PatchSiren cyber security CVE debrief
CVE-2022-34363 Dell CVE debrief
Dell Unisphere for PowerMax Virtual Appliance versions prior to 10.0.0.2 contain an authorization bypass vulnerability in the Unisphere for VMAX application running within the vApp. The flaw, classified as CWE-285 (Improper Authorization), allows an authenticated attacker with low privileges to bypass authorization controls. The vulnerability has a network attack vector with low attack complexity, requiring no user interaction. Successful exploitation results in high integrity impact, though confidentiality and availability are not affected per the CVSS:3.1 vector. The CVE was published on May 22, 2026 and last modified on May 29, 2026. Dell's security advisory requires permissions to access.
- Vendor
- Dell
- Product
- Unisphere for PowerMax
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-22
- Original CVE updated
- 2026-05-29
- Advisory published
- 2026-05-22
- Advisory updated
- 2026-05-29
Who should care
Organizations running Dell Unisphere for PowerMax Virtual Appliance versions below 10.0.0.2 for storage management and monitoring
Technical summary
The vulnerability exists in the authorization implementation of the Unisphere for VMAX application when deployed as a virtual appliance. An attacker with legitimate credentials can circumvent intended access controls, potentially allowing unauthorized administrative actions or configuration modifications. The flaw is confined to the application layer within the vApp deployment model and does not affect underlying storage array firmware or operating system components directly.
Defensive priority
medium
Recommended defensive actions
- Upgrade Dell Unisphere for PowerMax Virtual Appliance to version 10.0.0.2 or later
- Restrict network access to Unisphere for PowerMax vApp management interfaces to authorized administrative hosts
- Monitor for unauthorized configuration changes in Unisphere for VMAX application settings
- Review and validate role-based access controls for all accounts with access to the vApp
- Apply principle of least privilege for all accounts accessing the Unisphere management plane
Evidence notes
Authorization bypass in Unisphere for VMAX application within vApp environment. Affected versions are all releases prior to 10.0.0.2. CVSS 3.1 score of 6.5 (MEDIUM) with integrity impact rated HIGH.
Official resources
-
CVE-2022-34363 CVE record
CVE.org
-
CVE-2022-34363 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
[email protected] - Permissions Required
Dell published security advisory; NVD analyzed