VYPR

UnityVSA

by Dell

CVEs (21)

  • CVE-2018-1251HigSep 28, 2018
    risk 0.54cvss 8.3epss 0.02

    Dell EMC Unity and UnityVSA versions prior to 4.3.1.1525703027 contains a URL Redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect Unity users to arbitrary web URLs by tricking the victim user to click on a…

  • CVE-2022-29084HigJun 2, 2022
    risk 0.53cvss 8.1epss 0.02

    Dell Unity, Dell UnityVSA, and Dell Unity XT versions before 5.2.0.0.5.173 do not restrict excessive authentication attempts in Unisphere GUI. A remote unauthenticated attacker may potentially exploit this vulnerability to brute-force passwords and gain access to the system as…

  • CVE-2025-24386HigMar 28, 2025
    risk 0.51cvss 7.8epss 0.01

    Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution…

  • CVE-2019-3741HigJul 18, 2019
    risk 0.51cvss 7.8epss 0.00

    Dell EMC Unity and UnityVSA versions prior to 5.0.0.0.5.116 contain a plain-text password storage vulnerability. A Unisphere user’s (including the admin privilege user) password is stored in a plain text in Unity Data Collection bundle (logs files for troubleshooting). A local…

  • CVE-2018-11064HigOct 5, 2018
    risk 0.51cvss 7.8epss 0.00

    Dell EMC Unity OE versions 4.3.0.x and 4.3.1.x and UnityVSA OE versions 4.3.0.x and 4.3.1.x contains an Incorrect File Permissions vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability to alter multiple library files in service tools…

  • CVE-2020-29490HigJan 5, 2021
    risk 0.49cvss 7.5epss 0.01

    Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contain a Denial of Service vulnerability on NAS Servers with NFS exports. A remote authenticated attacker could potentially exploit this vulnerability and cause Denial of Service (Storage Processor Panic) by…

  • CVE-2020-5319HigFeb 6, 2020
    risk 0.49cvss 7.5epss 0.01

    Dell EMC Unity, Dell EMC Unity XT, and Dell EMC UnityVSA versions prior to 5.0.2.0.5.009 contain a Denial of Service vulnerability on NAS Server SSH implementation that is used to provide SFTP service on a NAS server. A remote unauthenticated attacker may potentially exploit…

  • CVE-2022-29085MedJun 2, 2022
    risk 0.42cvss 6.4epss 0.00

    Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0.5.173 contain a plain-text password storage vulnerability when certain off-array tools are run on the system. The credentials of a user with high privileges are stored in plain text. A local malicious user…

  • CVE-2021-21591MedJul 12, 2021
    risk 0.42cvss 6.4epss 0.00

    Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 contain a plain-text password storage vulnerability. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user.

  • CVE-2021-21590MedJul 12, 2021
    risk 0.42cvss 6.4epss 0.00

    Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 contain a plain-text password storage vulnerability. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user.

  • CVE-2021-21547MedApr 30, 2021
    risk 0.42cvss 6.4epss 0.00

    Dell EMC Unity, UnityVSA, and Unity XT versions prior to 5.0.7.0.5.008 contain a plain-text password storage vulnerability when the Dell Upgrade Readiness Utility is run on the system. The credentials of the Unisphere Administrator are stored in plain text. A local malicious…

  • CVE-2020-29489MedJan 5, 2021
    risk 0.42cvss 6.4epss 0.00

    Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contains a plain-text password storage vulnerability. A user credentials (including the Unisphere admin privilege user) password is stored in a plain text in a system file. A local authenticated attacker with…

  • CVE-2020-26199MedJan 5, 2021
    risk 0.42cvss 6.4epss 0.00

    Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contain a plain-text password storage vulnerability. A user credentials (including the Unisphere admin privilege user) password is stored in a plain text in multiple log files. A local authenticated attacker…

  • CVE-2018-1250MedSep 28, 2018
    risk 0.42cvss 6.5epss 0.02

    Dell EMC Unity and UnityVSA versions prior to 4.3.1.1525703027 contains an Authorization Bypass vulnerability. A remote authenticated user could potentially exploit this vulnerability to read files in NAS server by directly interacting with certain APIs of Unity OE, bypassing…

  • CVE-2021-43589MedJan 24, 2022
    risk 0.39cvss 6.0epss 0.00

    Dell EMC Unity, Dell EMC UnityVSA and Dell EMC Unity XT versions prior to 5.1.2.0.5.007 contain an operating system (OS) command injection Vulnerability. A locally authenticated user with high privileges may potentially exploit this vulnerability, leading to the execution of…

  • CVE-2021-21589MedJul 12, 2021
    risk 0.37cvss 5.7epss 0.00

    Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 do not exit on failed Initialization. A local authenticated Service user could potentially exploit this vulnerability to escalate privileges.

  • CVE-2022-29091MedMay 26, 2022
    risk 0.35cvss 5.3epss 0.01

    Dell Unity, Dell UnityVSA, and Dell UnityXT versions prior to 5.2.0.0.5.173 contain a Reflected Cross-Site Scripting Vulnerability in Unisphere GUI. An Unauthenticated Remote Attacker could potentially exploit this vulnerability, leading to the execution of malicious HTML or…

  • CVE-2019-3734MedJul 18, 2019
    risk 0.35cvss 5.4epss 0.01

    Dell EMC Unity and UnityVSA versions prior to 5.0.0.0.5.116 contain an improper authorization vulnerability in NAS Server quotas configuration. A remote authenticated Unisphere Operator could potentially exploit this vulnerability to edit quota configuration of other users.

  • CVE-2019-3754MedSep 3, 2019
    risk 0.31cvss 4.7epss 0.01

    Dell EMC Unity Operating Environment versions prior to 5.0.0.0.5.116, Dell EMC UnityVSA versions prior to 5.0.0.0.5.116 and Dell EMC VNXe3200 versions prior to 3.1.10.9946299 contain a reflected cross-site scripting vulnerability on the cas/logout page. A remote unauthenticated…

  • CVE-2018-1246MedSep 28, 2018
    risk 0.31cvss 4.7epss 0.01

    Dell EMC Unity and UnityVSA contains reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or Java Script code to Unisphere, which is then…

Page 1 of 2