Headline
CVE-2023-22575: DSA-2023-001: Dell PowerScale OneFS Security Updates for Multiple Security Vulnerabilities
Dell PowerScale OneFS 9.0.0.x - 9.4.0.x contain an insertion of sensitive information into log file vulnerability in celog. A low privileges user could potentially exploit this vulnerability, leading to information disclosure and escalation of privileges.
Vaikutus
High
Tiedot
Proprietary Code CVEs
Description
CVSS Base Score
CVSS Vector String
CVE-2023-22575
Dell PowerScale OneFS 9.0.0.x - 9.4.0.x contain an insertion of sensitive information into log file vulnerability in celog. A low privileges user may potentially exploit this vulnerability, leading to information disclosure and escalation of privileges.
8.7
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
CVE-2023-22574
Dell PowerScale OneFS 9.0.0.x - 9.4.0.x contain an insertion of sensitive information into log file vulnerability in platform API of IPMI module. A low-privileged user with permission to read logs from the cluster may potentially exploit this vulnerability, leading to Information disclosure and denial of service.
8.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CVE-2023-22573
Dell PowerScale OneFS 9.0.0.x-9.4.0.x contain an insertion of sensitive information into log file vulnerability in cloudpool. A low privileged local attacker may potentially exploit this vulnerability, leading to sensitive information disclosure.
7.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L
CVE-2023-22572
Dell PowerScale OneFS 9.1.0.x-9.4.0.x contain an insertion of sensitive information into log file vulnerability in change password api. A low privilege local attacker may potentially exploit this vulnerability, leading to system takeover.
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Proprietary Code CVEs
Description
CVSS Base Score
CVSS Vector String
CVE-2023-22575
Dell PowerScale OneFS 9.0.0.x - 9.4.0.x contain an insertion of sensitive information into log file vulnerability in celog. A low privileges user may potentially exploit this vulnerability, leading to information disclosure and escalation of privileges.
8.7
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
CVE-2023-22574
Dell PowerScale OneFS 9.0.0.x - 9.4.0.x contain an insertion of sensitive information into log file vulnerability in platform API of IPMI module. A low-privileged user with permission to read logs from the cluster may potentially exploit this vulnerability, leading to Information disclosure and denial of service.
8.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CVE-2023-22573
Dell PowerScale OneFS 9.0.0.x-9.4.0.x contain an insertion of sensitive information into log file vulnerability in cloudpool. A low privileged local attacker may potentially exploit this vulnerability, leading to sensitive information disclosure.
7.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L
CVE-2023-22572
Dell PowerScale OneFS 9.1.0.x-9.4.0.x contain an insertion of sensitive information into log file vulnerability in change password api. A low privilege local attacker may potentially exploit this vulnerability, leading to system takeover.
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.
Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen
CVEs Addressed
Product
Affected Versions
Updated Versions
Link to Update
CVE-2023-22575
PowerScale OneFS
9.1.0.0 through 9.1.0.26
9.2.1.0 through 9.2.1.19
9.4.0.0 through 9.4.0.10
Download and install the latest RUP.
>= 9.1.0.27
>= 9.2.1.20
>= 9.4.0.11
PowerScale OneFS Downloads Area
Any other version
Upgrade your version of PowerScale OneFS.
CVE-2023-22574
PowerScale OneFS
9.1.0.0 through 9.1.0.26
9.2.1.0 through 9.2.1.19
9.4.0.0 through 9.4.0.10
Download and install the latest RUP.
>= 9.1.0.27
>= 9.2.1.20
>= 9.4.0.11
Any other version
Upgrade your version of PowerScale OneFS.
CVE-2023-22573
PowerScale OneFS
9.1.0.0 through 9.1.0.26
9.2.1.0 through 9.2.1.19
9.4.0.0 through 9.4.0.10
Download and install the latest RUP.
>= 9.1.0.27
>= 9.2.1.20
>= 9.4.0.11
Any other version
Upgrade your version of PowerScale OneFS.
CVE-2023-22572
PowerScale OneFS
9.1.0.0 through 9.1.0.26
9.2.1.0 through 9.2.1.19
9.4.0.0 through 9.4.0.10
Download and install the latest RUP.
>= 9.1.0.27
>= 9.2.1.20
>= 9.4.0.11
Any other version
Upgrade your version of PowerScale OneFS.
Note: All above CVEs are addressed in the newly released PowerScale OneFS version 9.5.0.0.
CVEs Addressed
Product
Affected Versions
Updated Versions
Link to Update
CVE-2023-22575
PowerScale OneFS
9.1.0.0 through 9.1.0.26
9.2.1.0 through 9.2.1.19
9.4.0.0 through 9.4.0.10
Download and install the latest RUP.
>= 9.1.0.27
>= 9.2.1.20
>= 9.4.0.11
PowerScale OneFS Downloads Area
Any other version
Upgrade your version of PowerScale OneFS.
CVE-2023-22574
PowerScale OneFS
9.1.0.0 through 9.1.0.26
9.2.1.0 through 9.2.1.19
9.4.0.0 through 9.4.0.10
Download and install the latest RUP.
>= 9.1.0.27
>= 9.2.1.20
>= 9.4.0.11
Any other version
Upgrade your version of PowerScale OneFS.
CVE-2023-22573
PowerScale OneFS
9.1.0.0 through 9.1.0.26
9.2.1.0 through 9.2.1.19
9.4.0.0 through 9.4.0.10
Download and install the latest RUP.
>= 9.1.0.27
>= 9.2.1.20
>= 9.4.0.11
Any other version
Upgrade your version of PowerScale OneFS.
CVE-2023-22572
PowerScale OneFS
9.1.0.0 through 9.1.0.26
9.2.1.0 through 9.2.1.19
9.4.0.0 through 9.4.0.10
Download and install the latest RUP.
>= 9.1.0.27
>= 9.2.1.20
>= 9.4.0.11
Any other version
Upgrade your version of PowerScale OneFS.
Note: All above CVEs are addressed in the newly released PowerScale OneFS version 9.5.0.0.
Versiohistoria
Revision
Date
Description
1.0
2023-01-31
Initial Release
Asiaan liittyvät tiedot
Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide
31 tammik. 2023