VYPR

Storage Manager

by Dell

CVEs (12)

  • CVE-2017-14374CriDec 6, 2017
    risk 0.64cvss 9.8epss 0.01

    The SMI-S service in Dell Storage Manager versions earlier than 16.3.20 (aka 2016 R3.20) is protected using a hard-coded password. A remote user with the knowledge of the password might potentially disable the SMI-S service via HTTP requests, affecting storage management and…

  • CVE-2017-10949HigAug 4, 2017
    risk 0.49cvss 7.5epss 0.05

    Directory Traversal in Dell Storage Manager 2016 R2.1 causes Information Disclosure when the doGet method of the EmWebsiteServlet class doesn't properly validate user provided path before using it in file operations. Was ZDI-CAN-4459.

  • CVE-2017-14384MedMar 16, 2018
    risk 0.42cvss 6.5epss 0.02

    In Dell Storage Manager versions earlier than 16.3.20, the EMConfigMigration service is affected by a directory traversal vulnerability. A remote malicious user could potentially exploit this vulnerability to read unauthorized files by supplying specially crafted strings in…

  • CVE-2025-43994Oct 24, 2025
    risk 0.00cvss epss 0.01

    Dell Storage Center - Dell Storage Manager, version(s) DSM 20.1.21, contain(s) a Missing Authentication for Critical Function vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.

  • CVE-2025-43995Oct 24, 2025
    risk 0.00cvss epss 0.01

    Dell Storage Center - Dell Storage Manager, version(s) 20.1.21, contain(s) an Improper Authentication vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass. Authentication Bypass in DSM…

  • CVE-2025-46425Oct 24, 2025
    risk 0.00cvss epss 0.00

    Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.

  • CVE-2025-22476May 6, 2025
    risk 0.00cvss epss 0.01

    Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability,…

  • CVE-2025-22477May 6, 2025
    risk 0.00cvss epss 0.00

    Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Authentication vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Elevation of privileges.

  • CVE-2025-22478May 6, 2025
    risk 0.00cvss epss 0.00

    Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Restriction of XML External Entity Reference vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information…

  • CVE-2025-22479May 6, 2025
    risk 0.00cvss epss 0.00

    Dell Storage Center - Dell Storage Manager, version(s) 20.0.21, contain(s) an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability,…

  • CVE-2025-23379May 6, 2025
    risk 0.00cvss epss 0.00

    Dell Storage Center - Dell Storage Manager, version(s) 21.0.20, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this…

  • CVE-2019-0121Mar 14, 2019
    risk 0.00cvss epss 0.00

    Improper permissions in Intel(R) Matrix Storage Manager 8.9.0.1023 and before may allow an authenticated user to potentially enable escalation of privilege via local access.