CVE-2022-31237Improper Preservation of Permissions in Dell Powerscale Onefs

CWE-281Improper Preservation of Permissions3 documents3 sources
Severity
3.3LOWNVD
EPSS
0.0%
top 86.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Dell Powerscale OnefsDell EMC Powerscale Onefs
Timeline
PublishedAug 22
Latest updateAug 23

Description

Dell PowerScale OneFS, versions 9.2.0 up to and including 9.2.1.12 and 9.3.0.5 contain an improper preservation of permissions vulnerability in SyncIQ. A low privileged local attacker may potentially exploit this vulnerability, leading to limited information disclosure.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages2 packages

CVEListV5dell/powerscale_onefsunspecified9.2.0.x, 9.2.1.x, 9.3.0.x
NVDdell/emc_powerscale_onefs9.2.09.2.1.12+1

🔴Vulnerability Details

2
GHSA
GHSA-vr9c-mcxv-87cw: Dell PowerScale OneFS, versions 92022-08-23
CVEList
CVE-2022-31237: Dell PowerScale OneFS, versions 92022-08-22
CVE-2022-31237 — Improper Preservation of Permissions | cvebase