Filtered by vendor Dell
Subscribe
Search
Total
231 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-11048 | 1 Dell | 2 Emc Data Protection Advisor, Emc Integrated Data Protection Appliance | 2020-12-08 | 5.5 MEDIUM | 8.1 HIGH |
| Dell EMC Data Protection Advisor, versions 6.2, 6,3, 6.4, 6.5 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 contain a XML External Entity (XXE) Injection vulnerability in the REST API. An authenticated remote malicious user could potentially exploit this vulnerability to read certain system files in the server or cause denial of service by supplying specially crafted Document Type Definitions (DTDs) in an XML request. | |||||
| CVE-2016-0911 | 1 Dell | 1 Emc Data Domain Os | 2020-12-07 | 7.2 HIGH | 8.2 HIGH |
| EMC Data Domain OS 5.4 through 5.7 before 5.7.2.0 has a default no_root_squash option for NFS exports, which makes it easier for remote attackers to obtain filesystem access by leveraging client root privileges. | |||||
| CVE-2019-3767 | 1 Dell | 1 Imageassist | 2020-10-16 | 1.9 LOW | 8.2 HIGH |
| Dell ImageAssist versions prior to 8.7.15 contain an information disclosure vulnerability. Dell ImageAssist stores some sensitive encrypted information in the images it creates. A privileged user of a system running an operating system that was deployed with Dell ImageAssist could potentially retrieve this sensitive information to then compromise the system and related systems. | |||||
| CVE-2019-3763 | 1 Dell | 2 Rsa Identity Governance And Lifecycle, Rsa Via Lifecycle And Governance | 2020-10-16 | 2.1 LOW | 7.8 HIGH |
| The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain an information exposure vulnerability. The Office 365 user password may get logged in a plain text format in the Office 365 connector debug log file. An authenticated malicious local user with access to the debug logs may obtain the exposed password to use in further attacks. | |||||
| CVE-2019-18575 | 1 Dell | 1 Command\|configure | 2020-10-16 | 6.6 MEDIUM | 7.1 HIGH |
| Dell Command Configure versions prior to 4.2.1 contain an uncontrolled search path vulnerability. A locally authenticated malicious user could exploit this vulnerability by creating a symlink to a target file, allowing the attacker to overwrite or corrupt a specified file on the system. | |||||
| CVE-2020-5386 | 1 Dell | 1 Emc Elastic Cloud Storage | 2020-09-11 | 5.0 MEDIUM | 7.5 HIGH |
| Dell EMC ECS, versions prior to 3.5, contains an Exposure of Resource vulnerability. A remote unauthenticated attacker can access the list of DT (Directory Table) objects of all internally running services and gain knowledge of sensitive data of the system. | |||||
| CVE-2020-5369 | 1 Dell | 2 Emc Isilon Onefs, Emc Powerscale Onefs | 2020-09-11 | 6.5 MEDIUM | 8.8 HIGH |
| Dell EMC Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale OneFS version 9.0.0 contain a privilege escalation vulnerability. An authenticated malicious user may exploit this vulnerability by using SyncIQ to gain unauthorized access to system management files. | |||||
| CVE-2019-3759 | 1 Dell | 2 Rsa Identity Governance And Lifecycle, Rsa Via Lifecycle And Governance | 2020-08-31 | 5.5 MEDIUM | 8.1 HIGH |
| The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain a code injection vulnerability. A remote authenticated malicious user could potentially exploit this vulnerability to run custom Groovy scripts to gain limited access to view or modify information on the Workflow system. | |||||
| CVE-2019-18573 | 1 Dell | 1 Rsa Identity Governance And Lifecycle | 2020-08-31 | 6.8 MEDIUM | 8.8 HIGH |
| The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.1 P03 contain a Session Fixation vulnerability. An authenticated malicious local user could potentially exploit this vulnerability as the session token is exposed as part of the URL. A remote attacker can gain access to victim’s session and perform arbitrary actions with privileges of the user within the compromised session. | |||||
