CVE-2022-34438
https://notcve.org/view.php?id=CVE-2022-34438
Dell PowerScale OneFS, versions 8.2.x-9.4.0.x, contain a privilege context switching error. A local authenticated malicious user with high privileges could potentially exploit this vulnerability, leading to full system compromise. This impacts compliance mode clusters. Dell PowerScale OneFS, versiones 8.2.x-9.4.0.x, contienen un error de cambio de contexto de privilegios. Un usuario malicioso autenticado localmente con altos privilegios podría explotar esta vulnerabilidad, conllevando a un compromiso total del sistema. • https://www.dell.com/support/kbdoc/en-us/000204053/dsa-2022-245-dell-emc-powerscale-onefs-security-update-for-multiple-security-updates • CWE-269: Improper Privilege Management •
CVE-2022-34437
https://notcve.org/view.php?id=CVE-2022-34437
Dell PowerScale OneFS, versions 8.2.2-9.3.0, contain an OS command injection vulnerability. A privileged local malicious user could potentially exploit this vulnerability, leading to a full system compromise. This impacts compliance mode clusters. Dell PowerScale OneFS, versiones 8.2.2-9.3.0, contienen una vulnerabilidad de inyección de comandos del Sistema Operativo. Un usuario local privilegiado y malicioso podría explotar esta vulnerabilidad, conllevando a un compromiso total del sistema. • https://www.dell.com/support/kbdoc/en-us/000204053/dsa-2022-245-dell-emc-powerscale-onefs-security-update-for-multiple-security-updates • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2022-31239
https://notcve.org/view.php?id=CVE-2022-31239
Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, and 9.3.0.6, contain sensitive data in log files vulnerability. A privileged local user may potentially exploit this vulnerability, leading to disclosure of this sensitive data. Dell PowerScale OneFS, versiones 9.0.0 hasta 9.1.0.19, 9.2.1.12 y 9.3.0.6 incluyéndola, contienen una vulnerabilidad de datos confidenciales en archivos de registro. Un usuario local privilegiado podría explotar esta vulnerabilidad, conllevando a una divulgación de estos datos confidenciales • https://www.dell.com/support/kbdoc/en-us/000201094/dsa-2022-149-dell-emc-powerscale-onefs-security-update?lang=en • CWE-532: Insertion of Sensitive Information into Log File •
CVE-2022-34378
https://notcve.org/view.php?id=CVE-2022-34378
Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3, contain a relative path traversal vulnerability. A low privileged local attacker could potentially exploit this vulnerability, leading to denial of service. Dell PowerScale OneFS, versiones 9.0.0 hasta 9.1.0.20, 9.2.1.13, 9.3.0.6 y 9.4.0.3 incluyéndola, contienen una vulnerabilidad de salto de ruta relativa. Un atacante local poco privilegiado podría explotar esta vulnerabilidad, conllevando a una denegación de servicio • https://www.dell.com/support/kbdoc/en-us/000202171/dsa-2022-172-dell-powerscale-onefs-security-update-for-multiple-vulnerabilities • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •
CVE-2022-34371
https://notcve.org/view.php?id=CVE-2022-34371
Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.3, contain an unprotected transport of credentials vulnerability. A malicious unprivileged network attacker could potentially exploit this vulnerability, leading to full system compromise. Dell PowerScale OneFS, versiones 9.0.0 hasta 9.1.0.19, 9.2.1.12, 9.3.0.6 y 9.4.0.3 incluyéndola, contienen una vulnerabilidad de transporte de credenciales sin protección. Un atacante malicioso no privilegiado en la red podría explotar esta vulnerabilidad, conllevando a un compromiso total del sistema • https://www.dell.com/support/kbdoc/en-us/000202171/dsa-2022-172-dell-powerscale-onefs-security-update-for-multiple-vulnerabilities • CWE-522: Insufficiently Protected Credentials •