Page 2 of 10 results (0.009 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Dell EMC Isilon OneFS versions 8.2.2 and earlier contain an SNMPv2 vulnerability. The SNMPv2 services is enabled, by default, with a pre-configured community string. This community string allows read-only access to many aspects of the Isilon cluster, some of which are considered sensitive and can foster additional access. Dell EMC Isilon OneFS versiones 8.2.2 y anteriores, contienen una vulnerabilidad de SNMPv2. Los servicios SNMPv2 están habilitados, por defecto, con una cadena de comunidad preconfigurada. • https://www.dell.com/support/security/en-us/details/543775/DSA-2020-124-Dell-EMC-Isilon-OneFS-Security-Update-for-Multiple-Vulnerabilities • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-201: Insertion of Sensitive Information Into Sent Data •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Dell EMC Isilon OneFS versions 8.2.2 and earlier contain a denial of service vulnerability. SmartConnect had an error condition that may be triggered to loop, using CPU and potentially preventing other SmartConnect DNS responses. Dell EMC Isilon OneFS versiones 8.2.2 y anteriores, contienen una vulnerabilidad de denegación de servicio. SmartConnect presentaba una condición de error que puede ser activada para un bucle, usando la CPU y potencialmente impidiendo otras respuestas DNS de SmartConnect. • https://www.dell.com/support/security/en-us/details/542190/DSA-2020-054-Dell-EMC-Isilon-OneFS-Security-Update-for-DNS-Protocol-Vulnerabilities • CWE-400: Uncontrolled Resource Consumption •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

Dell EMC Isilon OneFS versions prior to 8.2.0 contain an unauthorized access vulnerability due to a lack of thorough authorization checks when SyncIQ is licensed, but encrypted syncs are not marked as required. When this happens, loss of control of the cluster can occur. Dell EMC Isilon OneFS versiones anteriores a 8.2.0, contienen una vulnerabilidad de acceso no autorizado debido a una falta de comprobaciones de autorización exhaustivas cuando SyncIQ es licenciada, pero las sincronizaciones cifradas no son marcadas como requeridas. Cuando esto se presenta, puede ocurrir una pérdida de control del clúster. • https://www.dell.com/support/security/en-us/details/541423/DSA-2020-039-Dell-EMC-Isilon-OneFS-Security-Update-for-a-SyncIQ-Vulnerability • CWE-306: Missing Authentication for Critical Function •

CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 2

Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a path traversal vulnerability in the isi_phone_home tool. A malicious compadmin may potentially exploit this vulnerability to execute arbitrary code with root privileges. Dell EMC Isilon OneFS, en versiones entre la 8.1.0.0 y la 8.1.0.1, la 8.0.1.0 y la 8.0.1.2 y entre la 8.0.0.0 y la 8.0.0.6; versiones 7.2.1.x y versión 7.1.1.11, contiene un salto de directorio en la herramienta isi_phone_home. Un usuario compadmin malicioso podría explotar esta vulnerabilidad para ejecutar código arbitrario con privilegios root. Dell EMC Isilon OneFS suffers from code execution, cross site request forgery, and cross site scripting vulnerabilities. • https://www.exploit-db.com/exploits/44039 http://seclists.org/fulldisclosure/2018/Mar/50 http://www.securityfocus.com/bid/103033 https://www.coresecurity.com/advisories/dell-emc-isilon-onefs-multiple-vulnerabilities • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 2

Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 and 8.1.0.2 is affected by a cross-site request forgery vulnerability. A malicious user may potentially exploit this vulnerability to send unauthorized requests to the server on behalf of authenticated users of the application. Dell EMC Isilon OneFS, en versiones entre la 8.1.0.0 y la 8.1.0.1, la 8.0.1.0 y la 8.0.1.2 y entre la 8.0.0.0 y la 8.0.0.6; versiones 7.2.1.x; versión 7.1.1.11 y 8.1.0.2, contiene una vulnerabilidad de Cross-Site Request Forgery (CSRF). Un usuario malicioso podría explotar esta vulnerabilidad para enviar peticiones no autorizadas al servidor en nombre de usuarios autenticados de la aplicación. Dell EMC Isilon OneFS suffers from code execution, cross site request forgery, and cross site scripting vulnerabilities. • https://www.exploit-db.com/exploits/44039 http://seclists.org/fulldisclosure/2018/Mar/50 http://www.securityfocus.com/bid/103033 https://www.coresecurity.com/advisories/dell-emc-isilon-onefs-multiple-vulnerabilities • CWE-352: Cross-Site Request Forgery (CSRF) •