Risk | Critical |
Patch available | YES |
Number of vulnerabilities | 141 |
CVE-ID | CVE-2022-21873 CVE-2022-21867 CVE-2022-21868 CVE-2022-21869 CVE-2022-21870 CVE-2022-21871 CVE-2022-21872 CVE-2022-21874 CVE-2022-21865 CVE-2022-21875 CVE-2022-21876 CVE-2022-21877 CVE-2022-21878 CVE-2022-21879 CVE-2022-21880 CVE-2022-21866 CVE-2022-21864 CVE-2022-21882 CVE-2022-21851 CVE-2022-21838 CVE-2022-21839 CVE-2022-21843 CVE-2022-21848 CVE-2022-21849 CVE-2022-21850 CVE-2022-21852 CVE-2022-21863 CVE-2022-21857 CVE-2022-21858 CVE-2022-21859 CVE-2022-21860 CVE-2022-21861 CVE-2022-21862 CVE-2022-21881 CVE-2022-21883 CVE-2022-21835 CVE-2022-21924 CVE-2022-21915 CVE-2022-21916 CVE-2022-21918 CVE-2022-21919 CVE-2022-21920 CVE-2022-21922 CVE-2022-21928 CVE-2022-21913 CVE-2022-21958 CVE-2022-21959 CVE-2022-21960 CVE-2022-21961 CVE-2022-21962 CVE-2022-21963 CVE-2022-21914 CVE-2022-21912 CVE-2022-21885 CVE-2022-21895 CVE-2022-21888 CVE-2022-21889 CVE-2022-21890 CVE-2022-21892 CVE-2022-21893 CVE-2022-21894 CVE-2022-21896 CVE-2022-21908 CVE-2022-21897 CVE-2022-21898 CVE-2022-21902 CVE-2022-21903 CVE-2022-21904 CVE-2022-21906 CVE-2022-21907 CVE-2022-21836 CVE-2022-21834 CVE-2021-38631 CVE-2022-21340 CVE-2022-21341 CVE-2022-21248 CVE-2021-22947 CVE-2021-36957 CVE-2021-36976 CVE-2021-38665 CVE-2022-21293 CVE-2021-38666 CVE-2021-41333 CVE-2021-41356 CVE-2021-41366 CVE-2021-41367 CVE-2021-41370 CVE-2022-21294 CVE-2022-21283 CVE-2021-41377 CVE-2022-21305 CVE-2021-36339 CVE-2021-4034 CVE-2021-22959 CVE-2022-21349 CVE-2022-21291 CVE-2022-21277 CVE-2022-21271 CVE-2022-21360 CVE-2022-21365 CVE-2022-21366 CVE-2022-21282 CVE-2022-21296 CVE-2022-21299 CVE-2021-41371 CVE-2021-41378 CVE-2022-21833 CVE-2021-43235 CVE-2021-43229 CVE-2021-43230 CVE-2021-43231 CVE-2021-43232 CVE-2021-43233 CVE-2021-43234 CVE-2021-43236 CVE-2021-43227 CVE-2021-43238 CVE-2021-43244 CVE-2021-43247 CVE-2021-43248 CVE-2021-43883 CVE-2021-43893 CVE-2021-43228 CVE-2021-43226 CVE-2021-41379 CVE-2021-42285 CVE-2021-42275 CVE-2021-42276 CVE-2021-42277 CVE-2021-42279 CVE-2021-42280 CVE-2021-42283 CVE-2021-42288 CVE-2021-43224 CVE-2021-43207 CVE-2021-43215 CVE-2021-43216 CVE-2021-43217 CVE-2021-43219 CVE-2021-43222 CVE-2021-43223 |
CWE-ID | CWE-264 CWE-94 CWE-200 CWE-125 CWE-20 CWE-119 CWE-59 CWE-254 CWE-451 CWE-345 CWE-416 CWE-250 CWE-444 CWE-787 |
Exploitation vector | Network |
Public exploit |
Vulnerability #12 is being exploited in the wild. Vulnerability #18 is being exploited in the wild. Public exploit code for vulnerability #34 is available. Vulnerability #41 is being exploited in the wild. Public exploit code for vulnerability #61 is available. Vulnerability #70 is being exploited in the wild. Vulnerability #93 is being exploited in the wild. Public exploit code for vulnerability #121 is available. Public exploit code for vulnerability #122 is available. Vulnerability #124 is being exploited in the wild. Vulnerability #125 is being exploited in the wild. Public exploit code for vulnerability #134 is available. |
Vulnerable software |
VASA Provider Standalone Other software / Other software solutions Solutions Enabler Other software / Other software solutions Unisphere 360 Other software / Other software solutions Unisphere for PowerMax Virtual Appliance Other software / Other software solutions Unisphere for PowerMax Other software / Other software solutions Solutions Enabler Virtual Appliance Server applications / Virtualization software |
Vendor | Dell |
Security Bulletin
This security bulletin contains information about 141 vulnerabilities.
