9.1.0

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

dell

CWE-598

NVD

Published: 2021-08-16

Updated: 2021-08-25

Summary

Dell PowerScale OneFS versions 8.2.2 - 9.1.0.x contain a use of get request method with sensitive query strings vulnerability. It can lead to potential disclosure of sensitive data. Dell recommends upgrading at your earliest opportunity.

Vulnerable Configurations

Part	Description	Count
OS	Dell Dell EMC Powerscale Onefs 8.2.2 Dell EMC Powerscale Onefs 9.0.0.0 Dell EMC Powerscale Onefs 9.1.0	3

Common Weakness Enumeration (CWE)

CWE-598 - Information Exposure Through Query Strings in GET Request

References

https://www.dell.com/support/kbdoc/000190408