CVE-2021-21568

Name of the Vulnerable Software and Affected Versions Dell EMC PowerScale OneFS versions 8.2.x through 9.2.x

Description The issue is related to insufficient logging, allowing an authenticated user with ISI PRIV LOGIN PAPI privileges to make configuration changes without being audited or tracked. These changes can be made to settings that the user's roles have privileges to change.

Recommendations For Dell EMC PowerScale OneFS versions 8.2.x through 9.2.x, consider implementing additional logging mechanisms to track configuration changes made by users with ISI PRIV LOGIN PAPI privileges until a patch is available. Restrict access to configuration settings to minimize the risk of un-audited changes.