CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2020-26193
https://notcve.org/view.php?id=CVE-2020-26193
Dell EMC PowerScale OneFS versions 8.1.0 - 9.1.0 contain an improper input validation vulnerability. A user with the ISI_PRIV_CLUSTER privilege may exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Dell EMC PowerScale OneFS versiones 8.1.0 - 9.1.0, contienen una vulnerabilidad de comprobación inapropiada de la entrada. Un usuario con el privilegio ISI_PRIV_CLUSTER puede explotar esta vulnerabilidad, conllevando a una ejecución de comandos arbitrarios del Sistema Operativo en el Sistema Operativo subyacente de la aplicación, con los privilegios de la aplicación vulnerable • https://www.dell.com/support/kbdoc/en-us/000182873/dsa-2021-009-dell-powerscale-onefs-security-update-for-multiple-vulnerabilities • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2020-26192
https://notcve.org/view.php?id=CVE-2020-26192
Dell EMC PowerScale OneFS versions 8.2.0 - 9.1.0 contain a privilege escalation vulnerability. A non-admin user with either ISI_PRIV_LOGIN_CONSOLE or ISI_PRIV_LOGIN_SSH may potentially exploit this vulnerability to read arbitrary data, tamper with system software or deny service to users. Note: no non-admin users or roles have these privileges by default. Dell EMC PowerScale OneFS versiones 8.2.0 - 9.1.0, contienen una vulnerabilidad de escalada de privilegios. Un usuario que no sea administrador con ISI_PRIV_LOGIN_CONSOLE o ISI_PRIV_LOGIN_SSH puede explotar esta vulnerabilidad para leer datos arbitrarios, alterar el software del sistema o denegar el servicio a los usuarios. • https://www.dell.com/support/kbdoc/en-us/000182873/dsa-2021-009-dell-powerscale-onefs-security-update-for-multiple-vulnerabilities • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2020-26191
https://notcve.org/view.php?id=CVE-2020-26191
Dell EMC PowerScale OneFS versions 8.1.0 - 9.1.0 contain a privilege escalation vulnerability. A user with ISI_PRIV_JOB_ENGINE may use the PermissionRepair job to grant themselves the highest level of RBAC privileges thus being able to read arbitrary data, tamper with system software or deny service to users. Dell EMC PowerScale OneFS versiones 8.1.0 - 9.1.0, contienen una vulnerabilidad de escalada de privilegios. Un usuario con ISI_PRIV_JOB_ENGINE puede usar el trabajo PermissionRepair para otorgarse el nivel más alto de privilegios RBAC y así poder leer datos arbitrarios, alterar el software del sistema o denegar el servicio a los usuarios • https://www.dell.com/support/kbdoc/en-us/000182873/dsa-2021-009-dell-powerscale-onefs-security-update-for-multiple-vulnerabilities • CWE-269: Improper Privilege Management •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2020-29495
https://notcve.org/view.php?id=CVE-2020-29495
DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain an OS Command Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS with high privileges. This vulnerability is considered critical as it can be leveraged to completely compromise the vulnerable application as well as the underlying operating system. Dell recommends customers to upgrade at the earliest opportunity. DELL EMC Avamar Server, versiones 19.1, 19.2, 19.3, contienen una vulnerabilidad de inyección de comandos del sistema operativo en Fitness Analyzer. • https://www.dell.com/support/kbdoc/en-us/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.7EPSS: 0%CPEs: 5EXPL: 0CVE-2020-29494
https://notcve.org/view.php?id=CVE-2020-29494
Dell EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a Path Traversal Vulnerability in PDM. A remote user could potentially exploit this vulnerability, to gain unauthorized write access to the arbitrary files stored on the server filesystem, causing deletion of arbitrary files. Dell EMC Avamar Server, versiones 19.1, 19.2, 19.3, contiene una vulnerabilidad de salto de ruta en PDM. Un usuario remoto podría aprovechar esta vulnerabilidad para conseguir acceso de escritura no autorizado a los archivos arbitrarios almacenados en el sistema de archivos del servidor, causando la eliminación de archivos arbitrarios • https://www.dell.com/support/kbdoc/en-us/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •