{"api_version":"1","generated_at":"2026-05-13T07:40:30+00:00","cve":"CVE-2022-22557","urls":{"html":"https://cve.report/CVE-2022-22557","api":"https://cve.report/api/cve/CVE-2022-22557.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-22557","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-22557"},"summary":{"title":"CVE-2022-22557","description":"PowerStore contains Plain-Text Password Storage Vulnerability in PowerStore X & T environments running versions 2.0.0.x and 2.0.1.x A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.","state":"PUBLIC","assigner":"secure@dell.com","published_at":"2022-06-02 21:15:00","updated_at":"2023-07-24 13:31:00"},"problem_types":["CWE-522"],"metrics":[],"references":[{"url":"https://www.dell.com/support/kbdoc/000196367","name":"N/A","refsource":"CONFIRM","tags":[],"title":"DSA-2022-014: Dell EMC PowerStore Family Security Update for Multiple Vulnerabilities | Dell US","mime":"text/html","httpstatus":"403","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-22557","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-22557","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"22557","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"dell","cpe5":"powerstoreos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"22557","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"dell","cpe5":"powerstore_t","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"22557","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"dell","cpe5":"powerstore_x","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"secure@dell.com","DATE_PUBLIC":"2022-04-19","ID":"CVE-2022-22557","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"PowerStore","version":{"version_data":[{"version_affected":"<","version_value":"PowerStore SW v2.1.0.0-1553419"}]}}]},"vendor_name":"Dell"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"PowerStore contains Plain-Text Password Storage Vulnerability in PowerStore X & T environments running versions 2.0.0.x and 2.0.1.x A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account."}]},"impact":{"cvss":{"baseScore":7.5,"baseSeverity":"High","vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-256: Unprotected Storage of Credentials"}]}]},"references":{"reference_data":[{"refsource":"MISC","url":"https://www.dell.com/support/kbdoc/000196367","name":"https://www.dell.com/support/kbdoc/000196367"}]}},"nvd":{"publishedDate":"2022-06-02 21:15:00","lastModifiedDate":"2023-07-24 13:31:00","problem_types":["CWE-522"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":7.2},"severity":"HIGH","exploitabilityScore":3.9,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:dell:powerstoreos:*:*:*:*:*:*:*:*","versionStartIncluding":"2.0.0.0","versionEndExcluding":"2.1.0.0","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:dell:powerstore_t:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:dell:powerstoreos:*:*:*:*:*:*:*:*","versionStartIncluding":"2.0.0.0","versionEndExcluding":"2.1.1.0","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:dell:powerstore_x:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":{"CveYear":"2022","CveId":"22557","Ordinal":"224915","Title":"CVE-2022-22557","CVE":"CVE-2022-22557","Year":"2022"},"notes":[{"CveYear":"2022","CveId":"22557","Ordinal":"1","NoteData":"** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.","Type":"Description","Title":null}]}}}