High
CVSSv3.1: 7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34446
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to security feature bypass issue in Windows HTML Platforms. A remote attacker can gain elevated privileges on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Code Injection
EUVDB-ID: #VU54739
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34441
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in the Microsoft Windows Media Foundation. A remote attacker can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Information disclosure
EUVDB-ID: #VU54734
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34440
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in GDI+. A local user can gain unauthorized access to sensitive information on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Input validation error
EUVDB-ID: #VU54812
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-33788
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the Windows LSA. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Information disclosure
EUVDB-ID: #VU54768
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-33783
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in Windows SMB. A remote authenticated attacker can gain unauthorized access to sensitive information on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Spoofing attack
EUVDB-ID: #VU54767
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-33782
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data in the Windows Authenticode. A local attacker can spoof page content.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Security features bypass
EUVDB-ID: #VU54830
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-33757
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to security feature bypass issue in Windows Security Account Manager Remote Protocol. A remote attacker can gain access to sensitive information on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU53903
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-31973
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Windows GPSVC, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Code Injection
EUVDB-ID: #VU54796
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-33756
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in the Windows DNS Snap-in. A remote attacker can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Code Injection
EUVDB-ID: #VU54795
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-33752
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in the Windows DNS Snap-in. A remote attacker can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Code Injection
EUVDB-ID: #VU54794
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-33750
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in the Windows DNS Snap-in. A remote attacker can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Code Injection
EUVDB-ID: #VU54793
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-33749
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in the Windows DNS Snap-in. A remote attacker can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Buffer overflow
EUVDB-ID: #VU53897
Risk: Critical
CVSSv3.1: 8.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2021-33742
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content within Windows MSHTML Platform. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
33) Buffer overflow
EUVDB-ID: #VU54723
Risk: High
CVSSv3.1: 8.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2021-31979
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in Windows kernel. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code on the system with elevated privileges.
Note, the vulnerability is being actively exploited in the wild. MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
34) Code Injection
EUVDB-ID: #VU53117
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-28455
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in Microsoft Jet Red Database Engine and Access Connectivity Engine. A remote authenticated attacker can execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Code Injection
EUVDB-ID: #VU52168
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-28445
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in Windows Network File System. A remote authenticated attacker can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Buffer overflow
EUVDB-ID: #VU54721
Risk: Critical
CVSSv3.1: 8.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2021-34448
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content in Microsoft scripting engine. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Install update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
37) Code Injection
EUVDB-ID: #VU52095
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-28335
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in Remote Procedure Call Runtime. A remote authenticated attacker can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Code Injection
EUVDB-ID: #VU52089
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-28341
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in Remote Procedure Call Runtime. A remote authenticated attacker can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Code Injection
EUVDB-ID: #VU52090
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-28340
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in Remote Procedure Call Runtime. A remote authenticated attacker can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Code Injection
EUVDB-ID: #VU52091
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-28339
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in Remote Procedure Call Runtime. A remote authenticated attacker can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Code Injection
EUVDB-ID: #VU52092
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-28338
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in Remote Procedure Call Runtime. A remote authenticated attacker can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Code Injection
EUVDB-ID: #VU52093
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-28337
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in Remote Procedure Call Runtime. A remote authenticated attacker can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Code Injection
EUVDB-ID: #VU52094
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-28336
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in Remote Procedure Call Runtime. A remote authenticated attacker can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Code Injection
EUVDB-ID: #VU52096
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-28334
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in Remote Procedure Call Runtime. A remote authenticated attacker can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Code Injection
EUVDB-ID: #VU52087
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-28343
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in Remote Procedure Call Runtime. A remote authenticated attacker can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Code Injection
EUVDB-ID: #VU52085
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-28333
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in Remote Procedure Call Runtime. A remote authenticated attacker can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Code Injection
EUVDB-ID: #VU52097
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-28332
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in Remote Procedure Call Runtime. A remote authenticated attacker can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Code Injection
EUVDB-ID: #VU52098
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-28331
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in Remote Procedure Call Runtime. A remote authenticated attacker can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) Code Injection
EUVDB-ID: #VU52099
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-28330
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in Remote Procedure Call Runtime. A remote authenticated attacker can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) Code Injection
EUVDB-ID: #VU52100
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-28329
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in Remote Procedure Call Runtime. A remote authenticated attacker can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
