CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-36280
https://notcve.org/view.php?id=CVE-2021-36280
Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment for critical resource vulnerability. This could allow a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to access privileged information about the cluster. Dell EMC PowerScale OneFS versiones 8.2.x - 9.2.x, contienen una vulnerabilidad de asignación de permisos incorrecta para recursos críticos. Esto podría permitir a un usuario privilegiado ISI_PRIV_LOGIN_SSH o ISI_PRIV_LOGIN_CONSOLE acceder a información privilegiada sobre el clúster. • https://www.dell.com/support/kbdoc/000190408 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-36279
https://notcve.org/view.php?id=CVE-2021-36279
Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment for critical resource vulnerability. This could allow a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to access privileged information about the cluster. Dell EMC PowerScale OneFS versiones 8.2.x - 9.2.x, contienen una asignación de permisos incorrecta para la vulnerabilidad de los recursos críticos. Esto podría permitir a un usuario privilegiado ISI_PRIV_LOGIN_SSH o ISI_PRIV_LOGIN_CONSOLE acceder a información privilegiada sobre el cluster. • https://www.dell.com/support/kbdoc/000190408 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0CVE-2021-21599
https://notcve.org/view.php?id=CVE-2021-21599
Dell EMC PowerScale OneFS versions 8.2.x - 9.2.1.x contain an OS command injection vulnerability. This may allow a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to escalate privileges and escape the compliance guarantees. This only impacts Smartlock WORM compliance mode clusters as a critical vulnerability and Dell recommends to update/upgrade at the earliest opportunity. Dell EMC PowerScale OneFS versiones 8.2.x - 9.2.1.x, contienen una vulnerabilidad de inyección de comandos del Sistema Operativo. Esto puede permitir a un usuario con los privilegios ISI_PRIV_LOGIN_SSH o ISI_PRIV_LOGIN_CONSOLE escalar privilegios y escapar de las garantías de cumplimiento. • https://www.dell.com/support/kbdoc/000190408 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0CVE-2021-21595
https://notcve.org/view.php?id=CVE-2021-21595
Dell EMC PowerScale OneFS versions 8.2.x - 9.1.1.x contain an improper neutralization of special elements used in an OS command. This vulnerability could allow the compadmin user to elevate privileges. This only impacts Smartlock WORM compliance mode clusters as a critical vulnerability and Dell recommends to update/upgrade at the earliest opportunity. Dell EMC PowerScale OneFS versiones 8.2.x - 9.1.1.x, contienen una neutralización inapropiada de los elementos especiales usados en un comando del Sistema Operativo. Esta vulnerabilidad podría permitir al usuario compadmin elevar sus privilegios. • https://www.dell.com/support/kbdoc/000190408 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.2EPSS: 0%CPEs: 2EXPL: 0CVE-2021-21594
https://notcve.org/view.php?id=CVE-2021-21594
Dell PowerScale OneFS versions 8.2.2 - 9.1.0.x contain a use of get request method with sensitive query strings vulnerability. It can lead to potential disclosure of sensitive data. Dell recommends upgrading at your earliest opportunity. Dell PowerScale OneFS versiones 8.2.2 - 9.1.0.x, contienen una vulnerabilidad en el uso del método de petición get con cadenas de consulta confidenciales. Puede conllevar a una potencial divulgación de datos confidenciales. • https://www.dell.com/support/kbdoc/000190408 • CWE-598: Use of GET Request Method With Sensitive Query Strings •