Description
Dell PowerFlex Manager, versions 4.6.2 and prior, contains an Open Redirect Vulnerability. An unauthenticated attacker could potentially exploit this vulnerability, leading to a targeted application user being redirected to arbitrary web URLs. The vulnerability could be leveraged by attackers to conduct phishing attacks that cause users to divulge sensitive information.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
Affected products
- Dell / PowerFlex Manager0 – 4.6.2
- Dell / PowerFlex Manager (Appliance)0 – IC 48.378.00
- Dell / PowerFlex Manager (Appliance)0 – IC 48.383.00
- Dell / PowerFlex Manager (Rack)0 – 3.7.8.0
- Dell / PowerFlex Manager (Rack)0 – 3.8.3.0
References
- MISChttps://www.dell.com/support/kbdoc/en-us/000391568/dsa-2025-435-security-update-for-dell-powerflex-rack-multiple-third-party-component-vulnerabilities
- MISChttps://www.dell.com/support/kbdoc/en-us/000391392/dsa-2025-434-security-update-for-dell-powerflex-appliance-multiple-third-party-component-vulnerabilities