Vulnerabilities > EMC > Isilon Onefs > 7.2.1.5

DATE CVE VULNERABILITY TITLE RISK
2017-12-13 CVE-2017-14380 Improper Privilege Management vulnerability in EMC Isilon Onefs
In EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, 8.0.0.0 - 8.0.0.4, 7.2.1.0 - 7.2.1.5, 7.2.0.x, and 7.1.1.x, a malicious compliance admin (compadmin) account user could exploit a vulnerability in isi_get_itrace or isi_get_profile maintenance scripts to run any shell script as system root on a cluster in compliance mode.
local
low complexity
emc CWE-269
7.2
2017-10-18 CVE-2017-8024 Cross-site Scripting vulnerability in EMC Isilon Onefs
EMC Isilon OneFS (versions prior to 8.1.0.1, versions prior to 8.0.1.2, versions prior to 8.0.0.6, version 7.2.1.x) is impacted by a reflected cross-site scripting vulnerability that may potentially be exploited by malicious users to compromise the affected system.
network
emc CWE-79
4.3