GET

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

GET /api/vulnerabilities/88470?format=api
HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "url": "http://public2.vulnerablecode.io/api/vulnerabilities/88470?format=api",
    "vulnerability_id": "VCID-ranp-7n4w-hke9",
    "summary": "Dell Storage Center - Dell Storage Manager, version(s) 20.1.21, contain(s) an Improper Authentication vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass. Authentication Bypass in DSM Data Collector. An unauthenticated remote attacker can access APIs exposed by ApiProxy.war in DataCollectorEar.ear by using a special SessionKey and UserId. These userid are special users created in compellentservicesapi for special purposes.",
    "aliases": [
        {
            "alias": "CVE-2025-43995"
        }
    ],
    "fixed_packages": [],
    "affected_packages": [],
    "references": [
        {
            "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-43995",
            "reference_id": "",
            "reference_type": "",
            "scores": [
                {
                    "value": "0.00156",
                    "scoring_system": "epss",
                    "scoring_elements": "0.36117",
                    "published_at": "2026-06-11T12:55:00Z"
                },
                {
                    "value": "0.00156",
                    "scoring_system": "epss",
                    "scoring_elements": "0.36296",
                    "published_at": "2026-06-12T12:55:00Z"
                }
            ],
            "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-43995"
        },
        {
            "reference_url": "https://www.dell.com/support/kbdoc/en-us/000382899/dsa-2025-393-security-update-for-storage-center-dell-storage-manager-vulnerabilities",
            "reference_id": "dsa-2025-393-security-update-for-storage-center-dell-storage-manager-vulnerabilities",
            "reference_type": "",
            "scores": [
                {
                    "value": "9.8",
                    "scoring_system": "cvssv3.1",
                    "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
                },
                {
                    "value": "Track",
                    "scoring_system": "ssvc",
                    "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-25T03:56:08Z/"
                }
            ],
            "url": "https://www.dell.com/support/kbdoc/en-us/000382899/dsa-2025-393-security-update-for-storage-center-dell-storage-manager-vulnerabilities"
        }
    ],
    "weaknesses": [
        {
            "cwe_id": 287,
            "name": "Improper Authentication",
            "description": "When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct."
        }
    ],
    "exploits": [],
    "severity_range_score": "9.8 - 9.8",
    "exploitability": null,
    "weighted_severity": null,
    "risk_score": null,
    "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ranp-7n4w-hke9"
}