CVE-2022-31239Log File Information Exposure in Dell Powerscale Onefs

CWE-532Log File Information Exposure3 documents3 sources
Severity
4.4MEDIUMNVD
CNA6.7
EPSS
0.1%
top 77.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Dell Powerscale OnefsDell EMC Powerscale Onefs
Timeline
PublishedOct 21

Description

Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, and 9.3.0.6, contain sensitive data in log files vulnerability. A privileged local user may potentially exploit this vulnerability, leading to disclosure of this sensitive data.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 0.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5dell/powerscale_onefsunspecified9.3.0.x
NVDdell/emc_powerscale_onefs9.1.0.09.1.0.19+2

Patches

Patch: www.dell.comPatch: www.dell.com

🔴Vulnerability Details

2
CVEList
CVE-2022-31239: Dell PowerScale OneFS, versions 92022-10-21
GHSA
GHSA-mgh9-332f-65f9: Dell PowerScale OneFS, versions 92022-10-21
CVE-2022-31239 — Log File Information Exposure in Dell | cvebase