51) Information disclosure
EUVDB-ID: #VU52133
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-28328
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in the Windows DNS. A remote authenticated attacker can gain unauthorized access to sensitive information on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
52) Code Injection
EUVDB-ID: #VU52088
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-28342
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in Remote Procedure Call Runtime. A remote authenticated attacker can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
53) Code Injection
EUVDB-ID: #VU52086
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-28344
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in Remote Procedure Call Runtime. A remote authenticated attacker can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
54) Input validation error
EUVDB-ID: #VU52125
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-28443
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the Windows Console Driver. A local user can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
55) Code Injection
EUVDB-ID: #VU52078
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-28356
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in Remote Procedure Call Runtime. A remote authenticated attacker can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
56) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU52102
Risk: Low
CVSSv3.1: 6.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-28440
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in the Windows Installer, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
57) Input validation error
EUVDB-ID: #VU52117
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-28439
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the Windows TCP/IP Driver. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
58) Information disclosure
EUVDB-ID: #VU52103
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-28437
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in the Windows Installer. A local user can gain unauthorized access to sensitive information on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
59) Code Injection
EUVDB-ID: #VU52076
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-28434
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in Remote Procedure Call Runtime. A remote authenticated attacker can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
60) Code Injection
EUVDB-ID: #VU52077
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-28358
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in Remote Procedure Call Runtime. A remote authenticated attacker can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
61) Code Injection
EUVDB-ID: #VU52075
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-28357
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in Remote Procedure Call Runtime. A remote authenticated attacker can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
62) Code Injection
EUVDB-ID: #VU52079
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-28355
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in Remote Procedure Call Runtime. A remote authenticated attacker can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
63) Code Injection
EUVDB-ID: #VU52084
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-28345
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in Remote Procedure Call Runtime. A remote authenticated attacker can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
64) Code Injection
EUVDB-ID: #VU52080
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-28354
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in Remote Procedure Call Runtime. A remote authenticated attacker can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
65) Code Injection
EUVDB-ID: #VU52081
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-28353
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in Remote Procedure Call Runtime. A remote authenticated attacker can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
66) Code Injection
EUVDB-ID: #VU52082
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-28352
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in Remote Procedure Call Runtime. A remote authenticated attacker can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
67) Code Injection
EUVDB-ID: #VU52106
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-28350
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in the Windows GDI+. A remote authenticated attacker can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
68) Code Injection
EUVDB-ID: #VU52107
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-28349
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in the Windows GDI+. A remote authenticated attacker can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
69) Code Injection
EUVDB-ID: #VU52108
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-28348
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in the Windows GDI+. A remote authenticated attacker can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
70) Code Injection
EUVDB-ID: #VU52083
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-28346
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in Remote Procedure Call Runtime. A remote authenticated attacker can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
71) Code Injection
EUVDB-ID: #VU54802
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34447
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in the Windows MSHTML Platform. A remote attacker can trick a victim to visit a specially crafted server share or website and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
72) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU54759
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34456
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in the Windows Remote Access Connection Manager, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
73) Information disclosure
EUVDB-ID: #VU52132
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-28323
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in the Windows DNS. A remote authenticated attacker can gain unauthorized access to sensitive information on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
74) Information disclosure
EUVDB-ID: #VU54763
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-33763
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in the Windows Remote Access Connection Manager. A local user can gain unauthorized access to sensitive information on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
75) Input validation error
EUVDB-ID: #VU54770
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-33785
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the Windows AF_UNIX Socket Provider. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
76) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU54769
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-33784
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in the Windows Cloud Files Mini Filter Driver, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
77) Security features bypass
EUVDB-ID: #VU54835
Risk: Medium
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-33781
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to security feature bypass issue in Active Directory. A remote authenticated attacker can gain elevated privileges on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
78) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU54820
Risk: Low
CVSSv3.1: 6.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-33774
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in the Windows Event Tracing, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
79) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU54762
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-33773
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in the Windows Remote Access Connection Manager, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
80) Buffer overflow
EUVDB-ID: #VU54720
Risk: High
CVSSv3.1: 8.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2021-33771
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code on the system with elevated privileges.
Note, the vulnerability is being actively exploited in the wild.
