CVE-2021-21528 — Exposure of Information Through Directory Listing in Dell Powerscale Onefs

CWE-548 — Exposure of Information Through Directory Listing3 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.3%

top 49.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell Powerscale Onefs Dell EMC Powerscale Onefs

Timeline

PublishedNov 12

Latest updateMay 24

Description

Dell EMC PowerScale OneFS versions 9.1.0, 9.2.0.x, 9.2.1.x contain an Exposure of Information through Directory Listing vulnerability. This vulnerability is triggered when upgrading from a previous versions.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5dell/powerscale_onefs9.1.0, 9.2.0.x, 9.2.1.x

▶NVDdell/emc_powerscale_onefs9.1.0.0, 9.2.0.0, 9.2.1.0+2

🔴Vulnerability Details

GHSA

GHSA-2x5m-6jx4-jr66: Dell EMC PowerScale OneFS versions 9↗2022-05-24

▶

CVEList

CVE-2021-21528: Dell EMC PowerScale OneFS versions 9↗2021-11-12

▶