VYPR

XtremIO X2 XMS

by Dell

CVEs (4)

  • CVE-2019-18578CriMar 13, 2020
    risk 0.59cvss 9.0epss 0.01

    Dell EMC XtremIO XMS versions prior to 6.3.0 contain a stored cross-site scripting vulnerability. A low-privileged malicious remote user of XtremIO may exploit this vulnerability to store malicious HTML or JavaScript code in application fields. When victim users access the…

  • CVE-2022-34453HigAug 3, 2023
    risk 0.49cvss 7.6epss 0.00

    Dell XtremIO X2 XMS versions prior to 6-4-1.11 contain an improper access control vulnerability. A remote read only user could potentially exploit this vulnerability to perform add/delete QoS policies which are disabled by default.

  • CVE-2019-18577MedMar 13, 2020
    risk 0.44cvss 6.7epss 0.00

    Dell EMC XtremIO XMS versions prior to 6.3.0 contain an incorrect permission assignment vulnerability. A malicious local user with XtremIO xinstall privileges may exploit this vulnerability to gain root access.

  • CVE-2019-18576MedMar 13, 2020
    risk 0.44cvss 6.7epss 0.00

    Dell EMC XtremIO XMS versions prior to 6.3.0 contain an information disclosure vulnerability where OS users’ passwords are logged in local files. Malicious local users with access to the log files may use the exposed passwords to gain access to XtremIO with the privileges of…