Install update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
81) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU54764
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-33761
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in the Windows Remote Access Connection Manager, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
82) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU54761
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34445
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in the Windows Remote Access Connection Manager, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
83) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU54822
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-33759
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in the Windows Desktop Bridge, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
84) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU54778
Risk: Low
CVSSv3.1: 6.3 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2021-33751
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in the Storage Spaces Controller, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
85) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU54726
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-33743
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in the Windows Projected File System, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
86) Code Injection
EUVDB-ID: #VU54724
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-33740
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in the Windows Media. A remote attacker can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
87) Information disclosure
EUVDB-ID: #VU53899
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-31976
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in Server for NFS. A remote attacker can gain unauthorized access to sensitive information on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
88) Information disclosure
EUVDB-ID: #VU53900
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-31975
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in Server for NFS. A remote attacker can gain unauthorized access to sensitive information on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
89) Code Injection
EUVDB-ID: #VU54771
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34438
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in the Windows Font Driver Host. A remote attacker can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
90) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU54800
Risk: Low
CVSSv3.1: 6.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34449
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in the Win32k, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
91) Information disclosure
EUVDB-ID: #VU53904
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-31972
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in Event Tracing for Windows. A local user can gain unauthorized access to sensitive information on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
92) Information disclosure
EUVDB-ID: #VU54799
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34491
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in the Win32k. A local user can gain unauthorized access to sensitive information on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
93) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU54782
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34512
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in the Storage Spaces Controller, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
94) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU54777
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34510
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in the Storage Spaces Controller, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
95) Information disclosure
EUVDB-ID: #VU54780
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34509
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in the Storage Spaces Controller. A local user can gain unauthorized access to sensitive information on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
96) Code Injection
EUVDB-ID: #VU54786
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34508
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in the Windows Kernel. A remote authenticated attacker can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
97) Code Injection
EUVDB-ID: #VU54737
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34503
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in the Microsoft Windows Media Foundation. A remote attacker can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
98) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU54818
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34493
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local administrator to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in the Windows Partition Management Driver, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
99) Input validation error
EUVDB-ID: #VU54700
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34490
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the Windows TCP/IP Driver. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
100) Information disclosure
EUVDB-ID: #VU54760
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34454
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in the Windows Remote Access Connection Manager. A local user can gain unauthorized access to sensitive information on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
101) Code Injection
EUVDB-ID: #VU54735
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34489
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in DirectWrite. A remote attacker can trick a victim to open a specially crafted file and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
102) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU54736
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34488
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in the Windows Console Driver, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
103) Security features bypass
EUVDB-ID: #VU54837
Risk: Low
CVSSv3.1: 5 [CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34466
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to bypass authentication process.
The vulnerability exists due to security feature bypass issue in Windows Hello. An attacker with physical access can gain elevated privileges on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
104) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU54825
Risk: Low
CVSSv3.1: 6.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34462
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in the Windows AppX Deployment Extensions, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
105) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU54781
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34460
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in the Storage Spaces Controller, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
106) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU54765
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34459
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in the Windows AppContainer, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
107) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU54732
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34455
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in the Windows File History Service, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
108) Input validation error
EUVDB-ID: #VU53901
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-31974
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in Server for NFS. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
109) Security features bypass
EUVDB-ID: #VU53919
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-31970
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack..
The vulnerability exists due to security feature bypass issue in Windows TCP/IP Driver. A local user can cause a denial of service condition on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
110) Information disclosure
EUVDB-ID: #VU54758
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34457
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in the Windows Remote Access Connection Manager. A local user can gain unauthorized access to sensitive information on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
111) Code Injection
EUVDB-ID: #VU54801
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34497
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in the Windows MSHTML Platform. A remote attacker can trick a victim to visit a specially crafted server share or website and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
112) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU54788
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34514
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in the Windows Kernel, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
113) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU54749
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34511
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in the Windows Installer, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
114) Information disclosure
EUVDB-ID: #VU54774
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34507
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in the Windows Remote Assistance. A remote attacker can gain unauthorized access to sensitive information on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
115) Code Injection
EUVDB-ID: #VU54733
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34504
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in the Windows Address Book. A remote attacker can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
116) Information disclosure
EUVDB-ID: #VU54789
Risk: Medium
CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34500
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in the Windows Kernel Hyper-V host server. A remote authenticated attacker can gain unauthorized access to sensitive information on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
117) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU54757
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34498
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in the Windows GDI, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
118) Information disclosure
EUVDB-ID: #VU54756
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34496
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in the Windows GDI. A local user can gain unauthorized access to sensitive information on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
119) Code Injection
EUVDB-ID: #VU53886
Risk: Critical
CVSSv3.1: 9.5 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2021-34527
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: Yes
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation within the RpcAddPrinterDriverEx() function. A remote user can send a specially crafted request to the Windows Print Spooler and execute arbitrary code with SYSTEM privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being considered a zero-day and dubbed PrintNightmare. This is a different vulnerability than #VU54508 (CVE-2021-1675).
Mitigation
Install update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
120) Spoofing attack
EUVDB-ID: #VU54819
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34492
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data in Windows Certificate. A remote attacker can spoof page content.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
121) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU55695
Risk: Low
CVSSv3.1: 7.5 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2021-34484
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in the Windows User Profile Service, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
122) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU55699
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34483
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in the Windows Print Spooler, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
123) Buffer overflow
EUVDB-ID: #VU54917
Risk: Medium
CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2021-34481
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when the Windows Print Spooler service improperly performs privileged file operations. A local user can use a specially crafted application to trigger memory corruption and execute arbitrary code on the target system with SYSTEM privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
124) Buffer overflow
EUVDB-ID: #VU55726
Risk: Medium
CVSSv3.1: 7.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2021-34480
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to incorrect JIT optimization in jscript9.dll in the Scripting Engine. A remote attacker can trick a victim to open a specially crafted file or visit a malicious website, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
125) Input validation error
EUVDB-ID: #VU54827
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34476
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in Bowser.sys. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
126) Untrusted Pointer Dereference
EUVDB-ID: #VU54798
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34516
CWE-ID:
CWE-822 - Untrusted Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to untrusted pointer dereference in DrvTransparentBltInternal() within the Microsoft Windows Canonical Display Driver cdd.dll. A local user can run a specially crafted program to execute arbitrary code with SYSTEM privileges.
