Lucene search

DellCVELIST:CVE-2022-22563

HistoryApr 08, 2022 - 7:50 p.m.

CVE-2022-22563

2022-04-0819:50:27

CWE-223

dell

www.cve.org

dell emc powerscale

onefs

vulnerability

account information changes

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

AI Score

4.9

Confidence

High

EPSS

Percentile

12.6%

JSON

Dell EMC Powerscale OneFS 8.2.x - 9.2.x omit security-relevant information in /etc/master.passwd. A high-privileged user can exploit this vulnerability to not record information identifying the source of account information changes.

CNA Affected

[
  {
    "product": "PowerScale OneFS",
    "vendor": "Dell",
    "versions": [
      {
        "lessThan": "9.3.0.x",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/000196657

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

AI Score

4.9

Confidence

High

EPSS

Percentile

12.6%

JSON

Related for CVELIST:CVE-2022-22563