Vulnerabilities > CVE-2022-31237 - Improper Preservation of Permissions vulnerability in Dell EMC Powerscale Onefs

CVSS 3.3 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

local

low complexity

dell

CWE-281

NVD

Published: 2022-08-22

Updated: 2022-08-24

Summary

Dell PowerScale OneFS, versions 9.2.0 up to and including 9.2.1.12 and 9.3.0.5 contain an improper preservation of permissions vulnerability in SyncIQ. A low privileged local attacker may potentially exploit this vulnerability, leading to limited information disclosure.

Vulnerable Configurations

Part	Description	Count
OS	Dell Dell EMC Powerscale Onefs 9.3.0.0 Dell EMC Powerscale Onefs 9.3.0.6 Dell EMC Powerscale Onefs 9.2.0 Dell EMC Powerscale Onefs 9.2.0.0 Dell EMC Powerscale Onefs 9.2.1.0	5

Common Weakness Enumeration (CWE)

CWE-281 - Improper Preservation of Permissions

References

https://www.dell.com/support/kbdoc/en-us/000201094/dsa-2022-149-dell-emc-powerscale-onefs-security-update?lang=en