Install update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
127) Code Injection
EUVDB-ID: #VU55703
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34533
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in the Windows Graphics Component Font Parsing. A remote attacker can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
128) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU53905
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-31969
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Windows Cloud Files Mini Filter Driver, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
129) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU53087
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-31187
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Windows WalletService, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
130) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU54722
Risk: Low
CVSSv3.1: 5.3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-31961
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Windows InstallService. A local user can delete targeted files on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
131) Improper Privilege Management
EUVDB-ID: #VU53890
Risk: Medium
CVSSv3.1: 5.3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C]
CVE-ID: CVE-2021-31955
CWE-ID:
CWE-269 - Improper Privilege Management
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to improper privilege management. A local unprivileged user can read contents of Kernel memory from a user mode process.
Note, the vulnerability is being actively exploited in the wild.
Install update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
132) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU53885
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-31952
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Windows Kernel-Mode Driver, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
133) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU53913
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-31951
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Windows Kernel, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
134) Out-of-bounds read
EUVDB-ID: #VU53107
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-31191
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in Windows Projected File System FS Filter Driver. A local user can trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
135) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU53108
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-31190
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Windows Container Isolation FS Filter Driver, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
136) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU53094
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-31170
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Windows Graphics Component, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
137) Code Injection
EUVDB-ID: #VU55714
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34535
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in the Remote Desktop Client and Hyper-V Viewer. A remote attacker can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
138) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU53090
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-31167
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Windows Container Manager Service, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
139) Information disclosure
EUVDB-ID: #VU53115
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-28479
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in Windows CSC Service. A local user can gain unauthorized access to sensitive information on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
140) Code Injection
EUVDB-ID: #VU55698
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-36947
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in the Windows Print Spooler. A remote authenticated attacker can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
141) Code Injection
EUVDB-ID: #VU55721
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-36937
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in the Windows Media MPEG-4 Video Decoder. A remote attacker can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
142) Code Injection
EUVDB-ID: #VU55700
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-36936
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in the Windows Print Spooler. A remote authenticated attacker can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
143) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU55712
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-36927
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in the Windows Digital TV Tuner device registration application, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
144) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU55731
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34537
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in the Windows Bluetooth Driver, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
145) Code Injection
EUVDB-ID: #VU52101
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-28327
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in Remote Procedure Call Runtime. A remote authenticated attacker can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
146) Information disclosure
EUVDB-ID: #VU52109
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-28318
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in the Windows GDI+. A local user can gain unauthorized access to sensitive information on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
147) Information disclosure
EUVDB-ID: #VU48267
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-17000
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by Remote Desktop Protocol Client. A remote user can gain unauthorized access to sensitive information on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
148) Information disclosure
EUVDB-ID: #VU48268
Risk: Low
CVSSv3.1: 5.4 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-17036
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in the Windows Function Discovery SSDP Provider. A local attacker can gain unauthorized access to sensitive information on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
149) Information disclosure
EUVDB-ID: #VU48306
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-17029
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in Windows Canonical Display Driver. A local user can gain unauthorized access to sensitive information on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
150) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU48280
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-17014
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Windows Print Spooler, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
151) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU48297
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-17011
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Windows Port Class Library, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
152) Information disclosure
EUVDB-ID: #VU48337
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-17004
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in Windows Graphics Component. A local user can gain unauthorized access to sensitive information on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
153) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU48281
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-17001
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Windows Print Spooler, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
154) Information disclosure
EUVDB-ID: #VU48266
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-16997
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output in the Remote Desktop Protocol server. A remote authenticated user can gain unauthorized access to sensitive information on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
155) Code Injection
EUVDB-ID: #VU48278
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-17042
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in Windows Print Spooler. A remote attacker can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
156) Buffer overflow
EUVDB-ID: #VU47541
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-16976
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when the Windows Backup Service improperly handles file operations. A local user can use a specially crafted application to trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
157) Buffer overflow
EUVDB-ID: #VU47537
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-16975
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when the Windows Backup Service improperly handles file operations. A local user can use a specially crafted application to trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
158) Buffer overflow
EUVDB-ID: #VU47538
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-16974
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when the Windows Backup Service improperly handles file operations. A local user can use a specially crafted application to trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
159) Buffer overflow
EUVDB-ID: #VU47539
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-16973
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when the Windows Backup Service improperly handles file operations. A local user can use a specially crafted application to trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
160) Buffer overflow
EUVDB-ID: #VU47540
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-16972
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when the Windows Backup Service improperly handles file operations. A local user can use a specially crafted application to trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
161) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU48830
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-16964
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Windows Backup Engine, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
162) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU48286
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-17038
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Win32k, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
163) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU48257
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-17043
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
164) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU48832
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-16962
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Windows Backup Engine, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
165) Information disclosure
EUVDB-ID: #VU48860
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-17140
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in Windows SMB. A remote authenticated attacker can gain unauthorized access to sensitive information on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
166) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU49422
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1652
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Windows CSC Service, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
167) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU49427
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1649
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Active Template Library, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
168) Time-of-check Time-of-use (TOCTOU) Race Condition
EUVDB-ID: #VU51304
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1640
CWE-ID:
CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the Print Spooler service. A local user can create a directory junction and force the Print Spooler service to delete arbitrary files on the system. Successful exploitation of the vulnerability may result in denial of service.
