HIGH✓ PATCH🇬🇧 English

CVE-2025-36589

CVSS 7.6v3.1pub. 2026-01-06upd. 2026-01-22

Dell Unisphere for PowerMax, version(s) 9.2.4.x, contain(s) an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access to data and resources outside of the intended sphere of control.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
  • Dell Unisphere For Powermax

    APP
    Dell
    9.2.4.18
  • Dell Unisphere For Powermax Virtual Appliance

    APP
    Dell
    9.2.4.17 – 9.2.4.19 (bez)
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
XXE
CWE
Referencje

Powiązane podatności

CVE-2026-26362HIGH8.1ten sam produkt

Dell Unisphere for PowerMax, version(s) 10.2, contain(s) a Relative Path Traversal vulnerability. A low privil...

CVE-2026-26360HIGH8.1ten sam produkt

Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path vulnerabilit...

CVE-2026-26359HIGH8.8ten sam produkt

Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path vulnerabilit...

CVE-2026-26358HIGH8.8ten sam produkt

Dell Unisphere for PowerMax, version(s) 10.2, contain(s) a Missing Authorization vulnerability. A low privileg...

CVE-2025-36588HIGH8.8ten sam produkt

Dell Unisphere for PowerMax, version(s) 10.2.0.x, contain(s) an Improper Neutralization of Special Elements us...