CVE-2022-31238Sensitive Information Exposure in Dell Powerscale Onefs

CWE-200Sensitive Information ExposureCWE-668Resource Exposure3 documents3 sources
Severity
5.5MEDIUMNVD
CNA4.7
EPSS
0.1%
top 80.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Dell Powerscale OnefsDell EMC Powerscale Onefs
Timeline
PublishedAug 22
Latest updateAug 23

Description

Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain a process invoked with sensitive information vulnerability. A CLI user may potentially exploit this vulnerability, leading to information disclosure.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5dell/powerscale_onefsunspecified8.2.x, 9.0.0.x, 9.1.0.x, 9.1.1.x, 9.2.0.x, 9.2.1.x, 9.3.0.x
NVDdell/emc_powerscale_onefs9.1.0.09.1.0.19+3

🔴Vulnerability Details

2
GHSA
GHSA-9r73-4w68-qfrw: Dell PowerScale OneFS, versions 92022-08-23
CVEList
CVE-2022-31238: Dell PowerScale OneFS, versions 92022-08-22
CVE-2022-31238 — Sensitive Information Exposure in Dell | cvebase