| CVE-2019-3760 | 1 Dell | 2 Rsa Identity Governance And Lifecycle, Rsa Via Lifecycle And Governance | 2020-08-31 | 6.5 MEDIUM | 8.8 HIGH |
| The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain a SQL Injection vulnerability in Workflow Architect. A remote authenticated malicious user could potentially exploit this vulnerability to execute SQL commands on the back-end database to gain unauthorized access to the data by supplying specially crafted input data to the affected application. | |||||
| CVE-2020-5385 | 1 Dell | 2 Encryption, Endpoint Security Suite Enterprise | 2020-08-26 | 7.2 HIGH | 7.8 HIGH |
| Dell Encryption versions prior to 10.8 and Dell Endpoint Security Suite versions prior to 2.8 contain a privilege escalation vulnerability because of an incomplete fix for CVE-2020-5358. A local malicious user with low privileges could potentially exploit this vulnerability to gain elevated privilege on the affected system with the help of a symbolic link. | |||||
| CVE-2018-15766 | 1 Dell | 2 Encryption, Endpoint Security Suite Enterprise | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| On install, Dell Encryption versions prior 10.0.1 and Dell Endpoint Security Suite Enterprise versions prior 2.0.1 will overwrite and manually set the "Minimum Password Length" group policy object to a value of 1 on that device. This allows for users to bypass any existing policy for password length and potentially create insecure password on their device. This value is defined during the installation of the "Encryption Management Agent" or "EMAgent" application. There are no other known values modified. | |||||
| CVE-2019-3735 | 1 Dell | 2 Supportassist For Business Pcs, Supportassist For Home Pcs | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| Dell SupportAssist for Business PCs version 2.0 and Dell SupportAssist for Home PCs version 2.2, 2.2.1, 2.2.2, 2.2.3, 3.0, 3.0.1, 3.0.2, 3.1, 3.2, and 3.2.1 contain an Improper Privilege Management Vulnerability. A malicious local user can exploit this vulnerability by inheriting a system thread using a leaked thread handle to gain system privileges on the affected machine. | |||||
| CVE-2019-3742 | 1 Dell | 1 Digital Delivery | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| Dell/Alienware Digital Delivery versions prior to 3.5.2013 contain a privilege escalation vulnerability. A local non-privileged malicious user could exploit a named pipe that performs binary deserialization via a process hollowing technique to inject malicous code to run an executable with elevated privileges. | |||||
| CVE-2019-3744 | 1 Dell | 1 Digital Delivery | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| Dell/Alienware Digital Delivery versions prior to 4.0.41 contain a privilege escalation vulnerability. A local non-privileged malicious user could exploit a Universal Windows Platform application by manipulating the install software package feature with a race condition and a path traversal exploit in order to run a malicious executable with elevated privileges. | |||||
| CVE-2019-3721 | 1 Dell | 1 Emc Openmanage Server Administrator | 2020-08-24 | 7.8 HIGH | 7.5 HIGH |
| Dell EMC Open Manage System Administrator (OMSA) versions prior to 9.3.0 contain an Improper Range Header Processing Vulnerability. A remote unauthenticated attacker may send crafted requests with overlapping ranges to cause the application to compress each of the requested bytes, resulting in a crash due to excessive memory consumption and preventing users from accessing the system. | |||||