Install update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
169) Spoofing attack
EUVDB-ID: #VU53097
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-26144
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data in Windows Wireless Networking. A remote attacker on the local network can spoof page content.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
170) Spoofing attack
EUVDB-ID: #VU53098
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-24588
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data in Windows Wireless Networking. A remote attacker on the local network can spoof page content.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
171) Information disclosure
EUVDB-ID: #VU53096
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-24587
CWE-ID: N/A
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in Windows Wireless Networking. A remote attacker on the local network can gain unauthorized access to sensitive information on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
172) Information disclosure
EUVDB-ID: #VU48864
Risk: Medium
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-17098
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in Windows GDI+. A local user can gain unauthorized access to sensitive information on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
173) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU48256
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-17044
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
174) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU48334
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-17088
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Windows Common Log File System Driver, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
175) Buffer overflow
EUVDB-ID: #VU48060
Risk: High
CVSSv3.1: 7.5 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2020-17087
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalate privilege son the system.
The vulnerability exists due to a boundary error within the Windows Kernel Cryptography Driver cng.sys, which exposes a "\Device\CNG" device to user-mode programs and supports a variety of IOCTLs with non-trivial input structures. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code on the system with elevated privileges.
Note, this vulnerability is being actively exploited in the wild.
Install update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
176) Information disclosure
EUVDB-ID: #VU48323
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-17069
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in Windows NDIS. A local user can gain unauthorized access to sensitive information on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
177) Code Injection
EUVDB-ID: #VU48322
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-17068
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in Windows GDI+. A remote authenticated attacker can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
178) Input validation error
EUVDB-ID: #VU48272
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-17047
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in Windows Network File System. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
179) Information disclosure
EUVDB-ID: #VU48277
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-17045
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in Windows KernelStream. A local user can gain unauthorized access to sensitive information on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
180) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU48831
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-16963
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Windows Backup Engine, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
181) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU48833
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-16961
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Windows Backup Engine, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
182) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU49426
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1654
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Windows CSC Service, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
183) Buffer overflow
EUVDB-ID: #VU53114
Risk: Low
CVSSv3.1: 5.6 [CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-26419
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in Scripting Engine. A remote administrator can trick a victim to visit a malicious website, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
184) Spoofing attack
EUVDB-ID: #VU48338
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-1599
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data in Windows. A local attacker can spoof page content.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
185) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU53123
Risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-31204
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in .NET and Visual Studio, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
186) Input validation error
EUVDB-ID: #VU53881
Risk: Medium
CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-31957
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in .NET Core and Visual Studio. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
187) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU54809
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34477
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in the Visual Studio Code .NET Runtime, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
188) Buffer overflow
EUVDB-ID: #VU48309
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-17052
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in Scripting Engine. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
189) Double Free
EUVDB-ID: #VU50401
Risk: Critical
CVSSv3.1: 8.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2021-26411
CWE-ID:
CWE-415 - Double Free
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing ".mht" files. A remote attacker can trick the victim to visit a specially crafted webpage, trigger a double free error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Install update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
190) Improper input validation
EUVDB-ID: #VU55060
Risk: Low
CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-2341
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Networking component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
191) Buffer overflow
EUVDB-ID: #VU47596
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-16887
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privilege so the system.
The vulnerability exists due to a boundary error in the Windows Network Connections Service when handling objects in memory. A local user can create a specially crafted application, trigger memory corruption and execute arbitrary code on the target system with elevated privileges.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
192) Improper input validation
EUVDB-ID: #VU55059
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-2432
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The vulnerability exists due to improper input validation within the JNDI component in Java SE. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
193) Improper Verification of Cryptographic Signature
EUVDB-ID: #VU55058
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-2369
CWE-ID:
CWE-347 - Improper Verification of Cryptographic Signature
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to an error in JAR validation implementation. A remote attacker can modify the signed JAR file in a way it will be considered as signed.
