Lucene search

DellCVE-2022-31238

HistoryAug 22, 2022 - 5:15 p.m.

CVE-2022-31238

2022-08-2217:15:08

CWE-200

dell

web.nvd.nist.gov

cve-2022-31238

dell powerscale

onefs

vulnerability

information disclosure

nvd

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.1

Confidence

High

EPSS

Percentile

12.6%

JSON

Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain a process invoked with sensitive information vulnerability. A CLI user may potentially exploit this vulnerability, leading to information disclosure.

Affected configurations

Nvd

Vulners

Node

dellemc_powerscale_onefsRange9.1.0.0–9.1.0.19

dellemc_powerscale_onefsRange9.2.1.0–9.2.1.12

dellemc_powerscale_onefsRange9.3.0.0–9.3.0.6

dellemc_powerscale_onefsRange9.4.0.0–9.4.0.2

VendorProductVersionCPE
dellemc_powerscale_onefs*cpe:2.3:o:dell:emc_powerscale_onefs:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dell	emc_powerscale_onefs	*	cpe:2.3:o:dell:emc_powerscale_onefs::::::::

CNA Affected

[
  {
    "product": "PowerScale OneFS",
    "vendor": "Dell",
    "versions": [
      {
        "lessThan": "8.2.x, 9.0.0.x, 9.1.0.x, 9.1.1.x, 9.2.0.x, 9.2.1.x, 9.3.0.x",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-gh/000201094/dsa-2022-149-dell-emc-powerscale-onefs-security-update

Social References

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.1

Confidence

High

EPSS

Percentile

12.6%

JSON

Related for CVE-2022-31238