| CVE-2018-11072 | 1 Dell | 1 Digital Delivery | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| Dell Digital Delivery versions prior to 3.5.1 contain a DLL Injection Vulnerability. A local authenticated malicious user with advance knowledge of the application workflow could potentially load and execute a malicious DLL with administrator privileges. | |||||
| CVE-2018-1238 | 1 Dell | 1 Emc Scaleio | 2020-08-24 | 8.5 HIGH | 7.5 HIGH |
| Dell EMC ScaleIO versions prior to 2.5, contain a command injection vulnerability in the Light Installation Agent (LIA). This component is used for central management of ScaleIO deployment and uses shell commands for certain actions. A remote malicious user, with network access to LIA and knowledge of the LIA administrative password, could potentially exploit this vulnerability to run arbitrary commands as root on the systems where LIAs are installed. | |||||
| CVE-2020-5374 | 1 Dell | 2 Emc Omimssc For Sccm, Emc Omimssc For Scvmm | 2020-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) for SCCM and SCVMM versions prior to 7.2.1 contain a hard-coded cryptographic key vulnerability. A remote unauthenticated attacker may exploit this vulnerability to gain access to the appliance data for remotely managed devices. | |||||
| CVE-2020-5373 | 1 Dell | 2 Emc Omimssc For Sccm, Emc Omimssc For Scvmm | 2020-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) for SCCM and SCVMM versions prior to 7.2.1 contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to retrieve the system inventory data of the managed device. | |||||
| CVE-2020-5371 | 1 Dell | 2 Emc Isilon Onefs, Emc Powerscale Onefs | 2020-07-14 | 6.5 MEDIUM | 8.8 HIGH |
| Dell EMC Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale version 9.0.0 contain a file permissions vulnerability. An attacker, with network or local file access, could take advantage of insufficiently applied file permissions or gain unauthorized access to files. | |||||
| CVE-2020-5368 | 1 Dell | 4 Vxrail D560, Vxrail D560 Firmware, Vxrail D560f and 1 more | 2020-07-13 | 5.0 MEDIUM | 7.5 HIGH |
| Dell EMC VxRail versions 4.7.410 and 4.7.411 contain an improper authentication vulnerability. A remote unauthenticated attacker may exploit this vulnerability to obtain sensitive information in an encrypted form. | |||||
| CVE-2020-5372 | 1 Dell | 10 Emc Powerstore 1000, Emc Powerstore 1000 Firmware, Emc Powerstore 3000 and 7 more | 2020-07-13 | 5.0 MEDIUM | 7.5 HIGH |
| Dell EMC PowerStore versions prior to 1.0.1.0.5.002 contain a vulnerability that exposes test interface ports to external network. A remote unauthenticated attacker could potentially cause Denial of Service via test interface ports which are not used during run time environment. | |||||
| CVE-2020-5352 | 1 Dell | 1 Emc Data Protection Advisor | 2020-07-13 | 9.0 HIGH | 8.8 HIGH |
| Dell EMC Data Protection Advisor 6.4, 6.5 and 18.1 contain an OS command injection vulnerability. A remote authenticated malicious user may exploit this vulnerability to execute arbitrary commands on the affected system. | |||||
| CVE-2020-5367 | 1 Dell | 3 Emc Unisphere For Powermax, Emc Unisphere For Powermax Virtual Appliance, Powermax Os | 2020-07-02 | 6.8 MEDIUM | 8.1 HIGH |
| Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17, Dell EMC Unisphere for PowerMax Virtual Appliance versions prior to 9.1.0.17, and PowerMax OS Release 5978 contain an improper certificate validation vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to carry out a man-in-the-middle attack by supplying a crafted certificate and intercepting the victim's traffic to view or modify a victim’s data in transit. | |||||
| CVE-2020-5358 | 1 Dell | 2 Encryption, Endpoint Security Suite Enterprise | 2020-06-22 | 7.2 HIGH | 7.8 HIGH |
| Dell Encryption versions prior to 10.7 and Dell Endpoint Security Suite versions prior to 2.7 contain a privilege escalation vulnerability due to incorrect permissions. A local malicious user with low privileges could potentially exploit this vulnerability to gain elevated privilege on the affected system with the help of a symbolic link. | |||||
