CVE-2022-31238

Published: Aug 22, 2022Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain a process invoked with sensitive information vulnerability. A CLI user may potentially exploit this vulnerability, leading to information disclosure.

Affected (4)

Products: Dell: Emc Powerscale Onefs

Dell

1 product

Emc Powerscale Onefs

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Dell Emc Powerscale Onefs	From 9.1.0.0 to 9.1.0.19
Dell Emc Powerscale Onefs	From 9.2.1.0 to 9.2.1.12
Dell Emc Powerscale Onefs	From 9.3.0.0 to 9.3.0.6
Dell Emc Powerscale Onefs	From 9.4.0.0 to 9.4.0.2

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

https://www.dell.com/support/kbdoc/en-gh/000201094/dsa-2022-149-dell-emc-powerscale-onefs-security-update

Source: security_alert@emc.com

Vendor Advisory

https://www.dell.com/support/kbdoc/en-gh/000201094/dsa-2022-149-dell-emc-powerscale-onefs-security-update

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.