CVE-2022-32480

Published: Aug 22, 2022Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

Dell PowerScale OneFS, versions 9.0.0, up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain an insecure default initialization of a resource vulnerability. A remote authenticated attacker may potentially exploit this vulnerability, leading to information disclosure.

Affected (4)

Products: Dell: Emc Powerscale Onefs

Dell

1 product

Emc Powerscale Onefs

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Dell Emc Powerscale Onefs	From 9.1.0.0 to 9.1.0.19
Dell Emc Powerscale Onefs	From 9.2.1.0 to 9.2.1.12
Dell Emc Powerscale Onefs	From 9.3.0.0 to 9.3.0.6
Dell Emc Powerscale Onefs	From 9.4.0.0 to 9.4.0.2

Related CWEs

CWE-1188

Initialization of a Resource with an Insecure Default

The product initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.

References (2)

https://www.dell.com/support/kbdoc/en-us/000201094/dsa-2022-149-dell-emc-powerscale-onefs-security-update?lang=en

Source: security_alert@emc.com

Vendor Advisory

https://www.dell.com/support/kbdoc/en-us/000201094/dsa-2022-149-dell-emc-powerscale-onefs-security-update?lang=en

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.