Details of VAR-202301-0467

ID

VAR-202301-0467

CVE

CVE-2022-34397

TITLE

Vulnerabilities in multiple Dell products

Trust: 0.8

sources: JVNDB: JVNDB-2022-019573

DESCRIPTION

Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 10.0.0.5 and below contains an authorization bypass vulnerability, allowing users to perform actions in which they are not authorized. Dell's eVASA Provider Virtual Appliance , Solutions Enabler Virtual Appliance , Dell Unisphere for PowerMax Virtual Appliance Exists in unspecified vulnerabilities.Information may be tampered with

Trust: 1.8

sources: NVD: CVE-2022-34397 // JVNDB: JVNDB-2022-019573 // VULHUB: VHN-426713 // VULMON: CVE-2022-34397

AFFECTED PRODUCTS

vendor:	dell	model:	unisphere for powermax virtual appliance	scope:	lt	version:	9.2.3.22	Trust: 1.0
vendor:	dell	model:	unisphere for powermax virtual appliance	scope:	lt	version:	9.2.4.26	Trust: 1.0
vendor:	dell	model:	solutions enabler virtual appliance	scope:	lt	version:	9.2.4.26	Trust: 1.0
vendor:	dell	model:	evasa provider virtual appliance	scope:	lt	version:	9.2.4.15	Trust: 1.0
vendor:	dell	model:	solutions enabler virtual appliance	scope:	lt	version:	9.2.3.6	Trust: 1.0
vendor:	デル	model:	solutions enabler virtual appliance	scope:	-	version:	-	Trust: 0.8
vendor:	デル	model:	dell unisphere for powermax virtual appliance	scope:	-	version:	-	Trust: 0.8
vendor:	デル	model:	evasa provider virtual appliance	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-019573 // NVD: CVE-2022-34397

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-34397
value:	MEDIUM
Trust: 1.0
security_alert@emc.com:	CVE-2022-34397
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-34397
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202301-408
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2022-34397
baseSeverity:	MEDIUM
baseScore:	5.7
vectorString:	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.1
impactScore:	3.6
version:	3.1
Trust: 1.0
security_alert@emc.com:	CVE-2022-34397
baseSeverity:	MEDIUM
baseScore:	6.9
vectorString:	CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	1.7
impactScore:	4.7
version:	3.1
Trust: 1.0
NVD:	CVE-2022-34397
baseSeverity:	MEDIUM
baseScore:	5.7
vectorString:	CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-019573 // CNNVD: CNNVD-202301-408 // NVD: CVE-2022-34397 // NVD: CVE-2022-34397

PROBLEMTYPE DATA

problemtype:	CWE-863	Trust: 1.1
problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-426713 // JVNDB: JVNDB-2022-019573 // NVD: CVE-2022-34397

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202301-408

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202301-408

EXTERNAL IDS

db:	NVD	id:	CVE-2022-34397	Trust: 3.4
db:	JVNDB	id:	JVNDB-2022-019573	Trust: 0.8
db:	CNNVD	id:	CNNVD-202301-408	Trust: 0.6
db:	VULHUB	id:	VHN-426713	Trust: 0.1
db:	VULMON	id:	CVE-2022-34397	Trust: 0.1

sources: VULHUB: VHN-426713 // VULMON: CVE-2022-34397 // JVNDB: JVNDB-2022-019573 // CNNVD: CNNVD-202301-408 // NVD: CVE-2022-34397

REFERENCES

url:	https://www.dell.com/support/kbdoc/en-us/000207177/dsa-2022-340-dell-unisphere-for-powermax-dell-unisphere-for-powermax-vapp-dell-solutions-enabler-vapp-dell-unisphere-360-dell-vasa-provider-vapp-and-dell-powermax-emb-mgmt-security-update-for-multiple-vulnerabilities	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-34397	Trust: 0.8
url:	https://vigilance.fr/vulnerability/dell-unisphere-for-powermax-three-vulnerabilities-40225	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-34397/	Trust: 0.6
url:	https://github.com/live-hack-cve/cve-2022-34397	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-426713 // VULMON: CVE-2022-34397 // JVNDB: JVNDB-2022-019573 // CNNVD: CNNVD-202301-408 // NVD: CVE-2022-34397

SOURCES

db:	VULHUB	id:	VHN-426713
db:	VULMON	id:	CVE-2022-34397
db:	JVNDB	id:	JVNDB-2022-019573
db:	CNNVD	id:	CNNVD-202301-408
db:	NVD	id:	CVE-2022-34397

LAST UPDATE DATE

2024-08-14T14:30:47.980000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-426713	date:	2023-02-24T00:00:00
db:	VULMON	id:	CVE-2022-34397	date:	2023-02-13T00:00:00
db:	JVNDB	id:	JVNDB-2022-019573	date:	2023-10-26T06:17:00
db:	CNNVD	id:	CNNVD-202301-408	date:	2023-07-24T00:00:00
db:	NVD	id:	CVE-2022-34397	date:	2023-07-21T19:05:05.893

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-426713	date:	2023-02-13T00:00:00
db:	VULMON	id:	CVE-2022-34397	date:	2023-02-13T00:00:00
db:	JVNDB	id:	JVNDB-2022-019573	date:	2023-10-26T00:00:00
db:	CNNVD	id:	CNNVD-202301-408	date:	2023-01-05T00:00:00
db:	NVD	id:	CVE-2022-34397	date:	2023-02-13T10:15:13.470