Vendor
Dell Security Advisory Addressing Multiple Product Vulnerabilities
2 rulesDell released security advisories in May 2026 to address vulnerabilities in PowerEdge Server Chipset Driver, Data Lakehouse, Dell Enterprise SONiC Distribution, and Dell Unity/UnityVSA/Unity XT.
CVE-2022-31231 - Dell ECS Improper Access Control in IAM Module
2 rules 1 TTPDell ECS versions 3.5 and 3.6 contain an improper access control vulnerability (CVE-2022-31231) in the Identity and Access Management (IAM) module, potentially allowing a remote unauthenticated attacker to gain unauthorized read access to data.
Dell PowerFlex Manager Directory Listing Vulnerability (CVE-2025-32749)
2 rules 1 TTP 1 CVEDell PowerFlex Manager versions 4.6.2 and earlier contain a directory listing vulnerability (CVE-2025-32749) that allows an unauthenticated remote attacker to expose sensitive information.
CVE-2025-32747: Dell PowerFlex Manager Incorrect Privilege Assignment Vulnerability
1 rule 1 TTPDell PowerFlex Manager versions 4.6.2 and earlier contain an Incorrect Privilege Assignment vulnerability (CVE-2025-32747) that allows a low-privileged attacker with local access to elevate privileges.
CVE-2025-26483: Dell PowerFlex Manager Open Redirect Vulnerability
2 rules 1 TTPDell PowerFlex Manager versions 4.6.2 and prior contains an open redirect vulnerability (CVE-2025-26483) that allows an unauthenticated attacker to redirect a targeted user to an arbitrary web URL, potentially enabling phishing attacks.
Dell Security Advisory Addresses Vulnerabilities in Multiple Products
2 rulesDell published security advisories between May 11 and 17, 2026, addressing vulnerabilities in Dell Enterprise Sonic Distribution, Dell Live Optics Collector, Intel 800 Series Ethernet Adapters, Dell PowerEdge with AMD Graphics, and PowerScale InsightIQ, prompting users to apply necessary updates.
Process Created with an Elevated Token via Token Theft
2 rules 1 TTPThis rule detects the creation of a process running as SYSTEM while impersonating the token context of a Windows core binary, which adversaries may leverage to escalate privileges and bypass access controls through token theft.
Dell Security Advisories Address Multiple Vulnerabilities
2 rulesDell published security advisories addressing vulnerabilities in APEX Cloud Platform, Automation Platform, Command | Monitor, CyberSense, NativeEdge Orchestrator, SmartFabric Manager, iDRAC, Disk Library, and PowerProtect Cyber Recovery, requiring users to apply necessary updates.
Dell Computer Vulnerability Allows Local Code Execution
2 rules 1 TTPA local attacker can exploit a vulnerability in Dell computers to execute arbitrary code.
Dell Security Advisories Address Vulnerabilities in Multiple Products
2 rulesDell published security advisories addressing vulnerabilities in Dell Networking OS10, Dell Storage Monitoring and Reporting, Dell Storage Resource Manager, and Dell VxRail Appliance, urging users to apply necessary updates.
Account Discovery Command via SYSTEM Account
3 rules 3 TTPsThe rule identifies when the SYSTEM account uses an account discovery utility, potentially indicating discovery activity after privilege escalation, focusing on utilities like whoami.exe and net1.exe executed under the SYSTEM account.
Network Logon Provider Registry Modification
2 rules 2 TTPsAdversaries may modify the network logon provider registry to register a rogue network logon provider module for persistence and credential access by intercepting authentication credentials in clear text during user logon.
LSASS Loading Suspicious DLL
2 rules 2 TTPs 9 IOCsDetection of LSASS loading an unsigned or untrusted DLL, which can indicate credential access attempts by malicious actors targeting sensitive information stored in the LSASS process.