| CVE-2020-5365 | 1 Dell | 1 Emc Isilon Onefs | 2020-05-21 | 5.0 MEDIUM | 7.5 HIGH |
| Dell EMC Isilon versions 8.2.2 and earlier contain a remotesupport vulnerability. The pre-configured support account, remotesupport, is bundled in the Dell EMC Isilon OneFS installation. This account is used for diagnostics and other support functions. Although the default password is different for every cluster, it is predictable. | |||||
| CVE-2020-5364 | 1 Dell | 1 Emc Isilon Onefs | 2020-05-21 | 5.0 MEDIUM | 7.5 HIGH |
| Dell EMC Isilon OneFS versions 8.2.2 and earlier contain an SNMPv2 vulnerability. The SNMPv2 services is enabled, by default, with a pre-configured community string. This community string allows read-only access to many aspects of the Isilon cluster, some of which are considered sensitive and can foster additional access. | |||||
| CVE-2020-5343 | 1 Dell | 1 Os Recovery Image For Microsoft Windows 10 | 2020-05-08 | 7.2 HIGH | 7.8 HIGH |
| Dell Client platforms restored using a Dell OS recovery image downloaded before December 20, 2019, may contain an insecure inherited permissions vulnerability. A local authenticated malicious user with low privileges could exploit this vulnerability to gain unauthorized access on the root folder. | |||||
| CVE-2020-5350 | 1 Dell | 1 Emc Integrated Data Protection Appliance | 2020-04-23 | 9.0 HIGH | 7.2 HIGH |
| Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 contain a command injection vulnerability in the ACM component. A remote authenticated malicious user with root privileges could inject parameters in the ACM component APIs that could lead to manipulation of passwords and execution of malicious commands on ACM component. | |||||
| CVE-2020-5330 | 1 Dell | 10 Pc5500, Pc5500 Firmware, R1-2210 and 7 more | 2020-04-13 | 5.0 MEDIUM | 7.5 HIGH |
| Dell EMC Networking X-Series firmware versions 3.0.1.2 and older, Dell EMC Networking PC5500 firmware versions 4.1.0.22 and older and Dell EMC PowerEdge VRTX Switch Modules firmware versions 2.0.0.77 and older contain an information disclosure vulnerability. A remote unauthenticated attacker could exploit this vulnerability to retrieve sensitive data by sending a specially crafted request to the affected endpoints. | |||||
| CVE-2020-5348 | 1 Dell | 2 Latitude 7202, Latitude 7202 Firmware | 2020-04-06 | 7.2 HIGH | 7.8 HIGH |
| Dell Latitude 7202 Rugged Tablet BIOS versions prior to A28 contain a UAF vulnerability in EFI_BOOT_SERVICES in system management mode. A local unauthenticated attacker may exploit this vulnerability by overwriting the EFI_BOOT_SERVICES structure to execute arbitrary code in system management mode. | |||||
| CVE-2020-5347 | 1 Dell | 1 Emc Isilon Onefs | 2020-04-06 | 5.0 MEDIUM | 7.5 HIGH |
| Dell EMC Isilon OneFS versions 8.2.2 and earlier contain a denial of service vulnerability. SmartConnect had an error condition that may be triggered to loop, using CPU and potentially preventing other SmartConnect DNS responses. | |||||
| CVE-2019-3762 | 1 Dell | 2 Emc Data Protection Central, Emc Integrated Data Protection Appliance | 2020-03-27 | 5.0 MEDIUM | 7.5 HIGH |
| Data Protection Central versions 1.0, 1.0.1, 18.1, 18.2, and 19.1 contains an Improper Certificate Chain of Trust Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by obtaining a CA signed certificate from Data Protection Central to impersonate a valid system to compromise the integrity of data. | |||||
| CVE-2019-18581 | 1 Dell | 6 Emc Data Protection Advisor, Emc Idpa Dp4400, Emc Idpa Dp5800 and 3 more | 2020-03-24 | 9.0 HIGH | 7.2 HIGH |