EUVDB-ID: #VU59486
Risk: Low
CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-21873
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Tile Data Repository, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59497
Risk: Low
CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-21867
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Windows Push Notifications Apps, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59495
Risk: Low
CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-21868
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Windows Devices Human Interface, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59493
Risk: Low
CVSSv4.0: 5.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-21869
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Clipboard User Service, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59492
Risk: Low
CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-21870
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Tablet Windows User Interface Application Core, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59490
Risk: Low
CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-21871
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Microsoft Diagnostics Hub Standard Collector Runtime, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59488
Risk: Low
CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-21872
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Windows Event Tracing, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59451
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-21874
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in Windows Security Center API. A remote attacker can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59500
Risk: Low
CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-21865
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Connected Devices Platform Service, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59485
Risk: Low
CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-21875
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Windows Storage, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59414
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-21876
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in Win32k. A local user can gain unauthorized access to sensitive information on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59517
Risk: Low
CVSSv4.0: 6.8 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:A/U:Clear]
CVE-ID: CVE-2022-21877
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the Storage Spaces Controller (spaceport.sys drive). A local user can run a specially crafted program to trigger an out-of-bounds read error and read contents of memory with SYSTEM privileges..
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
EUVDB-ID: #VU59518
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-21878
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in Windows Geolocation Service. A remote attacker can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59482
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-21879
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to insufficient validation of user-supplied input in Windows kernel. A local user can run a specially crafted program to read contents of memory on the system.
Install update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59401
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-21880
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in Windows GDI+. A remote attacker can gain unauthorized access to sensitive information on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59499
Risk: Low
CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-21866
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Windows System Launcher, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59502
Risk: Low
CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-21864
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Windows UI Immersive Server API, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59413
Risk: High
CVSSv4.0: 8.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber]
CVE-ID: CVE-2022-21882
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the Win32k.sys driver. A local user can run a specially crafted program to trigger a buffer overflow and execute arbitrary code on the system with elevated privileges.
Note, the vulnerability is being actively exploited in the wild.
Install update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
EUVDB-ID: #VU59506
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-21851
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing PDU (Server RDP Preconnection) requests in client's drive redirection virtual channel in Remote Desktop Client. A remote attacker can trick the victim to connect to a malicious RDP server, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59472
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-21838
CWE-ID:
CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a link following issue within the SilentCleanup scheduled task. A local user can create a specially symbolic crafted link to critical folders on the system and force the task to delete the folder.
Install update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59475
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-21839
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in Windows Event Tracing Discretionary Access Control List. A local user can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59408
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-21843
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in Windows IKE Extension. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59406
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-21848
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in Windows IKE Extension. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59405
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-21849
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in Windows IKE Extension. A remote attacker can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59507
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-21850
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the Remote Desktop Client. A remote attacker can trick the victim to connect to a malicious RDP server, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59419
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-21852
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Windows DWM Core Library, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59505
Risk: Low
CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-21863
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Windows StateRepository API Server file, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59478
Risk: Medium
CVSSv4.0: 6.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-21857
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Active Directory Domain Services, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59481
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-21858
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Windows Bind Filter Driver, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59515
Risk: Low
CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-21859
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Windows Accounts Control, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59484
Risk: Low
CVSSv4.0: 2 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-21860
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Windows AppContracts API Server, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59510
Risk: Low
CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-21861
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Task Flow Data Engine, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59509
Risk: Low
CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-21862
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Windows Application Model Core API, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59483
Risk: Low
CVSSv4.0: 7.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2022-21881
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in Windows kernel. A local user can run a specially crafted program to trigger buffer overflow and execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU59407
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-21883
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in Windows IKE Extension. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59470
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-21835
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Microsoft Cryptographic Services, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59516
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-21924
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to an error in the Workstation Service. A remote attacker can trick the victim to initiate connection to the malicious host and gain access to sensitive information.
