CVE-2022-29098

Published: Jun 1, 2022Modified: Feb 20, 2026

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Dell PowerScale OneFS versions 8.2.0.x through 9.3.0.x, contain a weak password requirement vulnerability. An administrator may create an account with no password. A remote attacker may potentially exploit this leading to a user account compromise.

Affected (6)

Products: Dell: Powerscale Onefs

Dell

1 product

Powerscale Onefs

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Dell Powerscale Onefs	Version 9.0.0
Dell Powerscale Onefs	Version 9.1.0
Dell Powerscale Onefs	Version 9.1.1
Dell Powerscale Onefs	Version 9.2.0
Dell Powerscale Onefs	Version 9.2.1
Dell Powerscale Onefs	Version 9.3.0

Related CWEs

CWE-521

Weak Password Requirements

The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.

References (2)

https://www.dell.com/support/kbdoc/en-us/000200128/dsa-2022-082-dell-emc-powerscale-onefs-security-update?lang=en

Source: security_alert@emc.com

PatchVendor Advisory

https://www.dell.com/support/kbdoc/en-us/000200128/dsa-2022-082-dell-emc-powerscale-onefs-security-update?lang=en

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.