Lucene search

DellCVELIST:CVE-2023-22575

HistoryFeb 01, 2023 - 1:16 p.m.

CVE-2023-22575

2023-02-0113:16:56

CWE-532

dell

www.cve.org

dell powerscale onefs

sensitive information

log file vulnerability

low privileges user

8.7 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

8.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.2%

JSON

Dell PowerScale OneFS 9.0.0.x - 9.4.0.x contain an insertion of sensitive information into log file vulnerability in celog. A low privileges user could potentially exploit this vulnerability, leading to information disclosure and escalation of privileges.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "PowerScale OneFS",
    "vendor": "Dell",
    "versions": [
      {
        "lessThanOrEqual": "9.1.0.0 through 9.1.0.26",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "9.2.1.0 through 9.2.1.19",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "9.4.0.0 through 9.4.0.10",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000207863/dell-powerscale-onefs-security-updates-for-multiple-security

8.7 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

8.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.2%

JSON

Related for CVELIST:CVE-2023-22575