CVE-2021-21562Untrusted Search Path in Dell Powerscale Onefs

CWE-426Untrusted Search Path3 documents3 sources
Severity
4.4MEDIUMNVD
EPSS
0.1%
top 82.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Dell Powerscale OnefsDell EMC Powerscale Onefs
Timeline
PublishedAug 3
Latest updateMay 24

Description

Dell EMC PowerScale OneFS contains an untrusted search path vulnerability. This vulnerability allows a user with (ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE) and (ISI_PRIV_SYS_UPGRADE or ISI_PRIV_AUDIT) to provide an untrusted path which can lead to run resources that are not under the application’s direct control.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:NExploitability: 0.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5dell/powerscale_onefs8.1.2, 8.1.3, 9.1.0.x, 9.0.0.x
NVDdell/emc_powerscale_onefs4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-cj3x-qg3h-5v73: Dell EMC PowerScale OneFS contains an untrusted search path vulnerability2022-05-24
CVEList
CVE-2021-21562: Dell EMC PowerScale OneFS contains an untrusted search path vulnerability2021-08-02
CVE-2021-21562 — Untrusted Search Path in Dell | cvebase