CVE-2022-34446 HIGH

CVE-2022-34446

Vendor Dell

Product PowerPath Management Appliance

Weakness CWE-285

Published February 10, 2023

Last update March 26, 2025

View on NVD All CVEs

CVSS base score

8.8/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

PowerPath Management Appliance with versions 3.3 & 3.2* contains Authorization Bypass vulnerability. An authenticated remote user with limited privileges (e.g., of role Monitoring) can exploit this issue and gain access to sensitive information, and modify the configuration.

Key dates

02Disclosure timeline

February 10, 2023 CVE published

March 26, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-34446 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/285.html

Related vulnerabilities

04Related CVE

CVE-2023-0813 Network-observability-console-plugin-container: setting loki authtoken configuration to disable or host mode leads to authentication longer being enforced CVE-2022-39341 OpenFGA Authorization Bypass CVE-2022-40521 Improper authorization in Modem CVE-2026-40963 Apache Airflow: DAG authorization bypass on /ui/structure/structure_data CVE-2025-10422 newbee-mall Order Status paySuccess improper authorization