Unisphere for PowerMax versions prior to 9.2.2.2 contains a privilege escalation vulnerability. An adjacent malicious user could potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to. CVE-2022-31233 addresses the partial fix in CVE-2021-36338.
The product relies on the existence or values of cookies when performing security-critical operations, but it does not properly ensure that the setting is valid for the associated user.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Solutions_enabler | Dell | * | 9.1.0.18 (excluding) |
| Solutions_enabler | Dell | 9.2.0.0 (including) | 9.2.3.0 (excluding) |
| Solutions_enabler_virtual_appliance | Dell | * | 9.1.0.18 (excluding) |
| Solutions_enabler_virtual_appliance | Dell | 9.2.0.0 (including) | 9.2.3.0 (excluding) |
| Unisphere_360 | Dell | * | 9.1.0.29 (excluding) |
| Unisphere_360 | Dell | 9.2.0.0 (including) | 9.2.3.3 (excluding) |
| Unisphere_for_powermax | Dell | * | 9.1.0.31 (excluding) |
| Unisphere_for_powermax | Dell | 9.2.0.0 (including) | 9.2.3.4 (excluding) |
| Unisphere_for_powermax_virtual_appliance | Dell | * | 9.1.0.31 (excluding) |
| Unisphere_for_powermax_virtual_appliance | Dell | 9.2.0.0 (including) | 9.2.3.4 (excluding) |
| Vasa | Dell | * | 9.1.0.723 (excluding) |
| Vasa | Dell | 9.2.0.0 (including) | 9.2.3.0 (excluding) |
| Powermax_os | Dell | 5978 (including) | 5978 (including) |