XtremIO
by Dell
CVEs (8)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-18578 | Cri | 0.59 | 9.0 | 0.01 | Mar 13, 2020 | Dell EMC XtremIO XMS versions prior to 6.3.0 contain a stored cross-site scripting vulnerability. A low-privileged malicious remote user of XtremIO may exploit this vulnerability to store malicious HTML or JavaScript code in application fields. When victim users access the… | ||
| CVE-2025-30105 | Hig | 0.57 | 8.8 | 0.00 | Jul 30, 2025 | Dell XtremIO, version(s) 6.4.0-22, contain(s) an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure. The attacker may be able to use the exposed… | ||
| CVE-2025-26332 | Hig | 0.57 | 8.8 | 0.00 | Jul 30, 2025 | TechAdvisor versions 2.6 through 3.37-30 for Dell XtremIO X2, contain(s) an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure. The attacker may… | ||
| CVE-2021-21549 | Hig | 0.57 | 8.8 | 0.00 | May 21, 2021 | Dell EMC XtremIO Versions prior to 6.3.3-8, contain a Cross-Site Request Forgery Vulnerability in XMS. A non-privileged attacker could potentially exploit this vulnerability, leading to a privileged victim application user being tricked into sending state-changing requests to… | ||
| CVE-2022-31228 | Hig | 0.53 | 8.1 | 0.01 | Oct 12, 2022 | Dell EMC XtremIO versions prior to X2 6.4.0-22 contain a bruteforce vulnerability. A remote unauthenticated attacker can potentially exploit this vulnerability and gain access to an admin account. | ||
| CVE-2022-34453 | Hig | 0.49 | 7.6 | 0.00 | Aug 3, 2023 | Dell XtremIO X2 XMS versions prior to 6-4-1.11 contain an improper access control vulnerability. A remote read only user could potentially exploit this vulnerability to perform add/delete QoS policies which are disabled by default. | ||
| CVE-2019-18577 | Med | 0.44 | 6.7 | 0.00 | Mar 13, 2020 | Dell EMC XtremIO XMS versions prior to 6.3.0 contain an incorrect permission assignment vulnerability. A malicious local user with XtremIO xinstall privileges may exploit this vulnerability to gain root access. | ||
| CVE-2019-18576 | Med | 0.44 | 6.7 | 0.00 | Mar 13, 2020 | Dell EMC XtremIO XMS versions prior to 6.3.0 contain an information disclosure vulnerability where OS users’ passwords are logged in local files. Malicious local users with access to the log files may use the exposed passwords to gain access to XtremIO with the privileges of… |
- risk 0.59cvss 9.0epss 0.01
Dell EMC XtremIO XMS versions prior to 6.3.0 contain a stored cross-site scripting vulnerability. A low-privileged malicious remote user of XtremIO may exploit this vulnerability to store malicious HTML or JavaScript code in application fields. When victim users access the…
- risk 0.57cvss 8.8epss 0.00
Dell XtremIO, version(s) 6.4.0-22, contain(s) an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure. The attacker may be able to use the exposed…
- risk 0.57cvss 8.8epss 0.00
TechAdvisor versions 2.6 through 3.37-30 for Dell XtremIO X2, contain(s) an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure. The attacker may…
- risk 0.57cvss 8.8epss 0.00
Dell EMC XtremIO Versions prior to 6.3.3-8, contain a Cross-Site Request Forgery Vulnerability in XMS. A non-privileged attacker could potentially exploit this vulnerability, leading to a privileged victim application user being tricked into sending state-changing requests to…
- risk 0.53cvss 8.1epss 0.01
Dell EMC XtremIO versions prior to X2 6.4.0-22 contain a bruteforce vulnerability. A remote unauthenticated attacker can potentially exploit this vulnerability and gain access to an admin account.
- risk 0.49cvss 7.6epss 0.00
Dell XtremIO X2 XMS versions prior to 6-4-1.11 contain an improper access control vulnerability. A remote read only user could potentially exploit this vulnerability to perform add/delete QoS policies which are disabled by default.
- risk 0.44cvss 6.7epss 0.00
Dell EMC XtremIO XMS versions prior to 6.3.0 contain an incorrect permission assignment vulnerability. A malicious local user with XtremIO xinstall privileges may exploit this vulnerability to gain root access.
- risk 0.44cvss 6.7epss 0.00
Dell EMC XtremIO XMS versions prior to 6.3.0 contain an information disclosure vulnerability where OS users’ passwords are logged in local files. Malicious local users with access to the log files may use the exposed passwords to gain access to XtremIO with the privileges of…