Unisphere For Powermax Virtual Appliance
CVE-2025-36589
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
Lifecycle Timeline
2DescriptionCVE.org
Dell Unisphere for PowerMax, version(s) 9.2.4.x, contain(s) an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access to data and resources outside of the intended sphere of control.
AnalysisAI
Unisphere For Powermax versions up to 9.2.4.18 is affected by improper restriction of xml external entity reference (CVSS 7.6).
Technical ContextAI
This vulnerability (CWE-611: Improper Restriction of XML External Entity Reference) affects Unisphere For Powermax. Dell Unisphere for PowerMax, version(s) 9.2.4.x, contain(s) an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access to data and resources outside of the intended sphere of control.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
Dell Unisphere for PowerMax, version(s) 10.2.0.x, contain(s) an Improper Neutralization of Special Elements used in an S
Dell vApp Manager, versions prior to 9.2.4.9 contain a Command Injection Vulnerability. Rated high severity (CVSS 8.8),
Dell vApp Manager, versions prior to 9.2.4.9 contain a Command Injection Vulnerability. Rated high severity (CVSS 8.8),
Unisphere for PowerMax versions before 9.2.3.15 contain a privilege escalation vulnerability. Rated high severity (CVSS
Dell Unisphere for PowerMax versions prior to 9.2.1.6 contain an Authorization Bypass Vulnerability. Rated high severity
Dell vApp Manager, versions prior to 9.2.4.x contain an information disclosure vulnerability. Rated high severity (CVSS
Dell vApp Manger, versions prior to 9.2.4.x contain an arbitrary file read vulnerability. Rated high severity (CVSS 7.5)
A remote code execution vulnerability (CVSS 7.2). High severity vulnerability requiring prompt remediation.
Dell vApp Manager, versions prior to 9.2.4.x contain a command injection vulnerability. Rated high severity (CVSS 7.2),
Dell vApp Manager, versions prior to 9.2.4.x contain a command injection vulnerability. Rated high severity (CVSS 7.2),
Dell vApp Manager, versions prior to 9.2.4.x contain a command injection vulnerability. Rated high severity (CVSS 7.2),
Dell vApp Manager, versions prior to 9.2.4.x contain a command injection vulnerability. Rated high severity (CVSS 7.2),
Share
External POC / Exploit Code
Leaving vuln.today