CVE-2022-34397 MEDIUM

CVE-2022-34397

Vendor Dell

Product Unisphere for PowerMax

Weakness CWE-863 · Incorrect authorization

Published February 13, 2023

Last update March 21, 2025

View on NVD All CVEs

CVSS base score

6.9/10

Attack vector Adjacent

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality Low

Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N

What the vulnerability does

01Description

Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 10.0.0.5 and below contains an authorization bypass vulnerability, allowing users to perform actions in which they are not authorized.

Key dates

02Disclosure timeline

February 13, 2023 CVE published

March 21, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-34397 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/863.html

Related vulnerabilities

04Related CVE

CVE-2024-7915 macOS Sensei Mac Cleaner Local Privilege Escalation via PID Reuse - Race Condition Attack CVE-2025-62506 MinIO vulnerable to privilege escalation via session policy bypass in service accounts and STS CVE-2026-32059 OpenClaw 2026.2.22-2 < 2026.2.23 - Allowlist Bypass via sort Long-Option Abbreviation in tools.exec.safeBins CVE-2023-4107 Incorrect authorization allows a user manager to update a system admin CVE-2022-0333