Lucene search

DellCVELIST:CVE-2022-31229

HistoryJun 28, 2022 - 6:40 p.m.

CVE-2022-31229

2022-06-2818:40:11

CWE-209

dell

www.cve.org

dell powerscale onefs

8.2.x-9.3.0.x

sensitive information

disclosure

administrator

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

AI Score

9.1

Confidence

High

EPSS

0.001

Percentile

29.6%

JSON

Dell PowerScale OneFS, 8.2.x through 9.3.0.x, contain an error message with sensitive information. An administrator could potentially exploit this vulnerability, leading to disclosure of sensitive information. This sensitive information can be used to access sensitive resources.

CNA Affected

[
  {
    "product": "PowerScale OneFS",
    "vendor": "Dell",
    "versions": [
      {
        "lessThan": "8.2.x, 9.0.0.x, 9.1.0.x, 9.1.1.x, 9.2.0.x, 9.2.1.x, 9.3.0.x",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000200681/dsa-2022-118-dell-emc-powerscale-onefs-security-update?lang=en

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

AI Score

9.1

Confidence

High

EPSS

0.001

Percentile

29.6%

JSON

Related for CVELIST:CVE-2022-31229