{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2022-34397","assignerOrgId":"c550e75a-17ff-4988-97f0-544cde3820fe","state":"PUBLISHED","assignerShortName":"dell","dateReserved":"2022-06-23T18:55:17.096Z","datePublished":"2023-02-13T09:06:03.573Z","dateUpdated":"2025-03-21T14:49:28.192Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Unisphere for PowerMax","vendor":"Dell","versions":[{"lessThan":"10.0.0.5","status":"affected","version":"0","versionType":"custom"}]}],"datePublic":"2023-01-04T06:30:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"\n\n<span style=\"background-color: rgb(255, 255, 255);\">Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 10.0.0.5 and below contains an authorization bypass vulnerability, allowing users to perform actions in which they are not authorized.</span>\n\n"}],"value":"\nDell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 10.0.0.5 and below contains an authorization bypass vulnerability, allowing users to perform actions in which they are not authorized.\n\n"}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"ADJACENT_NETWORK","availabilityImpact":"NONE","baseScore":6.9,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"CHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-863","description":"CWE-863: Incorrect Authorization","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"c550e75a-17ff-4988-97f0-544cde3820fe","shortName":"dell","dateUpdated":"2023-05-31T05:03:28.028Z"},"references":[{"tags":["vendor-advisory"],"url":"https://www.dell.com/support/kbdoc/en-us/000207177/dsa-2022-340-dell-unisphere-for-powermax-dell-unisphere-for-powermax-vapp-dell-solutions-enabler-vapp-dell-unisphere-360-dell-vasa-provider-vapp-and-dell-powermax-emb-mgmt-security-update-for-multiple-vulnerabilities"}],"source":{"discovery":"UNKNOWN"},"x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T09:07:16.297Z"},"title":"CVE Program Container","references":[{"tags":["vendor-advisory","x_transferred"],"url":"https://www.dell.com/support/kbdoc/en-us/000207177/dsa-2022-340-dell-unisphere-for-powermax-dell-unisphere-for-powermax-vapp-dell-solutions-enabler-vapp-dell-unisphere-360-dell-vasa-provider-vapp-and-dell-powermax-emb-mgmt-security-update-for-multiple-vulnerabilities"}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-03-21T14:49:21.304023Z","id":"CVE-2022-34397","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-03-21T14:49:28.192Z"}}]}}