CVE-2022-22559 — Use of a Broken or Risky Cryptographic Algorithm in Dell Powerscale Onefs

CWE-327 — Use of a Broken or Risky Cryptographic Algorithm3 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.2%

top 64.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell Powerscale Onefs Dell EMC Powerscale Onefs

Timeline

PublishedApr 12

Latest updateApr 13

Description

Dell PowerScale OneFS, version 9.3.0, contains a use of a broken or risky cryptographic algorithm. An unprivileged network attacker could exploit this vulnerability, leading to the potential for information disclosure.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5dell/powerscale_onefs9.3.0.x

▶NVDdell/emc_powerscale_onefs9.3.0

Patches

Patch: www.dell.com ↗Patch: www.dell.com ↗

🔴Vulnerability Details

GHSA

GHSA-w4w2-h239-q4jx: Dell PowerScale OneFS, version 9↗2022-04-13

▶

CVEList

CVE-2022-22559: Dell PowerScale OneFS, version 9↗2022-04-12

▶