CVE-2021-36278

Name of the Vulnerable Software and Affected Versions Dell EMC PowerScale OneFS versions 8.2.x through 9.1.1.1

Description The issue concerns the exposure of sensitive information in log files. A local malicious user with specific privileges, such as ISI PRIV LOGIN SSH, ISI PRIV LOGIN CONSOLE, or ISI PRIV SYS SUPPORT, may exploit this to access sensitive information. If third-party systems consume these logs, they will also have access to the same sensitive information.

Recommendations For Dell EMC PowerScale OneFS versions 8.2.x through 9.1.1.1, consider restricting access to log files to minimize the risk of sensitive information exposure until a patch is available. As a temporary workaround, limit privileges to only those necessary for each user, reducing the potential for exploitation by malicious actors with ISI PRIV LOGIN SSH, ISI PRIV LOGIN CONSOLE, or ISI PRIV SYS SUPPORT privileges.