PT-2021-14637 · Dell · Dell Powerscale Onefs

Published

2021-08-16

Updated

2021-08-25

CVE-2021-21594

CVSS v3.1

8.2

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

Name of the Vulnerable Software and Affected Versions Dell PowerScale OneFS versions 8.2.2 through 9.1.0.x

Description The issue concerns a use of GET request method with sensitive query strings, potentially leading to the disclosure of sensitive data.

Recommendations For Dell PowerScale OneFS versions 8.2.2 through 9.1.0.x, upgrade at your earliest opportunity to resolve the issue. As a temporary workaround, consider restricting access to sensitive query strings in GET requests until the upgrade is applied.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-598

Related Identifiers

CVE-2021-21594

Affected Products

Dell Powerscale Onefs

PT-2021-14637 · Dell · Dell Powerscale Onefs

CVE-2021-21594

Weakness Enumeration

Related Identifiers

Affected Products

References · 4