Install update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59400
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-21915
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in Windows GDI+. A remote authenticated attacker can gain unauthorized access to sensitive information on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59504
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-21916
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
Install update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59395
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-21918
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in DirectX Graphics Kernel File. A local user can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59512
Risk: Low
CVSSv4.0: 7.3 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Clear]
CVE-ID: CVE-2022-21919
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
Install update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
EUVDB-ID: #VU59402
Risk: Medium
CVSSv4.0: 6.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-21920
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Windows Kerberos, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59501
Risk: Medium
CVSSv4.0: 6.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-21922
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in Microsoft Windows RPC service. A remote authenticated user can send specially crafted data through the RPC runtime, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59390
Risk: Low
CVSSv4.0: 2 [CVSS:4.0/AV:P/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-21928
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in Windows Resilient File System (ReFS). An authenticated attacker with physical access can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59513
Risk: Medium
CVSSv4.0: 2.1 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-21913
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to unspecified error in Local Security Authority (Domain Policy). A remote attacker can trick the victim to initiate connection with a malicious system and gain access to sensitive information.
Install update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59389
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-21958
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in Windows Resilient File System (ReFS). An attacker with physical access can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59388
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-21959
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in Windows Resilient File System (ReFS). An attacker with physical access can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59387
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-21960
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in Windows Resilient File System (ReFS). An attacker with physical access can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59386
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-21961
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in Windows Resilient File System (ReFS). An attacker with physical access can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59385
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-21962
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in Windows Resilient File System (ReFS). An attacker with physical access can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59384
Risk: Low
CVSSv4.0: 2 [CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-21963
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in Windows Resilient File System (ReFS). An attacker with physical access can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59436
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-21914
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Windows Remote Access Connection Manager, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59393
Risk: Low
CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-21912
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in DirectX Graphics Kernel. A local user can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59438
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-21885
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Windows Remote Access Connection Manager, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59511
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-21895
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in Windows User Profile Service. A local user can execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59426
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-21888
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in Windows Modern Execution Server. A remote attacker can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59404
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-21889
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in Windows IKE Extension. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59403
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-21890
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input Windows IKE Extension. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59391
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-21892
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in Windows Resilient File System (ReFS). An attacker with physical access can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59415
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-21893
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in Remote Desktop Protocol. A remote attacker can trick a target victim to connect to a malicious RDP server and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59498
Risk: Low
CVSSv4.0: 5.2 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2022-21894
CWE-ID:
CWE-254 - Security Features
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to bypass implemented security restrictions.
the vulnerability exists due to an error in Secure Boot implementation. A local user can bypass implemented security restrictions.
Install update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU59418
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-21896
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Windows DWM Core Library, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59397
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-21908
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Windows Installer, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59503
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-21897
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in Windows Common Log File System Driver. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59394
Risk: Low
CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-21898
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in DirectX Graphics Kernel. A local user can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59416
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-21902
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Windows DWM Core Library, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59399
Risk: Low
CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-21903
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Windows GDI, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59398
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-21904
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application Windows GDI. A remote attacker can gain unauthorized access to sensitive information on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59479
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-21906
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to improper input validation in Windows Defender Application Control. A remote attacker can pass a specially crafted file to the system and bypass implemented security restrictions.
Install update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59392
Risk: Critical
CVSSv4.0: 9.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red]
CVE-ID: CVE-2022-21907
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the HTTP Trailer Support feature in HTTP Protocol Stack (http.sys). A remote attacker can send a specially crafted HTTP request to the web server, trigger a buffer overflow and execute arbitrary code on the system.
