CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5328
https://notcve.org/view.php?id=CVE-2020-5328
Dell EMC Isilon OneFS versions prior to 8.2.0 contain an unauthorized access vulnerability due to a lack of thorough authorization checks when SyncIQ is licensed, but encrypted syncs are not marked as required. When this happens, loss of control of the cluster can occur. Dell EMC Isilon OneFS versiones anteriores a 8.2.0, contienen una vulnerabilidad de acceso no autorizado debido a una falta de comprobaciones de autorización exhaustivas cuando SyncIQ es licenciada, pero las sincronizaciones cifradas no son marcadas como requeridas. Cuando esto se presenta, puede ocurrir una pérdida de control del clúster. • https://www.dell.com/support/security/en-us/details/541423/DSA-2020-039-Dell-EMC-Isilon-OneFS-Security-Update-for-a-SyncIQ-Vulnerability • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-5318
https://notcve.org/view.php?id=CVE-2020-5318
Dell EMC Isilon OneFS versions 8.1.2, 8.1.0.4, 8.1.0.3, and 8.0.0.7 contain a vulnerability in some configurations. An attacker may exploit this vulnerability to gain access to restricted files. The non-RAN HTTP and WebDAV file-serving components have a vulnerability wherein when either are enabled, and Basic Authentication is enabled for either or both components, files are accessible without authentication. Dell EMC Isilon OneFS versiones 8.1.2, 8.1.0.4, 8.1.0.3 y 8.0.0.7, presenta una vulnerabilidad en algunas configuraciones. Un atacante puede explotar esta vulnerabilidad para conseguir acceso a archivos restringidos. • https://www.dell.com/support/security/en-us/details/540708/DSA-2020-018-Dell-EMC-Isilon-OneFS-Security-Update-for-Improper-Authorization-Vulnerability • CWE-285: Improper Authorization CWE-863: Incorrect Authorization •
CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 2CVE-2018-1204 – Dell EMC Isilon OneFS - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2018-1204
Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a path traversal vulnerability in the isi_phone_home tool. A malicious compadmin may potentially exploit this vulnerability to execute arbitrary code with root privileges. Dell EMC Isilon OneFS, en versiones entre la 8.1.0.0 y la 8.1.0.1, la 8.0.1.0 y la 8.0.1.2 y entre la 8.0.0.0 y la 8.0.0.6; versiones 7.2.1.x y versión 7.1.1.11, contiene un salto de directorio en la herramienta isi_phone_home. Un usuario compadmin malicioso podría explotar esta vulnerabilidad para ejecutar código arbitrario con privilegios root. Dell EMC Isilon OneFS suffers from code execution, cross site request forgery, and cross site scripting vulnerabilities. • https://www.exploit-db.com/exploits/44039 http://seclists.org/fulldisclosure/2018/Mar/50 http://www.securityfocus.com/bid/103033 https://www.coresecurity.com/advisories/dell-emc-isilon-onefs-multiple-vulnerabilities • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.8EPSS: 0%CPEs: 5EXPL: 2CVE-2018-1186 – Dell EMC Isilon OneFS - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2018-1186
Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Cluster description of the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website. Dell EMC Isilon en versiones entre la 8.1.0.0 y la 8.1.0.1, la 8.0.1.0 y la 8.0.1.2 y entre la 8.0.0.0 y la 8.0.0.6; versiones 7.2.1.x y versión 7.1.1.11 contiene una vulnerabilidad de Cross-Site Scripting (XSS) en la descripción del clúster de la interfaz de administración web OneFS. Un administrador malicioso podría inyectar código HTML o JavaScript arbitrario en la sesión del navegador del usuario, en el contexto del sitio web OneFS. Dell EMC Isilon OneFS suffers from code execution, cross site request forgery, and cross site scripting vulnerabilities. • https://www.exploit-db.com/exploits/44039 http://seclists.org/fulldisclosure/2018/Mar/50 http://www.securityfocus.com/bid/103033 https://www.coresecurity.com/advisories/dell-emc-isilon-onefs-multiple-vulnerabilities • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 3EXPL: 2CVE-2018-1187 – Dell EMC Isilon OneFS - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2018-1187
Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6 is affected by a cross-site scripting vulnerability in the Network Configuration page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website. Dell EMC Isilon en versiones entre la 8.1.0.0 y la 8.1.0.1, la 8.0.1.0 y la 8.0.1.2 y entre la 8.0.0.0 y la 8.0.0.6 contiene una vulnerabilidad de Cross-Site Scripting (XSS) en la página Network Configuration de la interfaz de administración web OneFS. Un administrador malicioso podría inyectar código HTML o JavaScript arbitrario en la sesión del navegador del usuario, en el contexto del sitio web OneFS. Dell EMC Isilon OneFS suffers from code execution, cross site request forgery, and cross site scripting vulnerabilities. • https://www.exploit-db.com/exploits/44039 http://seclists.org/fulldisclosure/2018/Mar/50 http://www.securityfocus.com/bid/103033 https://www.coresecurity.com/advisories/dell-emc-isilon-onefs-multiple-vulnerabilities • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •