CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-26194
https://notcve.org/view.php?id=CVE-2020-26194
09 Feb 2021 — Dell EMC PowerScale OneFS versions 8.1.2 and 8.2.2 contain an Incorrect Permission Assignment for a Critical Resource vulnerability. This may allow a non-admin user with either ISI_PRIV_LOGIN_CONSOLE or ISI_PRIV_LOGIN_SSH privileges to exploit the vulnerability, leading to compromised cryptographic operations. Note: no non-admin users or roles have these privileges by default. Dell EMC PowerScale OneFS versiones 8.1.2 y 8.2.2, contienen una asignación de Permisos Incorrecto para una vulnerabilidad de Recurs... • https://www.dell.com/support/kbdoc/en-us/000182873/dsa-2021-009-dell-powerscale-onefs-security-update-for-multiple-vulnerabilities • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2020-26193
https://notcve.org/view.php?id=CVE-2020-26193
09 Feb 2021 — Dell EMC PowerScale OneFS versions 8.1.0 - 9.1.0 contain an improper input validation vulnerability. A user with the ISI_PRIV_CLUSTER privilege may exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Dell EMC PowerScale OneFS versiones 8.1.0 - 9.1.0, contienen una vulnerabilidad de comprobación inapropiada de la entrada. Un usuario con el privilegio ISI_PRIV_CLUSTER puede explotar esta vulne... • https://www.dell.com/support/kbdoc/en-us/000182873/dsa-2021-009-dell-powerscale-onefs-security-update-for-multiple-vulnerabilities • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2020-26191
https://notcve.org/view.php?id=CVE-2020-26191
09 Feb 2021 — Dell EMC PowerScale OneFS versions 8.1.0 - 9.1.0 contain a privilege escalation vulnerability. A user with ISI_PRIV_JOB_ENGINE may use the PermissionRepair job to grant themselves the highest level of RBAC privileges thus being able to read arbitrary data, tamper with system software or deny service to users. Dell EMC PowerScale OneFS versiones 8.1.0 - 9.1.0, contienen una vulnerabilidad de escalada de privilegios. Un usuario con ISI_PRIV_JOB_ENGINE puede usar el trabajo PermissionRepair para otorgarse... • https://www.dell.com/support/kbdoc/en-us/000182873/dsa-2021-009-dell-powerscale-onefs-security-update-for-multiple-vulnerabilities • CWE-269: Improper Privilege Management •