Install update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
EUVDB-ID: #VU59471
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-21836
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data in Windows Certificate. A local user can spoof page content.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59469
Risk: Low
CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-21834
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Windows User-mode Driver Framework Reflector Driver, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU58047
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-38631
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in Windows Remote Desktop Protocol (RDP). A local administrator can gain unauthorized access to sensitive information on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59732
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-21340
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The vulnerability exists due to improper input validation within the Libraries component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59733
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-21341
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The vulnerability exists due to improper input validation within the Serialization component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59734
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-21248
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to manipulate data.
The vulnerability exists due to improper input validation within the Serialization component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU56615
Risk: Medium
CVSSv4.0: 4.2 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-22947
CWE-ID:
CWE-345 - Insufficient Verification of Data Authenticity
Exploit availability: No
Description
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists in the way libcurl handles the STARTTLS negotiation process. When curl connects to an IMAP, POP3, SMTP or FTP server to exchange data securely using STARTTLS to upgrade the connection to TLS level, the server can still respond and send back multiple responses before the TLS upgrade. Such multiple "pipelined" responses are cached by curl. curl would then upgrade to TLS but not flush the in-queue of cached responses and instead use and trust the responses it got before the TLS handshake as if they were authenticated.
Using this flaw, it allows a Man-In-The-Middle attacker to first inject the fake responses, then pass-through the TLS traffic from the legitimate server and trick curl into sending data back to the user thinking the attacker's injected data comes from the TLS-protected server.
Over POP3 and IMAP an attacker can inject fake response data.
Mitigation
Install update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU58066
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-36957
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Windows Desktop Bridge, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59459
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-36976
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error in copy_string. A remote attacker can cause a denial of service condition on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU58022
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-38665
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in Remote Desktop Protocol Client. A remote attacker can gain unauthorized access to sensitive information on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59730
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-21293
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The vulnerability exists due to improper input validation within the Libraries component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU58023
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-38666
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in Remote Desktop Client. A remote attacker can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU58925
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-41333
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Windows Print Spooler, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU58072
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-41356
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in Windows. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU58065
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-41366
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Credential Security Support Provider Protocol (CredSSP), which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU58026
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-41367
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in NTFS, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU58025
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-41370
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in NTFS, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59731
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-21294
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The vulnerability exists due to improper input validation within the Libraries component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59729
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-21283
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The vulnerability exists due to improper input validation within the Libraries component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU58062
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-41377
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Windows Fast FAT File System Driver, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59720
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-21305
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to manipulate data.
The vulnerability exists due to improper input validation within the Hotspot component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU69272
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-36339
CWE-ID:
CWE-250 - Execution with Unnecessary Privileges
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application binary has a setuid bit. A local low-privileged user can run the affected binary to get privileged access to the virtual appliance.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU60007
Risk: Medium
CVSSv4.0: 8.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Green]
CVE-ID: CVE-2021-4034
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper handling of the calling parameters count in the pkexec setuid binary, which causes the binary to execute environment variables as commands. A local user can craft environment variables in a way that they will be processed and executed by pkexec and execute arbitrary commands on the system as root.
Install update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
EUVDB-ID: #VU59233
Risk: Medium
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-22959
CWE-ID:
CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to preform HTTP request smuggling attacks.
The vulnerability exists due to improper validation of HTTP requests, where the application accepts requests with a space right after the header name before the colon. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.
Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59718
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-21349
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The vulnerability exists due to improper input validation within the 2D component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59719
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-21291
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to manipulate data.
