CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-22560
https://notcve.org/view.php?id=CVE-2022-22560
12 Apr 2022 — Dell EMC PowerScale OneFS 8.1.x - 9.1.x contain hard coded credentials. This allows a local user with knowledge of the credentials to login as the admin user to the backend ethernet switch of a PowerScale cluster. The attacker can exploit this vulnerability to take the switch offline. Dell EMC PowerScale OneFS 8.1.x - 9.1.x contienen credenciales embebidas. Esto permite a un usuario local con conocimiento de las credenciales iniciar sesión como usuario administrador en el conmutador ethernet backend de un c... • https://www.dell.com/support/kbdoc/000195815 • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-21561
https://notcve.org/view.php?id=CVE-2021-21561
23 Nov 2021 — Dell PowerScale OneFS version 8.1.2 contains a sensitive information exposure vulnerability. This would allow a malicious user with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE privileges to gain access to sensitive information in the log files. Dell PowerScale OneFS versión 8.1.2, contiene una vulnerabilidad de exposición de información confidencial. Esto permitiría a un usuario malicioso con privilegios ISI_PRIV_LOGIN_SSH y/o ISI_PRIV_LOGIN_CONSOLE conseguir acceso a información confidencial en los ar... • https://www.dell.com/support/kbdoc/000191265 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 4.4EPSS: 0%CPEs: 4EXPL: 0CVE-2021-21562
https://notcve.org/view.php?id=CVE-2021-21562
02 Aug 2021 — Dell EMC PowerScale OneFS contains an untrusted search path vulnerability. This vulnerability allows a user with (ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE) and (ISI_PRIV_SYS_UPGRADE or ISI_PRIV_AUDIT) to provide an untrusted path which can lead to run resources that are not under the application’s direct control. Dell EMC PowerScale OneFS contiene una vulnerabilidad de ruta de búsqueda no confiable. Esta vulnerabilidad permite a un usuario con (ISI_PRIV_LOGIN_SSH o ISI_PRIV_LOGIN_CONSOLE) e (ISI_PR... • https://www.dell.com/support/kbdoc/000188148 • CWE-426: Untrusted Search Path •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2021-21550
https://notcve.org/view.php?id=CVE-2021-21550
06 May 2021 — Dell EMC PowerScale OneFS 8.1.0-9.1.0 contain an improper neutralization of special elements used in an OS command vulnerability. This vulnerability can allow an authenticated user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE privileges to escalate privileges. Dell EMC PowerScale OneFS versión 8.1.0-9.1.0, contienen una neutralización inapropiada de elementos especiales utilizados en una vulnerabilidad de comando del Sistema Operativo. Esta vulnerabilidad puede permitir a un usuario autenticado co... • https://www.dell.com/support/kbdoc/000185978 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 0CVE-2020-26197
https://notcve.org/view.php?id=CVE-2020-26197
20 Apr 2021 — Dell PowerScale OneFS 8.1.0 - 9.1.0 contains an LDAP Provider inability to connect over TLSv1.2 vulnerability. It may make it easier to eavesdrop and decrypt such traffic for a malicious actor. Note: This does not affect clusters which are not relying on an LDAP server for the authentication provider. Dell PowerScale OneFS versiones 8.1.0 - 9.1.0, contiene una vulnerabilidad de Proveedor LDAP inhabilitado para conectarse por medio de TLSv1.2. Puede facilitar la escucha a escondidas y descifrar dicho tr... • https://www.dell.com/support/kbdoc/000185202 • CWE-319: Cleartext Transmission of Sensitive Information CWE-326: Inadequate Encryption Strength •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-21506
https://notcve.org/view.php?id=CVE-2021-21506
08 Mar 2021 — PowerScale OneFS 8.1.2,8.2.2 and 9.1.0 contains an improper input sanitization issue in its API handler. An un-authtenticated with ISI_PRIV_SYS_SUPPORT and ISI_PRIV_LOGIN_PAPI privileges could potentially exploit this vulnerability, leading to potential privileges escalation. PowerScale OneFS versiones 8.1.2, 8.2.2 y 9.1.0, contiene un problema de saneamiento de entrada inapropiado en su controlador de API. Un usuario sin autorización con privilegios ISI_PRIV_SYS_SUPPORT e ISI_PRIV_LOGIN_PAPI podría ex... • https://www.dell.com/support/kbdoc/000183717 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-21503
https://notcve.org/view.php?id=CVE-2021-21503
08 Mar 2021 — PowerScale OneFS 8.1.2,8.2.2 and 9.1.0 contains an improper input sanitization issue in a command. The Compadmin user could potentially exploit this vulnerability, leading to potential privileges escalation. PowerScale OneFS versiones 8.1.2, 8.2.2 y 9.1.0, contiene un problema de saneamiento de entrada inapropiado en un comando. El usuario de Compadmin podría aprovechar esta vulnerabilidad, conllevando a una posible escalada de privilegios • https://www.dell.com/support/kbdoc/000183717 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-21502
https://notcve.org/view.php?id=CVE-2021-21502
09 Feb 2021 — Dell PowerScale OneFS versions 8.1.0 – 9.1.0 contain a "use of SSH key past account expiration" vulnerability. A user on the network with the ISI_PRIV_AUTH_SSH RBAC privilege that has an expired account may potentially exploit this vulnerability, giving them access to the same things they had before account expiration. This may by a high privileged account and hence Dell recommends customers upgrade at the earliest opportunity. Dell PowerScale OneFS versiones 8.1.0 - 9.1.0, contienen una vulnerabilidad de "... • https://www.dell.com/support/kbdoc/en-us/000182873/dsa-2021-009-dell-powerscale-onefs-security-update-for-multiple-vulnerabilities • CWE-287: Improper Authentication •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2020-26196
https://notcve.org/view.php?id=CVE-2020-26196
09 Feb 2021 — Dell EMC PowerScale OneFS versions 8.1.0-9.1.0 contain a Backup/Restore Privilege implementation issue. A user with the BackupAdmin role may potentially exploit this vulnerability resulting in the ability to write data outside of the intended file system location. Dell EMC PowerScale OneFS versiones 8.1.0-9.1.0, contienen un problema de implementación del Privilegio Backup/Restore. Un usuario con el rol BackupAdmin puede explotar esta vulnerabilidad, resultando en la habilidad de escribir datos fuera d... • https://www.dell.com/support/kbdoc/en-us/000182873/dsa-2021-009-dell-powerscale-onefs-security-update-for-multiple-vulnerabilities • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.3EPSS: 1%CPEs: 6EXPL: 0CVE-2020-26195
https://notcve.org/view.php?id=CVE-2020-26195
09 Feb 2021 — Dell EMC PowerScale OneFS versions 8.1.2 – 9.1.0 contain an issue where the OneFS SMB directory auto-create may erroneously create a directory for a user. A remote unauthenticated attacker may take advantage of this issue to slow down the system. Dell EMC PowerScale OneFS versiones 8.1.2 - 9.1.0, contienen un problema en el que la creación automática del directorio SMB de OneFS puede crear erróneamente un directorio para un usuario. Un atacante remoto no autenticado puede tomar ventaja de este problema... • https://www.dell.com/support/kbdoc/en-us/000182873/dsa-2021-009-dell-powerscale-onefs-security-update-for-multiple-vulnerabilities • CWE-280: Improper Handling of Insufficient Permissions or Privileges CWE-755: Improper Handling of Exceptional Conditions •