| Dell EMC Data Protection Advisor versions 6.3, 6.4, 6.5, 18.2 versions prior to patch 83, and 19.1 versions prior to patch 71 contain a server missing authorization vulnerability in the REST API. A remote authenticated malicious user with administrative privileges may potentially exploit this vulnerability to alter the application’s allowable list of OS commands. This may lead to arbitrary OS command execution as the regular user runs the DPA service on the affected system. | |||||
| CVE-2019-18582 | 1 Dell | 6 Emc Data Protection Advisor, Emc Idpa Dp4400, Emc Idpa Dp5800 and 3 more | 2020-03-24 | 9.0 HIGH | 7.2 HIGH |
| Dell EMC Data Protection Advisor versions 6.3, 6.4, 6.5, 18.2 versions prior to patch 83, and 19.1 versions prior to patch 71 contain a server-side template injection vulnerability in the REST API. A remote authenticated malicious user with administrative privileges may potentially exploit this vulnerability to inject malicious report generation scripts in the server. This may lead to OS command execution as the regular user runs the DPA service on the affected system. | |||||
| CVE-2020-5342 | 1 Dell | 1 Digital Delivery | 2020-03-10 | 7.2 HIGH | 7.8 HIGH |
| Dell Digital Delivery versions prior to 3.5.2015 contain an incorrect default permissions vulnerability. A locally authenticated low-privileged malicious user could exploit this vulnerability to run an arbitrary executable with administrative privileges on the affected system. | |||||
| CVE-2020-5319 | 1 Dell | 3 Emc Unity Operating Environment, Emc Unity Xt Operating Environment, Emc Unityvsa Operating Environment | 2020-02-12 | 7.8 HIGH | 7.5 HIGH |
| Dell EMC Unity, Dell EMC Unity XT, and Dell EMC UnityVSA versions prior to 5.0.2.0.5.009 contain a Denial of Service vulnerability on NAS Server SSH implementation that is used to provide SFTP service on a NAS server. A remote unauthenticated attacker may potentially exploit this vulnerability and cause a Denial of Service (Storage Processor Panic) by sending an out of order SSH protocol sequence. | |||||
| CVE-2020-5318 | 1 Dell | 1 Emc Isilon Onefs | 2020-02-11 | 5.0 MEDIUM | 7.5 HIGH |
| Dell EMC Isilon OneFS versions 8.1.2, 8.1.0.4, 8.1.0.3, and 8.0.0.7 contain a vulnerability in some configurations. An attacker may exploit this vulnerability to gain access to restricted files. The non-RAN HTTP and WebDAV file-serving components have a vulnerability wherein when either are enabled, and Basic Authentication is enabled for either or both components, files are accessible without authentication. | |||||
| CVE-2019-3751 | 1 Dell | 1 Emc Enterprise Copy Data Management | 2020-02-10 | 5.8 MEDIUM | 7.4 HIGH |
| Dell EMC Enterprise Copy Data Management (eCDM) versions 1.0, 1.1, 2.0, 2.1, and 3.0 contain a certificate validation vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to carry out a man-in-the-middle attack by supplying a crafted certificate and intercepting the victim's traffic to view or modify a victim’s data in transit. | |||||
| CVE-2019-3741 | 1 Dell | 2 Emc Unity Operating Environment, Emc Unityvsa Operating Environment | 2020-02-10 | 2.1 LOW | 7.8 HIGH |
| Dell EMC Unity and UnityVSA versions prior to 5.0.0.0.5.116 contain a plain-text password storage vulnerability. A Unisphere user’s (including the admin privilege user) password is stored in a plain text in Unity Data Collection bundle (logs files for troubleshooting). A local authenticated attacker with access to the Data Collection bundle may use the exposed password to gain access with the privileges of the compromised user. | |||||
| CVE-2015-0949 | 2 Dell, Hp | 4 Latitude E6430, Latitude E6430 Firmware, Elitebook 850 G1 and 1 more | 2020-02-06 | 4.6 MEDIUM | 7.8 HIGH |
| The System Management Mode (SMM) implementation in Dell Latitude E6430 BIOS Revision A09, HP EliteBook 850 G1 BIOS revision L71 Ver. 01.09, and possibly other BIOS implementations does not ensure that function calls operate on SMRAM memory locations, which allows local users to bypass the Secure Boot protection mechanism and gain privileges by leveraging write access to physical memory. | |||||
