Home
HIGH: 8.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:NDefault status
unaffected
Any version before 5.1.0.1 or later
affected
Any version before 4.5.5.2 or later
affected
Description
Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure, Information exposure, and Unauthorized access.
Problem types
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Product status
Any version before 5.1.0.1 or later
Any version before 4.5.5.2 or later
References
www.dell.com/...-powerflex-software-multiple-vulnerabilities