CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1205
https://notcve.org/view.php?id=CVE-2018-1205
Dell EMC ScaleIO, versions prior to 2.5, do not properly handle some packet data in the MDM service. As a result, a remote attacker could potentially send specifically crafted packet data to the MDM service causing it to crash. Dell EMC ScaleIO, en versiones anteriores a la 2.5, no gestiona correctamente algunos datos de paquetes en el servicio MDM. Como resultado, un atacante remoto podría enviar datos de paquetes especialmente manipulados al servicio MDM, lo que provocaría su cierre inesperado. • http://seclists.org/fulldisclosure/2018/Mar/59 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1237
https://notcve.org/view.php?id=CVE-2018-1237
Dell EMC ScaleIO versions prior to 2.5, contain improper restriction of excessive authentication attempts on the Light installation Agent (LIA). This component is deployed on every server in the ScaleIO cluster and is used for central management of ScaleIO nodes. A remote malicious user, having network access to LIA, could potentially exploit this vulnerability to launch brute force guessing of user names and passwords of user accounts on the LIA. Dell EMC ScaleIO, en versiones anteriores a la 2.5, contiene una restricción incorrecta de intentos de autenticación excesivos en el agente de instalación Light installation Agent (LIA). Este componente se implementa en cada servidor del clúster ScalelO y se emplea para la gestión central de nodos ScalelO. • http://seclists.org/fulldisclosure/2018/Mar/59 • CWE-287: Improper Authentication •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1238
https://notcve.org/view.php?id=CVE-2018-1238
Dell EMC ScaleIO versions prior to 2.5, contain a command injection vulnerability in the Light Installation Agent (LIA). This component is used for central management of ScaleIO deployment and uses shell commands for certain actions. A remote malicious user, with network access to LIA and knowledge of the LIA administrative password, could potentially exploit this vulnerability to run arbitrary commands as root on the systems where LIAs are installed. Dell EMC ScaleIO, en versiones anteriores a la 2.5, contiene una vulnerabilidad de inyección de comandos en el agente de instalación Light installation Agent (LIA). Este componente se emplea para la gestión central de la implementación ScalelO y utiliza comandos shell para determinadas acciones. • http://seclists.org/fulldisclosure/2018/Mar/59 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.4EPSS: 0%CPEs: 5EXPL: 0CVE-2017-8001
https://notcve.org/view.php?id=CVE-2017-8001
An issue was discovered in EMC ScaleIO 2.0.1.x. In a Linux environment, one of the support scripts saves the credentials of the ScaleIO MDM user who executed the script in clear text in temporary log files. The temporary files may potentially be read by an unprivileged user with access to the server where the script was executed to recover exposed credentials. Se ha descubierto un problema en EMC ScaleIO en las versiones 2.0.1.x. En un entorno Linux, uno de los scripts de soporte guarda las credenciales del usuario ScalelO MDM que ejecutó el script en texto claro en archivos de registro temporales. • http://seclists.org/fulldisclosure/2017/Nov/35 http://www.securityfocus.com/bid/101997 • CWE-532: Insertion of Sensitive Information into Log File •