CVE-2022-22557

HIGH

PowerStore <2.0.1.x - Info Disclosure

Title source: llm

Description

PowerStore contains Plain-Text Password Storage Vulnerability in PowerStore X & T environments running versions 2.0.0.x and 2.0.1.x A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.

References (1)

[Vendor Advisory] https://www.dell.com/support/kbdoc/000196367

Scores

CVSS v3 7.5

EPSS 0.0004

EPSS Percentile 11.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Classification

CWE

CWE-522 CWE-256

Status published

Affected Products (1)

dell/powerstoreos < 2.1.0.0

Timeline

Published Jun 02, 2022

Tracked Since Feb 18, 2026