CVE-2022-22549Improper Certificate Validation in Dell EMC Powerscale Onefs

CWE-295Improper Certificate Validation3 documents3 sources
Severity
8.1HIGHNVD
CNA7.5
EPSS
0.4%
top 40.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Dell EMC Powerscale OnefsDell Powerscale Onefs
Timeline
PublishedApr 12
Latest updateApr 13

Description

Dell PowerScale OneFS, 8.2.x-9.3.x, contains a Improper Certificate Validation. A unauthenticated remote attacker could potentially exploit this vulnerability, leading to a man-in-the-middle capture of administrative credentials.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages2 packages

NVDdell/emc_powerscale_onefs8.2.09.3.0
CVEListV5dell/powerscale_onefs8.2.x-9.3.x

🔴Vulnerability Details

2
GHSA
GHSA-jm2q-j9x3-74x7: Dell PowerScale OneFS, 82022-04-13
CVEList
CVE-2022-22549: Dell PowerScale OneFS, 82022-04-12
CVE-2022-22549 — Improper Certificate Validation | cvebase