The vulnerability exists due to improper input validation within the Hotspot component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59721
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-21277
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The vulnerability exists due to improper input validation within the ImageIO component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59728
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-21271
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The vulnerability exists due to improper input validation within the Libraries component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59722
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-21360
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The vulnerability exists due to improper input validation within the ImageIO component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59723
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-21365
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The vulnerability exists due to improper input validation within the ImageIO component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59724
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-21366
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The vulnerability exists due to improper input validation within the ImageIO component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59725
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-21282
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The vulnerability exists due to improper input validation within the JAXP component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59726
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-21296
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The vulnerability exists due to improper input validation within the JAXP component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59727
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-21299
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The vulnerability exists due to improper input validation within the JAXP component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU58048
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-41371
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in Windows Remote Desktop Protocol (RDP). A local administrator can gain unauthorized access to sensitive information on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU58027
Risk: Medium
CVSSv4.0: 6.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-41378
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in Windows NTFS. A remote authenticated attacker can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59467
Risk: Low
CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-21833
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Virtual Machine IDE Drive, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU58965
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-43235
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in Storage Spaces Controller. A local user can gain unauthorized access to sensitive information on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU58929
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-43229
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Windows NTFS, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU58928
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-43230
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Windows NTFS, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU58927
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-43231
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Windows NTFS, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU58967
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-43232
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in Windows Event Tracing. A remote attacker can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU58968
Risk: Medium
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-43233
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in Remote Desktop Client. A remote attacker can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU58969
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-43234
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in Windows Fax Service. A remote attacker can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU58961
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-43236
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in Microsoft Message Queuing. A remote attacker can gain unauthorized access to sensitive information on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU58964
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-43227
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in Storage Spaces Controller. A local user can gain unauthorized access to sensitive information on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU58970
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-43238
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Windows Remote Access, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU58941
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-43244
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in Windows Kernel. A local user can gain unauthorized access to sensitive information on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU58943
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-43247
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Windows TCP/IP Driver, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU58944
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-43248
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Windows Digital Media Receiver, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU58951
Risk: Low
CVSSv4.0: 7.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2021-43883
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Windows Installer, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU58952
Risk: Medium
CVSSv4.0: 6.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2021-43893
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: Yes
DescriptionThe vulnerability allows a remote authenticated attacker to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Windows Encrypting File System (EFS), which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU58966
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-43228
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in SymCrypt. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU58931
Risk: Low
CVSSv4.0: 8.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Clear]
CVE-ID: CVE-2021-43226
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Windows Common Log File System Driver, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
EUVDB-ID: #VU58061
Risk: Low
CVSSv4.0: 6.8 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:A/U:Clear]
CVE-ID: CVE-2021-41379
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Windows Installer, which leads to security restrictions bypass and delete targeted files on a system.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
EUVDB-ID: #VU58039
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-42285
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Windows Kernel, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU58059
Risk: Medium
CVSSv4.0: 6.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-42275
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in Microsoft COM for Windows. A remote authenticated attacker can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU58057
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-42276
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in Microsoft Windows Media Foundation. A remote attacker can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU58032
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-42277
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Diagnostics Hub Standard Collector. A local user can delete targeted files on a system.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU58056
Risk: Medium
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-42279
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in Chakra Scripting Engine. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU58054
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-42280
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Windows Feedback Hub, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU58024
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-42283
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in NTFS, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU58073
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-42288
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to bypass authentication process.
The vulnerability exists due to security feature bypass issue in Windows Hello. An attacker with physical access can bypass the target application
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU58932
Risk: Low
CVSSv4.0: 5.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2021-43224
CWE-ID:
CWE-200 - Information exposure
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in Windows Common Log File System Driver. A local user can gain unauthorized access to sensitive information on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU58930
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-43207
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Windows Common Log File System Driver, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU58957
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-43215
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in iSNS Server. A remote attacker can send a specially crafted request, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU58958
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-43216
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in Microsoft Local Security Authority Server (lsasrv). A remote authenticated attacker can gain unauthorized access to sensitive information on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU58953
Risk: High
CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-43217
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in Windows Encrypting File System (EFS). A remote attacker can trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU58959
Risk: Low
CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-43219
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in DirectX Graphics Kernel File. A remote attacker on the local network can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU58960
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-43222
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in Microsoft Message Queuing. A remote attacker can gain unauthorized access to sensitive information on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU58962
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-43223
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Windows Remote Access Connection Manager, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsVASA Provider Standalone: before 9.1.0.724
Solutions Enabler Virtual Appliance: before 9.1.0.19
Solutions Enabler: before 9.1.0.19
Unisphere 360: before 9.1.0.30
Unisphere for PowerMax Virtual Appliance: before 9.1.0.32
Unisphere for PowerMax: before 9.1.0.32
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.