CNNVD-202601-1010 Information

CNNVD ID

CNNVD-202601-1010

Related CVE

CVE-2025-36589

• CNNVD Published: 2026-01-06

Description (Chinese)

Dell Unisphere for PowerMax是美国戴尔（Dell）公司的一个图形化管理平台。 Dell Unisphere for PowerMax 9.2.4.x版本存在代码问题漏洞，该漏洞源于对XML外部实体引用限制不当，可能导致未经授权访问数据。

Description (English)

Dell United for PowerMax is a graphical management platform for Dell Corporation in the United States. Dell Unithere for PowerMax 9.2.4.x has a code gap, which stems from inappropriate citation restrictions on external XML entities, which may lead to unauthorized access to data.

Hazard Level

Medium

Vulnerability Type

代码问题

Affected Vendor

戴尔

Published

2026-01-06

Last Modified

2026-02-24

References

https://www.dell.com/support/kbdoc/en-us/000402262/dsa-2025-425-dell-powermaxos-dell-powermax-eem-dell-unisphere-for-powermax-dell-unisphere-for-powermax-virtual-appliance-dell-unisphere-360-dell-solutions-enabler-virtual-appliance-security-update-for-multiple-vulnerabilities https://vigilance.fr/vulnerability/Dell-Unisphere-for-PowerMax-external-XML-entity-injection-dated-22-12-2025-49188

Patch

https://www.dell.com/support/kbdoc/en-us/000402262/dsa-2025-425-dell-powermaxos-dell-powermax-eem-dell-unisphere-for-powermax-dell-unisphere-for-powermax-virtual-appliance-dell-unisphere-360-dell-solutions-enabler-virtual-appliance-security-update-for-multiple-vulnerabilities