CVE-2022-22563

EPSS 0.04%
Published 08.04.2022 20:15:09
Last modified 21.11.2024 06:47:02
Source security_alert@emc.com
Teams watchlist Login
Open Login

Dell EMC Powerscale OneFS 8.2.x - 9.2.x omit security-relevant information in /etc/master.passwd. A high-privileged user can exploit this vulnerability to not record information identifying the source of account information changes.

Affected products Warnungen 0 Metrics 4 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Dell ≫ Emc Powerscale Onefs Version >= 8.2.0 <= 9.3.0.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.124

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.4	0.8	3.6	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:N/I:P/A:N
security_alert@emc.com	4.4	0.8	3.6	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

CWE-223 Omission of Security-relevant Information

The product does not record or display information that would be important for identifying the source or nature of an attack, or determining if an action is safe.

https://www.dell.com/support/kbdoc/000196657

Vendor Advisory

Permissions Required

https://www.dell.com/support/kbdoc/en-an/000197991/dell-emc-powerscale-onefs-security-update-for-multiple-component-vulnerabilities

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-22563

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-22563

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-22563

EUVD