CVE-2021-21561Log File Information Exposure in Dell Powerscale Onefs

CWE-532Log File Information Exposure3 documents3 sources
Severity
5.5MEDIUMNVD
CNA7.8
EPSS
0.0%
top 85.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Dell Powerscale OnefsDell EMC Powerscale Onefs
Timeline
PublishedNov 23
Latest updateNov 24

Description

Dell PowerScale OneFS version 8.1.2 contains a sensitive information exposure vulnerability. This would allow a malicious user with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE privileges to gain access to sensitive information in the log files.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5dell/powerscale_onefsunspecified8.1.0, 8.1.1, 8.1.2, 8.2.x, 9.1.0.x
NVDdell/emc_powerscale_onefs5 versions+4

Patches

Patch: www.dell.comPatch: www.dell.com

🔴Vulnerability Details

2
GHSA
GHSA-mwcq-pwhv-2qmj: Dell PowerScale OneFS version 82021-11-24
CVEList
CVE-2021-21561: Dell PowerScale OneFS version 82021-11-23
CVE-2021-21561 — Log File Information Exposure in Dell | cvebase