Lucene search

DellCVELIST:CVE-2021-21562

HistoryAug 02, 2021 - 11:45 p.m.

CVE-2021-21562

2021-08-0223:45:16

CWE-426

dell

www.cve.org

dell emc powerscale onefs

untrusted search path

vulnerability

user

untrusted path

application's direct control

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

AI Score

Confidence

High

EPSS

Percentile

12.6%

JSON

Dell EMC PowerScale OneFS contains an untrusted search path vulnerability. This vulnerability allows a user with (ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE) and (ISI_PRIV_SYS_UPGRADE or ISI_PRIV_AUDIT) to provide an untrusted path which can lead to run resources that are not under the application’s direct control.

CNA Affected

[
  {
    "product": "PowerScale OneFS",
    "vendor": "Dell",
    "versions": [
      {
        "status": "affected",
        "version": "8.1.2, 8.1.3, 9.1.0.x, 9.0.0.x"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/000188148

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

AI Score

Confidence

High

EPSS

Percentile

12.6%

JSON

Related for CVELIST:CVE-2021-21562