CVE-2022-22563

EPSS 0.04%
Veröffentlicht 08.04.2022 20:15:09
Zuletzt bearbeitet 21.11.2024 06:47:02
Quelle security_alert@emc.com
Teams Watchlist Login
Unerledigt Login

Dell EMC Powerscale OneFS 8.2.x - 9.2.x omit security-relevant information in /etc/master.passwd. A high-privileged user can exploit this vulnerability to not record information identifying the source of account information changes.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Dell ≫ Emc Powerscale Onefs Version >= 8.2.0 <= 9.3.0.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.124

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.4	0.8	3.6	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:N/I:P/A:N
security_alert@emc.com	4.4	0.8	3.6	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

CWE-223 Omission of Security-relevant Information

The product does not record or display information that would be important for identifying the source or nature of an attack, or determining if an action is safe.

https://www.dell.com/support/kbdoc/000196657

Vendor Advisory

Permissions Required

https://www.dell.com/support/kbdoc/en-an/000197991/dell-emc-powerscale-onefs-security-update-for-multiple-component-vulnerabilities

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-22563

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-22563

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-22563

EUVD