CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-36280
https://notcve.org/view.php?id=CVE-2021-36280
16 Aug 2021 — Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment for critical resource vulnerability. This could allow a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to access privileged information about the cluster. Dell EMC PowerScale OneFS versiones 8.2.x - 9.2.x, contienen una vulnerabilidad de asignación de permisos incorrecta para recursos críticos. Esto podría permitir a un usuario privilegiado ISI_PRIV_LOGIN_SSH o ISI_PRIV_LOGIN_CONSOLE acceder a información pri... • https://www.dell.com/support/kbdoc/000190408 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-36279
https://notcve.org/view.php?id=CVE-2021-36279
16 Aug 2021 — Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment for critical resource vulnerability. This could allow a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to access privileged information about the cluster. Dell EMC PowerScale OneFS versiones 8.2.x - 9.2.x, contienen una asignación de permisos incorrecta para la vulnerabilidad de los recursos críticos. Esto podría permitir a un usuario privilegiado ISI_PRIV_LOGIN_SSH o ISI_PRIV_LOGIN_CONSOLE acceder a informac... • https://www.dell.com/support/kbdoc/000190408 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.1EPSS: 0%CPEs: 4EXPL: 0CVE-2021-36278
https://notcve.org/view.php?id=CVE-2021-36278
16 Aug 2021 — Dell EMC PowerScale OneFS versions 8.2.x, 9.1.0.x, and 9.1.1.1 contain a sensitive information exposure vulnerability in log files. A local malicious user with ISI_PRIV_LOGIN_SSH, ISI_PRIV_LOGIN_CONSOLE, or ISI_PRIV_SYS_SUPPORT privileges may exploit this vulnerability to access sensitive information. If any third-party consumes those logs, the same sensitive information is available to those systems as well. Las versiones 8.2.x, 9.1.0.x y 9.1.1.1 de Dell EMC PowerScale OneFS contienen una vulnerabilidad de... • https://www.dell.com/support/kbdoc/000190408 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0CVE-2021-21599
https://notcve.org/view.php?id=CVE-2021-21599
16 Aug 2021 — Dell EMC PowerScale OneFS versions 8.2.x - 9.2.1.x contain an OS command injection vulnerability. This may allow a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to escalate privileges and escape the compliance guarantees. This only impacts Smartlock WORM compliance mode clusters as a critical vulnerability and Dell recommends to update/upgrade at the earliest opportunity. Dell EMC PowerScale OneFS versiones 8.2.x - 9.2.1.x, contienen una vulnerabilidad de inyección de comandos del Sistema Operativo... • https://www.dell.com/support/kbdoc/000190408 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0CVE-2021-21595
https://notcve.org/view.php?id=CVE-2021-21595
16 Aug 2021 — Dell EMC PowerScale OneFS versions 8.2.x - 9.1.1.x contain an improper neutralization of special elements used in an OS command. This vulnerability could allow the compadmin user to elevate privileges. This only impacts Smartlock WORM compliance mode clusters as a critical vulnerability and Dell recommends to update/upgrade at the earliest opportunity. Dell EMC PowerScale OneFS versiones 8.2.x - 9.1.1.x, contienen una neutralización inapropiada de los elementos especiales usados en un comando del Sistema Op... • https://www.dell.com/support/kbdoc/000190408 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-21592
https://notcve.org/view.php?id=CVE-2021-21592
16 Aug 2021 — Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x improperly handle an exceptional condition. A remote low privileged user could potentially exploit this vulnerability, leading to unauthorized information disclosure. Dell EMC PowerScale OneFS versiones 8.2.x - 9.2.x, manejan inapropiadamente una condición excepcional. Un usuario remoto poco privilegiado podría explotar potencialmente esta vulnerabilidad, conllevando a una divulgación de información no autorizada. • https://www.dell.com/support/kbdoc/000190408 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-21568
https://notcve.org/view.php?id=CVE-2021-21568
16 Aug 2021 — Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an insufficient logging vulnerability. An authenticated user with ISI_PRIV_LOGIN_PAPI could make un-audited and un-trackable configuration changes to settings that their roles have privileges to change. Dell EMC PowerScale OneFS versiones 8.2.x - 9.2.x, contienen una vulnerabilidad de registro insuficiente. Un usuario autenticado con ISI_PRIV_LOGIN_PAPI podría realizar cambios de configuración no auditados y no rastreables en las configuraciones que s... • https://www.dell.com/support/kbdoc/000190408 •