CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0CVE-2021-21595
https://notcve.org/view.php?id=CVE-2021-21595
Dell EMC PowerScale OneFS versions 8.2.x - 9.1.1.x contain an improper neutralization of special elements used in an OS command. This vulnerability could allow the compadmin user to elevate privileges. This only impacts Smartlock WORM compliance mode clusters as a critical vulnerability and Dell recommends to update/upgrade at the earliest opportunity. Dell EMC PowerScale OneFS versiones 8.2.x - 9.1.1.x, contienen una neutralización inapropiada de los elementos especiales usados en un comando del Sistema Operativo. Esta vulnerabilidad podría permitir al usuario compadmin elevar sus privilegios. • https://www.dell.com/support/kbdoc/000190408 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.2EPSS: 0%CPEs: 2EXPL: 0CVE-2021-21594
https://notcve.org/view.php?id=CVE-2021-21594
Dell PowerScale OneFS versions 8.2.2 - 9.1.0.x contain a use of get request method with sensitive query strings vulnerability. It can lead to potential disclosure of sensitive data. Dell recommends upgrading at your earliest opportunity. Dell PowerScale OneFS versiones 8.2.2 - 9.1.0.x, contienen una vulnerabilidad en el uso del método de petición get con cadenas de consulta confidenciales. Puede conllevar a una potencial divulgación de datos confidenciales. • https://www.dell.com/support/kbdoc/000190408 • CWE-598: Use of GET Request Method With Sensitive Query Strings •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-21592
https://notcve.org/view.php?id=CVE-2021-21592
Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x improperly handle an exceptional condition. A remote low privileged user could potentially exploit this vulnerability, leading to unauthorized information disclosure. Dell EMC PowerScale OneFS versiones 8.2.x - 9.2.x, manejan inapropiadamente una condición excepcional. Un usuario remoto poco privilegiado podría explotar potencialmente esta vulnerabilidad, conllevando a una divulgación de información no autorizada. • https://www.dell.com/support/kbdoc/000190408 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-21568
https://notcve.org/view.php?id=CVE-2021-21568
Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an insufficient logging vulnerability. An authenticated user with ISI_PRIV_LOGIN_PAPI could make un-audited and un-trackable configuration changes to settings that their roles have privileges to change. Dell EMC PowerScale OneFS versiones 8.2.x - 9.2.x, contienen una vulnerabilidad de registro insuficiente. Un usuario autenticado con ISI_PRIV_LOGIN_PAPI podría realizar cambios de configuración no auditados y no rastreables en las configuraciones que sus roles presentan privilegios para cambiar. • https://www.dell.com/support/kbdoc/000190408 •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-21601
https://notcve.org/view.php?id=CVE-2021-21601
Dell EMC Data Protection Search, 19.4 and prior, and IDPA, 2.6.1 and prior, contain an Information Exposure in Log File Vulnerability in CIS. A local low privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with the privileges of the compromised account. Dell EMC Data Protection Search, versiones 19.4 y anteriores, e IDPA, 2.6.1 y anteriores, contienen una vulnerabilidad de Exposición de Información en Archivos de Registro en CIS. Un atacante local poco privilegiado podría explotar potencialmente esta vulnerabilidad, conllevando a la divulgación de determinadas credenciales de usuario. • https://www.dell.com/support/kbdoc/000189555 • CWE-532: Insertion of Sensitive Information into Log File •