Vulnerabilities > EMC > Isilon Onefs > 7.1.1.0

DATE CVE VULNERABILITY TITLE RISK
2017-12-13 CVE-2017-14380 Improper Privilege Management vulnerability in EMC Isilon Onefs
In EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, 8.0.0.0 - 8.0.0.4, 7.2.1.0 - 7.2.1.5, 7.2.0.x, and 7.1.1.x, a malicious compliance admin (compadmin) account user could exploit a vulnerability in isi_get_itrace or isi_get_profile maintenance scripts to run any shell script as system root on a cluster in compliance mode.
local
low complexity
emc CWE-269
7.2
2017-10-18 CVE-2017-8024 Cross-site Scripting vulnerability in EMC Isilon Onefs
EMC Isilon OneFS (versions prior to 8.1.0.1, versions prior to 8.0.1.2, versions prior to 8.0.0.6, version 7.2.1.x) is impacted by a reflected cross-site scripting vulnerability that may potentially be exploited by malicious users to compromise the affected system.
network
emc CWE-79
4.3
2017-06-21 CVE-2017-4988 Remote Privilege Escalation vulnerability in EMC Isilon OneFS
EMC Isilon OneFS 8.0.1.0, 8.0.0 - 8.0.0.3, 7.2.0 - 7.2.1.4, 7.1.x is affected by a privilege escalation vulnerability that could potentially be exploited by attackers to compromise the affected system.
network
low complexity
emc
critical
9.0
2017-03-29 CVE-2017-4980 Path Traversal vulnerability in EMC Isilon Onefs
EMC Isilon OneFS is affected by a path traversal vulnerability that may potentially be exploited by attackers to compromise the affected system.
network
low complexity
emc CWE-22
5.0
2017-02-03 CVE-2016-9871 Permissions, Privileges, and Access Controls vulnerability in EMC Isilon Onefs
EMC Isilon OneFS 7.2.1.0 - 7.2.1.3, EMC Isilon OneFS 7.2.0.x, EMC Isilon OneFS 7.1.1.0 - 7.1.1.10, EMC Isilon OneFS 7.1.0.x is affected by a privilege escalation vulnerability that could potentially be exploited by attackers to compromise the affected system.
network
low complexity
emc CWE-264
critical
9.0
2017-01-23 CVE-2016-9870 LDAP Injection vulnerability in EMC Isilon Onefs
EMC Isilon OneFS 8.0.0.0, EMC Isilon OneFS 7.2.1.0 - 7.2.1.2, EMC Isilon OneFS 7.2.0.x, EMC Isilon OneFS 7.1.1.0 - 7.1.1.10, and EMC Isilon OneFS 7.1.0.x is affected by an LDAP injection vulnerability that could potentially be exploited by a malicious user to compromise the system.
local
low complexity
emc CWE-90
7.2
2016-06-04 CVE-2016-0908 Permissions, Privileges, and Access Controls vulnerability in EMC Isilon Onefs
EMC Isilon OneFS 7.1.x before 7.1.1.9 and 7.2.x before 7.2.1.2 allows local users to obtain root shell access by leveraging administrative privileges.
local
low complexity
emc CWE-264
6.8
2016-05-30 CVE-2016-0907 7PK - Security Features vulnerability in EMC Isilon Onefs and Isilonsd Edge Onefs
EMC Isilon OneFS 7.1.x and 7.2.x before 7.2.1.3 and 8.0.x before 8.0.0.1, and IsilonSD Edge OneFS 8.0.x before 8.0.0.1, does not require SMB signing within a DCERPC session over ncacn_np, which allows man-in-the-middle attackers to spoof SMB clients by modifying the client-server data stream, a similar issue to CVE-2016-2115.
network
emc CWE-254
4.3
2015-12-21 CVE-2015-4545 Permissions, Privileges, and Access Controls vulnerability in EMC Isilon Onefs
EMC Isilon OneFS 7.1 before 7.1.1.8, 7.2.0 before 7.2.0.4, and 7.2.1 before 7.2.1.1 allows remote authenticated administrators to bypass a SmartLock root-login restriction by creating a root account and establishing a login session.
network
low complexity
emc CWE-264
critical
9.0
2015-11-27 CVE-2015-6848 Improper Access Control vulnerability in EMC Isilon Onefs
EMC Isilon OneFS 7.1.x before 7.1.1.5, 7.2.0.x before 7.2.0.3, and 7.2.1.x before 7.2.1.1, when the RFC 2307 feature is configured but SFU is not universally present, allows remote authenticated AD users to obtain root privileges via unspecified vectors.
network
emc CWE-284
8.5