PT-2022-22148 · Dell · Dell Powerscale Onefs
Published
2022-09-02
·
Updated
2022-09-08
·
CVE-2022-34369
CVSS v3.1
8.1
High
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Dell PowerScale OneFS versions 9.0.0 up to and including 9.1.0.20
Dell PowerScale OneFS version 9.2.1.13
Dell PowerScale OneFS version 9.3.0.6
Dell PowerScale OneFS version 9.4.0.3
Description
The issue concerns the insertion of sensitive information in log files, which could be exploited by a remote unprivileged attacker, leading to exposure of this sensitive data.
Recommendations
For Dell PowerScale OneFS versions 9.0.0 up to and including 9.1.0.20, update to a version that does not contain this vulnerability.
For Dell PowerScale OneFS version 9.2.1.13, update to a version that does not contain this vulnerability.
For Dell PowerScale OneFS version 9.3.0.6, update to a version that does not contain this vulnerability.
For Dell PowerScale OneFS version 9.4.0.3, update to a version that does not contain this vulnerability.
As a temporary workaround, consider restricting access to log files to minimize the risk of exploitation.
Fix
Insertion into Log File
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dell Powerscale Onefs