Primary

Context

Dell Storage Manager Improper Authentication Vulnerability Allowing API Access

Vulnerability

Patched

An improper authentication vulnerability has been identified in Dell Storage Manager, specifically in the Dell Storage Center product version 20.1.21. This vulnerability allows an unauthenticated remote attacker to bypass authentication mechanisms and access APIs exposed by ApiProxy.war in the Data Collector component. The exploitation involves using a special SessionKey and UserId, with the latter being associated with specific users created for particular purposes.

Impact

Exploitation of this vulnerability leads to an authentication bypass, allowing unauthorized access to sensitive APIs.

Remediation

Users are advised to update to Dell Storage Manager version 2020 R1.21 or later. Instructions for downloading the update are available on the Dell Support website.

Added: Oct 24, 2025, 3:26 PM

Updated: Oct 24, 2025, 3:26 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

5.0

exploitability

7.0

remediation

7.7

relevance

0.8

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

5.0

exploitability

7.0

remediation

7.7

relevance

0.8

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Dell Storage Manager Improper Authentication Vulnerability Allowing API Access

Vulnerability

Impact

Remediation

Affected Products

Dell Storage Manager

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating