CVE-2023-22572
https://notcve.org/view.php?id=CVE-2023-22572
Dell PowerScale OneFS 9.1.0.x-9.4.0.x contain an insertion of sensitive information into log file vulnerability in change password api. A low privilege local attacker could potentially exploit this vulnerability, leading to system takeover. • https://www.dell.com/support/kbdoc/en-us/000207863/dell-powerscale-onefs-security-updates-for-multiple-security • CWE-532: Insertion of Sensitive Information into Log File •
CVE-2022-46679
https://notcve.org/view.php?id=CVE-2022-46679
Dell PowerScale OneFS 8.2.x, 9.0.0.x - 9.4.0.x, contain an insufficient resource pool vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service. • https://www.dell.com/support/kbdoc/en-us/000206927/dsa-2022-323-dell-emc-powerscale-onefs-security-updates-for-multiple-security-vulnerabilities • CWE-410: Insufficient Resource Pool •
CVE-2022-45100
https://notcve.org/view.php?id=CVE-2022-45100
Dell PowerScale OneFS, versions 8.2.x-9.3.x, contains an Improper Certificate Validation vulnerability. An remote unauthenticated attacker could potentially exploit this vulnerability, leading to a full compromise of the system. • https://www.dell.com/support/kbdoc/en-us/000206357/dell-emc-powerscale-onefs-security-updates-for-multiple-security-vulnerabilities • CWE-295: Improper Certificate Validation •
CVE-2022-45099
https://notcve.org/view.php?id=CVE-2022-45099
Dell PowerScale OneFS, versions 8.2.x-9.4.x, contain a weak encoding for a NDMP password. A malicious and privileged local attacker could potentially exploit this vulnerability, leading to a full system compromise • https://www.dell.com/support/kbdoc/en-us/000206357/dell-emc-powerscale-onefs-security-updates-for-multiple-security-vulnerabilities • CWE-261: Weak Encoding for Password CWE-276: Incorrect Default Permissions •
CVE-2022-45098
https://notcve.org/view.php?id=CVE-2022-45098
Dell PowerScale OneFS, 9.0.0.x-9.4.0.x, contain a cleartext storage of sensitive information vulnerability in S3 component. An authenticated local attacker could potentially exploit this vulnerability, leading to information disclosure. • https://www.dell.com/support/kbdoc/en-us/000206357/dell-emc-powerscale-onefs-security-updates-for-multiple-security-vulnerabilities • CWE-312: Cleartext Storage of Sensitive Information CWE-532: Insertion of Sensitive Information into Log File •