CVE-2020-5345

MEDIUM

Dell Emc Unisphere For Powermax < 9.1.0.17 - Missing Authorization

Title source: rule

Description

Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17, Dell EMC Unisphere for PowerMax Virtual Appliance versions prior to 9.1.0.17, and PowerMax OS Release 5978 contain an authorization bypass vulnerability. An authenticated malicious user may potentially execute commands to alter or stop database statistics.

References (1)

[Vendor Advisory] https://www.dell.com/support/security/en-us/details/544585/DSA-2020-065-Dell-EMC-Unisphere-for-PowerMax-Dell-EMC-Unisphere-for-PowerMax-Virtual-Appliance

Scores

CVSS v3 6.4

EPSS 0.0046

EPSS Percentile 64.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L

Details

CWE

CWE-862 CWE-602

Status published

Products (3)

dell/emc_unisphere_for_powermax < 9.1.0.17

dell/emc_unisphere_for_powermax_virtual_appliance < 9.1.0.17

dell/powermax_os 5978

Published Jun 23, 2020

Tracked Since Feb 18, 2026