| CVE-2016-8211 | 1 Dell | 1 Emc Data Protection Advisor | 2020-01-23 | 5.0 MEDIUM | 7.5 HIGH |
| EMC Data Protection Advisor 6.1.x, EMC Data Protection Advisor 6.2, EMC Data Protection Advisor 6.2.1, EMC Data Protection Advisor 6.2.2, EMC Data Protection Advisor 6.2.3 prior to patch 446 has a path traversal vulnerability that may potentially be exploited by malicious users to compromise the affected system. | |||||
| CVE-2017-8001 | 2 Dell, Linux | 2 Emc Scaleio, Linux Kernel | 2019-11-14 | 2.1 LOW | 8.4 HIGH |
| An issue was discovered in EMC ScaleIO 2.0.1.x. In a Linux environment, one of the support scripts saves the credentials of the ScaleIO MDM user who executed the script in clear text in temporary log files. The temporary files may potentially be read by an unprivileged user with access to the server where the script was executed to recover exposed credentials. | |||||
| CVE-2019-3765 | 1 Dell | 2 Emc Avamar Server, Emc Integrated Data Protection Appliance | 2019-10-17 | 5.5 MEDIUM | 8.1 HIGH |
| Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4 contain an Incorrect Permission Assignment for Critical Resource vulnerability. A remote authenticated malicious user potentially could exploit this vulnerability to view or modify sensitive backup data. This could be used to make backups corrupt or potentially to trick a user into restoring a backup with malicious files in place. | |||||
| CVE-2019-3745 | 1 Dell | 2 Encryption, Endpoint Security Suite Enterprise | 2019-10-11 | 6.9 MEDIUM | 7.3 HIGH |
| The vulnerability is limited to the installers of Dell Encryption Enterprise versions prior to 10.4.0 and Dell Endpoint Security Suite Enterprise versions prior to 2.4.0. This issue is exploitable only during the installation of the product by an administrator. A local authenticated low privileged user potentially could exploit this vulnerability by staging a malicious DLL in the search path of the installer prior to its execution by a local administrator. This would cause loading of the malicious DLL, which would allow the attacker to execute arbitrary code in the context of an administrator. | |||||
| CVE-2019-3718 | 1 Dell | 1 Supportassist | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| Dell SupportAssist Client versions prior to 3.2.0.90 contain an improper origin validation vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to attempt CSRF attacks on users of the impacted systems. | |||||
| CVE-2019-3722 | 1 Dell | 1 Emc Openmanage Server Administrator | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4 contain an XML external entity (XXE) injection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to read arbitrary server system files by supplying specially crafted document type definitions (DTDs) in an XML request. | |||||
| CVE-2019-3712 | 1 Dell | 2 Windows Embedded Standard Wyse Device Agent, Wyse Thinlinux Hagent | 2019-10-09 | 8.3 HIGH | 8.8 HIGH |
| Dell WES Wyse Device Agent versions prior to 14.1.2.9 and Dell Wyse ThinLinux HAgent versions prior to 5.4.55 00.10 contain a buffer overflow vulnerability. An unauthenticated attacker may potentially exploit this vulnerability to execute arbitrary code on the system with privileges of the FTP client by sending specially crafted input data to the affected system. The FTP code that contained the vulnerability has been removed. | |||||
| CVE-2019-3746 | 1 Dell | 5 Emc Idpa Dp4400, Emc Idpa Dp5800, Emc Idpa Dp8300 and 2 more | 2019-10-09 | 6.5 MEDIUM | 8.8 HIGH |
| Dell EMC Integrated Data Protection Appliance versions prior to 2.3 do not limit the number of authentication attempts to the ACM API. An authenticated remote user may exploit this vulnerability to launch a brute-force authentication attack in order to gain access to the system. | |||||