CVE-2021-36282
Dell EMC PowerScale OneFS versions 8.2.x – 9.1.0.x contain a use of uninitialized resource vulnerability. This can potentially allow an authenticated user with ISI_PRIV_LOGIN_CONSOLE or ISI_PRIV_LOGIN_SSH privileges to gain access up to 24 bytes of data within the /ifs kernel stack under certain conditions.
Source: CVE-2021-36282
CVE-2021-21568
Dell EMC PowerScale OneFS versions 8.2.x – 9.2.x contain an insufficient logging vulnerability. An authenticated user with ISI_PRIV_LOGIN_PAPI could make un-audited and un-trackable configuration changes to settings that their roles have privileges to change.
Source: CVE-2021-21568
CVE-2021-36278
Dell EMC PowerScale OneFS versions 8.2.x and 9.1.0.x contain an insertion of sensitive information into log files vulnerability. This means a malicious actor with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE privileges can access privileged information.
Source: CVE-2021-36278
CVE-2021-21599
Dell EMC PowerScale OneFS versions 8.2.x – 9.2.1.x contain an OS command injection vulnerability. This may allow a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to escalate privileges and escape the compliance guarantees. This only impacts Smartlock WORM compliance mode clusters as a critical vulnerability and Dell recommends to update/upgrade at the earliest opportunity.
Source: CVE-2021-21599
CVE-2021-21595
Dell EMC PowerScale OneFS versions 8.2.x – 9.1.1.x contain an improper neutralization of special elements used in an OS command. This vulnerability could allow the compadmin user to elevate privileges. This only impacts Smartlock WORM compliance mode clusters as a critical vulnerability and Dell recommends to update/upgrade at the earliest opportunity.
Source: CVE-2021-21595
CVE-2021-21594
Dell PowerScale OneFS versions 8.2.2 – 9.1.0.x contain a use of get request method with sensitive query strings vulnerability. It can lead to potential disclosure of sensitive data. Dell recommends upgrading at your earliest opportunity.
Source: CVE-2021-21594
CVE-2021-21592
Dell EMC PowerScale OneFS versions 8.2.x – 9.2.x improperly handle an exceptional condition. A remote low privileged user could potentially exploit this vulnerability, leading to unauthorized information disclosure.
Source: CVE-2021-21592
CVE-2021-36281
Dell EMC PowerScale OneFS versions 8.2.x – 9.2.x contain an incorrect permission assignment vulnerability. A low privileged authenticated user can potentially exploit this vulnerability to escalate privileges.
Source: CVE-2021-36281
CVE-2021-36280
Dell EMC PowerScale OneFS versions 8.2.x – 9.2.x contain an incorrect permission assignment for critical resource vulnerability. This could allow a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to access privileged information about the cluster.
Source: CVE-2021-36280
CVE-2021-36279
Dell EMC PowerScale OneFS versions 8.2.x – 9.2.x contain an incorrect permission assignment for critical resource vulnerability. This could allow a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to access privileged information about the cluster.
Source: CVE-2021-36279