Install update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
194) Infinite loop
EUVDB-ID: #VU48579
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-28928
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the wcsnrtombs() function in musl libc. A remote attacker can consume all available system resources and cause denial of service conditions.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
195) Improper input validation
EUVDB-ID: #VU55057
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-2388
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The vulnerability exists due to improper input validation within the Hotspot component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
196) Improper input validation
EUVDB-ID: #VU55056
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-29921
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The vulnerability exists due to improper input validation within the Python interpreter and runtime (CPython) component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
197) Input validation error
EUVDB-ID: #VU47612
Risk: Medium
CVSSv3.1: 3.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-16863
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in Windows Remote Desktop Service . A remote attacker can run a specially crafted application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
198) Out-of-bounds read
EUVDB-ID: #VU47602
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-16889
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the Windows KernelStream. A local user can use a specially crafted application to trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
199) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU48834
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-16960
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Windows Backup Engine, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
200) Buffer overflow
EUVDB-ID: #VU47610
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-16924
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the Windows Jet Database Engine. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
201) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU48835
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-16959
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Windows Backup Engine, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
202) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU48829
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-16958
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Windows Backup Engine, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
203) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU47623
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-16940
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to the way Windows User Profile Service (ProfSvc) handles junction points. A local user can create a malicious application, launch it on the system and delete files and folders in an elevated context.
To exploit this vulnerability, an attacker would first have to log on to the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
204) Buffer overflow
EUVDB-ID: #VU47553
Risk: Low
CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2020-16939
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when Group Policy improperly checks access. A local user can use a specially crafted application to trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
205) Buffer overflow
EUVDB-ID: #VU47535
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-16936
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when the Windows Backup Service improperly handles file operations. A local user can use a specially crafted application to trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
206) Buffer overflow
EUVDB-ID: #VU47555
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-16935
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when Windows improperly handles COM object creation. A local user can use a specially crafted application to trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
207) Buffer overflow
EUVDB-ID: #VU47580
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-16923
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within Microsoft Graphics Components. A remote attacker can send a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
208) Out-of-bounds read
EUVDB-ID: #VU47607
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-16897
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within NetBIOS over TCP (NBT) Extensions (NetBT). A local user can use a specially crafted application to trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
209) Spoofing attack
EUVDB-ID: #VU47613
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-16922
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to perform spoofing attack.
The vulnerability exists due to Windows incorrectly validates file signatures. A local attacker can spoof page content, bypass security features and load improperly signed files.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
210) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU47601
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-16920
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to the way Windows Application Compatibility Client Library handles registry operations. A local user can create a malicious application, launch it on the system and gain elevated privileges.
To exploit the vulnerability, an attacker would first need code execution on a victim system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
211) Buffer overflow
EUVDB-ID: #VU47554
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-16916
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when Windows improperly handles COM object creation. A local user can use a specially crafted application to trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
212) Out-of-bounds read
EUVDB-ID: #VU47543
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-16914
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to the way that the Windows Graphics Device Interface Plus (GDI+) handles objects in memory. A local user can use a specially crafted application, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
213) Buffer overflow
EUVDB-ID: #VU47536
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-16912
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when the Windows Backup Service improperly handles file operations. A local user can use a specially crafted application to trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
214) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU47597
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-16902
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior. A local user can run arbitrary code with elevated system privileges.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
215) Buffer overflow
EUVDB-ID: #VU47552
Risk: Low
CVSSv3.1: 6.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-16900
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when the Windows Event System improperly handles objects in memory. A local user can use a specially crafted application to trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
216) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU49423
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1653
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Windows CSC Service, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
217) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU49424
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1655
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Windows CSC Service, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
218) Information disclosure
EUVDB-ID: #VU52166
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-28317
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in Microsoft Windows Codecs Library. A local user can gain unauthorized access to sensitive information on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
219) Security features bypass
EUVDB-ID: #VU53917
Risk: Medium
CVSSv3.1: 4.2 [CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-26414
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to security feature bypass issue in Windows DCOM Server. A remote authenticated attacker can gain elevated privileges on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
220) Information disclosure
EUVDB-ID: #VU51325
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-26869
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in Windows ActiveX Installer Service. A remote attacker can gain unauthorized access to sensitive information on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
221) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU51298
Risk: Low
CVSSv3.1: 5.5 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-26862
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in the Windows Installer, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
222) Code Injection
EUVDB-ID: #VU51331
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-26861
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in Windows Graphics Component. A remote attacker can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
223) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU55729
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-26425
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in the Windows Event Tracing, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
224) Buffer overflow
EUVDB-ID: #VU55702
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-26424
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in tcpip.sys when processing TCP/IP packets sent via IPv6 protocol. A remote Hyper-V guest can send a specially crafted IPv6 ping to the affected Hyper-V host, trigger memory corruption and execute arbitrary code on the system.
