CVE-2022-22565 — Improper Authorization of Index Containing Sensitive Information in Dell EMC Powerscale Onefs

CWE-612 — Improper Authorization of Index Containing Sensitive Information3 documents3 sources

Severity

3.8LOWNVD

CNA4.7

EPSS

0.1%

top 67.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell EMC Powerscale Onefs Dell Powerscale Onefs

Timeline

PublishedApr 12

Latest updateApr 13

Description

Dell PowerScale OneFS, versions 9.0.0-9.3.0, contain an improper authorization of index containing sensitive information. An authenticated and privileged user could potentially exploit this vulnerability, leading to disclosure or modification of sensitive data.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:NExploitability: 1.2 | Impact: 2.5

Affected Packages2 packages

▶NVDdell/emc_powerscale_onefs8.2.0 — 9.3.0

▶CVEListV5dell/powerscale_onefs9.0.0-9.3.0

Patches

Patch: www.dell.com ↗Patch: www.dell.com ↗

🔴Vulnerability Details

GHSA

GHSA-wrpc-h3jg-5c2x: Dell PowerScale OneFS, versions 9↗2022-04-13

▶

CVEList

CVE-2022-22565: Dell PowerScale OneFS, versions 9↗2022-04-12

▶