CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-22560
https://notcve.org/view.php?id=CVE-2022-22560
12 Apr 2022 — Dell EMC PowerScale OneFS 8.1.x - 9.1.x contain hard coded credentials. This allows a local user with knowledge of the credentials to login as the admin user to the backend ethernet switch of a PowerScale cluster. The attacker can exploit this vulnerability to take the switch offline. Dell EMC PowerScale OneFS 8.1.x - 9.1.x contienen credenciales embebidas. Esto permite a un usuario local con conocimiento de las credenciales iniciar sesión como usuario administrador en el conmutador ethernet backend de un c... • https://www.dell.com/support/kbdoc/000195815 • CWE-798: Use of Hard-coded Credentials •
CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 0CVE-2020-26197
https://notcve.org/view.php?id=CVE-2020-26197
20 Apr 2021 — Dell PowerScale OneFS 8.1.0 - 9.1.0 contains an LDAP Provider inability to connect over TLSv1.2 vulnerability. It may make it easier to eavesdrop and decrypt such traffic for a malicious actor. Note: This does not affect clusters which are not relying on an LDAP server for the authentication provider. Dell PowerScale OneFS versiones 8.1.0 - 9.1.0, contiene una vulnerabilidad de Proveedor LDAP inhabilitado para conectarse por medio de TLSv1.2. Puede facilitar la escucha a escondidas y descifrar dicho tr... • https://www.dell.com/support/kbdoc/000185202 • CWE-319: Cleartext Transmission of Sensitive Information CWE-326: Inadequate Encryption Strength •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-21502
https://notcve.org/view.php?id=CVE-2021-21502
09 Feb 2021 — Dell PowerScale OneFS versions 8.1.0 – 9.1.0 contain a "use of SSH key past account expiration" vulnerability. A user on the network with the ISI_PRIV_AUTH_SSH RBAC privilege that has an expired account may potentially exploit this vulnerability, giving them access to the same things they had before account expiration. This may by a high privileged account and hence Dell recommends customers upgrade at the earliest opportunity. Dell PowerScale OneFS versiones 8.1.0 - 9.1.0, contienen una vulnerabilidad de "... • https://www.dell.com/support/kbdoc/en-us/000182873/dsa-2021-009-dell-powerscale-onefs-security-update-for-multiple-vulnerabilities • CWE-287: Improper Authentication •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2020-26196
https://notcve.org/view.php?id=CVE-2020-26196
09 Feb 2021 — Dell EMC PowerScale OneFS versions 8.1.0-9.1.0 contain a Backup/Restore Privilege implementation issue. A user with the BackupAdmin role may potentially exploit this vulnerability resulting in the ability to write data outside of the intended file system location. Dell EMC PowerScale OneFS versiones 8.1.0-9.1.0, contienen un problema de implementación del Privilegio Backup/Restore. Un usuario con el rol BackupAdmin puede explotar esta vulnerabilidad, resultando en la habilidad de escribir datos fuera d... • https://www.dell.com/support/kbdoc/en-us/000182873/dsa-2021-009-dell-powerscale-onefs-security-update-for-multiple-vulnerabilities • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2020-26193
https://notcve.org/view.php?id=CVE-2020-26193
09 Feb 2021 — Dell EMC PowerScale OneFS versions 8.1.0 - 9.1.0 contain an improper input validation vulnerability. A user with the ISI_PRIV_CLUSTER privilege may exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Dell EMC PowerScale OneFS versiones 8.1.0 - 9.1.0, contienen una vulnerabilidad de comprobación inapropiada de la entrada. Un usuario con el privilegio ISI_PRIV_CLUSTER puede explotar esta vulne... • https://www.dell.com/support/kbdoc/en-us/000182873/dsa-2021-009-dell-powerscale-onefs-security-update-for-multiple-vulnerabilities • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2020-26191
https://notcve.org/view.php?id=CVE-2020-26191
09 Feb 2021 — Dell EMC PowerScale OneFS versions 8.1.0 - 9.1.0 contain a privilege escalation vulnerability. A user with ISI_PRIV_JOB_ENGINE may use the PermissionRepair job to grant themselves the highest level of RBAC privileges thus being able to read arbitrary data, tamper with system software or deny service to users. Dell EMC PowerScale OneFS versiones 8.1.0 - 9.1.0, contienen una vulnerabilidad de escalada de privilegios. Un usuario con ISI_PRIV_JOB_ENGINE puede usar el trabajo PermissionRepair para otorgarse... • https://www.dell.com/support/kbdoc/en-us/000182873/dsa-2021-009-dell-powerscale-onefs-security-update-for-multiple-vulnerabilities • CWE-269: Improper Privilege Management •