Install update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
225) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU52104
Risk: Low
CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2021-26415
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in the Windows Installer, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
226) Spoofing attack
EUVDB-ID: #VU52105
Risk: Low
CVSSv3.1: 5.4 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-26413
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data in the Windows Installer. A local attacker can spoof page content.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
227) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU51312
Risk: Low
CVSSv3.1: 6.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-26873
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in the Windows User Profile Service, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
228) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU50498
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-25195
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Windows PKU2U, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
229) Information disclosure
EUVDB-ID: #VU51322
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-24107
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in the Windows Event Tracing. A local user can gain unauthorized access to sensitive information on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
230) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU50492
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-24103
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Windows Event Tracing, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
231) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU50491
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-24102
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Windows Event Tracing, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
232) Input validation error
EUVDB-ID: #VU50461
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-24094
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input in Windows TCP/IP. A remote attacker can pass specially crafted input to the application and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
233) Input validation error
EUVDB-ID: #VU50476
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-24088
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input in Windows Local Spooler. A remote authenticated attacker can pass specially crafted input to the application and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
234) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU51323
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-26872
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Windows Event Tracing, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
235) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU51285
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-26875
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in the Windows Win32k, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
236) Input validation error
EUVDB-ID: #VU50484
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-24083
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input in Windows Address Book. A remote attacker can pass specially crafted input to the application and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
237) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU52158
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-27091
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in the RPC Endpoint Mapper Service, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
238) Security features bypass
EUVDB-ID: #VU52165
Risk: Low
CVSSv3.1: 3.7 [CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-28316
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to bypass authentication process.
The vulnerability exists due to security feature bypass issue in Windows WLAN AutoConfig Service. An attacker with physical access can gain access to sensitive information on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
239) Code Injection
EUVDB-ID: #VU52130
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-28315
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in the Windows Media Video Decoder. A remote attacker can trick a victim to open a specially crafted file and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
240) Information disclosure
EUVDB-ID: #VU52153
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-28309
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in the Windows Kernel. A local user can gain unauthorized access to sensitive information on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
241) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU52073
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-27096
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in NTFS, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
242) Code Injection
EUVDB-ID: #VU52129
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-27095
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in the Windows Media Video Decoder. A remote attacker can trick a victim to open a specially crafted file and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
243) Information disclosure
EUVDB-ID: #VU52154
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-27093
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in the Windows Kernel. A local user can gain unauthorized access to sensitive information on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
244) Code Injection
EUVDB-ID: #VU52156
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-27089
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in the Microsoft Internet Messaging API. A remote attacker can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
245) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU51303
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-26878
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in the Windows Print Spooler, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
246) Untrusted Pointer Dereference
EUVDB-ID: #VU51284
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-27077
CWE-ID:
CWE-822 - Untrusted Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to untrusted pointer dereference in multiple functions within win32kfull.sys driver. A local user can run a specially crafted program to trigger untrusted pointer dereference and execute arbitrary code with SYSTEM privileges.
Install update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
247) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU51321
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-26901
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Windows Event Tracing, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
248) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU51302
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-26899
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in the Windows UPnP Device Host, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
249) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU51320
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-26898
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Windows Event Tracing, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
250) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU51314
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-26887
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in the Microsoft Windows Folder Redirection, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
251) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU51308
Risk: Low
CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2021-26882
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in the Windows Remote Access API, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
252) Code Injection
EUVDB-ID: #VU51307
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-26881
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in the Microsoft Windows Media Foundation. A remote authenticated attacker can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
253) Input validation error
EUVDB-ID: #VU50460
Risk: Medium
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2021-24086
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in Windows TCP/IP. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
254) Input validation error
EUVDB-ID: #VU50482
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-24080
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in Windows Trust Verification API. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
255) Information disclosure
EUVDB-ID: #VU49434
Risk: Low
CVSSv3.1: 5 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2021-1656
CWE-ID:
CWE-200 - Information exposure
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in TPM Device Driver. A local user can gain unauthorized access to sensitive information on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
256) Input validation error
EUVDB-ID: #VU49450
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1666
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input in Remote Procedure Call Runtime. A remote authenticated attacker can pass specially crafted input to the application and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
257) Code Injection
EUVDB-ID: #VU54508
Risk: High
CVSSv3.1: 8.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2021-1675
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation within the Windows Print Spooler service. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, this is a description of the original vulnerability fixed by Microsoft on June 9, 2021. A different vulnerability than #VU53886 (CVE-2021-34527) for which an exploit was made publicly available.
Install update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
258) Security Features
EUVDB-ID: #VU49482
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1674
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to security feature bypass issue in Windows Remote Desktop Protocol Core. A remote authenticated attacker can gain unauthorized access to the application.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
259) Input validation error
EUVDB-ID: #VU49457
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1673
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input in Remote Procedure Call Runtime. A remote authenticated attacker can pass specially crafted input to the application and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
260) Input validation error
EUVDB-ID: #VU49456
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1671
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input in Remote Procedure Call Runtime. A remote authenticated attacker can pass specially crafted input to the application and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
261) Input validation error
EUVDB-ID: #VU49464
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1668
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input in Microsoft DTV-DVD Video Decoder. A remote attacker can pass specially crafted input to the application and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
262) Input validation error
EUVDB-ID: #VU49455
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1667
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input in Remote Procedure Call Runtime. A remote authenticated attacker can pass specially crafted input to the application and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
263) Input validation error
EUVDB-ID: #VU49463
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1665
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input in GDI+. A remote attacker can pass specially crafted input to the application and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
264) Information disclosure
EUVDB-ID: #VU49487
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1678
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application within the NTLM implementation in Microsoft Windows. A remote attacker can trick the victim to follow a specially crafted link and gain access to sensitive information.
Install update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
265) Input validation error
EUVDB-ID: #VU49454
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1664
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input in Remote Procedure Call Runtime. A remote authenticated attacker can pass specially crafted input to the application and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
266) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU49465
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1661
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Windows Installer, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
267) Input validation error
EUVDB-ID: #VU49452
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1660
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input in Remote Procedure Call Runtime. A remote authenticated attacker can pass specially crafted input to the application and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
268) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU49425
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1659
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Windows CSC Service, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
269) Input validation error
EUVDB-ID: #VU49451
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1658
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input in Remote Procedure Call Runtime. A remote authenticated attacker can pass specially crafted input to the application and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
270) Input validation error
EUVDB-ID: #VU49468
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1657
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input in Windows Fax Compose Form. A remote authenticated attacker can pass specially crafted input to the application and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
271) Information disclosure
EUVDB-ID: #VU49478
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1676
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in Windows NT Lan Manager Datagram Receiver Driver. A local user can gain unauthorized access to sensitive information on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
272) Input validation error
EUVDB-ID: #VU49445
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1679
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in Windows CryptoAPI. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
273) Input validation error
EUVDB-ID: #VU50479
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-24077
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input in Windows Fax Service. A remote attacker can pass specially crafted input to the application and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
274) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU49477
Risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1706
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Windows LUAFV, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
275) Input validation error
EUVDB-ID: #VU50459
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-24074
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input in Windows TCP/IP. A remote attacker can pass specially crafted input to the application and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
276) Information disclosure
EUVDB-ID: #VU50497
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1734
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in Windows Remote Procedure Call. A remote attacker can gain unauthorized access to sensitive information on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
277) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU50504
Risk: Low
CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2021-1727
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Windows Installer, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
278) Input validation error
EUVDB-ID: #VU50480
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1722
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input in Windows Fax Service. A remote attacker can pass specially crafted input to the application and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
279) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU49405
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1709
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
280) Information disclosure
EUVDB-ID: #VU49406
Risk: Medium
CVSSv3.1: 5 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1708
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A remote authenticated attacker can gain unauthorized access to sensitive information on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
281) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU49458
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1702
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Windows Remote Procedure Call Runtime, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
282) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU49420
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1688
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Windows CSC Service, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
283) Input validation error
EUVDB-ID: #VU49449
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1701
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input in Remote Procedure Call Runtime. A remote authenticated attacker can pass specially crafted input to the application and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
284) Input validation error
EUVDB-ID: #VU49447
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1700
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input in Remote Procedure Call Runtime. A remote authenticated attacker can pass specially crafted input to the application and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
285) Information disclosure
EUVDB-ID: #VU49480
Risk: Low
CVSSv3.1: 5 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2021-1699
CWE-ID:
CWE-200 - Information exposure
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in Windows (modem.sys). A local user can gain unauthorized access to sensitive information on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
286) Information disclosure
EUVDB-ID: #VU49408
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1696
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in Windows Graphics Component. A local attacker can gain unauthorized access to sensitive information on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
287) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU49438
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1695
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Windows Print Spooler, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
288) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU49437
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1694
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker on the local network to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Windows Update Stack, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
289) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU49421
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1693
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Windows CSC Service, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsSolutions Enabler Virtual Appliance: before 9.2.2.0
Solutions Enabler: before 9.2.2.0
Unisphere for PowerMax Virtual Appliance: before 9.2.2.2
Unisphere for PowerMax: before 9.2.2.2
External linkshttp://www.dell.com/support/kbdoc/en-us/000191079/draft
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
