Vulnerabilities > EMC > Isilon Onefs > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-12-20 CVE-2017-14387 Unspecified vulnerability in EMC Isilon Onefs
The NFS service in EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, and 8.0.0.0 - 8.0.0.4 maintains default NFS export settings (including the NFS export security flavor for authentication) that can be leveraged by current and future NFS exports.
network
low complexity
emc
6.5
6.5
2017-12-13 CVE-2017-14380 Improper Privilege Management vulnerability in EMC Isilon Onefs
In EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, 8.0.0.0 - 8.0.0.4, 7.2.1.0 - 7.2.1.5, 7.2.0.x, and 7.1.1.x, a malicious compliance admin (compadmin) account user could exploit a vulnerability in isi_get_itrace or isi_get_profile maintenance scripts to run any shell script as system root on a cluster in compliance mode.
local
low complexity
emc CWE-269
6.7
6.7
2017-10-18 CVE-2017-8024 Cross-site Scripting vulnerability in EMC Isilon Onefs
EMC Isilon OneFS (versions prior to 8.1.0.1, versions prior to 8.0.1.2, versions prior to 8.0.0.6, version 7.2.1.x) is impacted by a reflected cross-site scripting vulnerability that may potentially be exploited by malicious users to compromise the affected system.
network
low complexity
emc CWE-79
6.1
6.1
2017-01-23 CVE-2016-9870 LDAP Injection vulnerability in EMC Isilon Onefs
EMC Isilon OneFS 8.0.0.0, EMC Isilon OneFS 7.2.1.0 - 7.2.1.2, EMC Isilon OneFS 7.2.0.x, EMC Isilon OneFS 7.1.1.0 - 7.1.1.10, and EMC Isilon OneFS 7.1.0.x is affected by an LDAP injection vulnerability that could potentially be exploited by a malicious user to compromise the system.
local
low complexity
emc CWE-90
6.7
6.7
2016-06-04 CVE-2016-0908 Permissions, Privileges, and Access Controls vulnerability in EMC Isilon Onefs
EMC Isilon OneFS 7.1.x before 7.1.1.9 and 7.2.x before 7.2.1.2 allows local users to obtain root shell access by leveraging administrative privileges.
local
low complexity
emc CWE-264
6.7
6.7
2016-05-30 CVE-2016-0907 7PK - Security Features vulnerability in EMC Isilon Onefs and Isilonsd Edge Onefs
EMC Isilon OneFS 7.1.x and 7.2.x before 7.2.1.3 and 8.0.x before 8.0.0.1, and IsilonSD Edge OneFS 8.0.x before 8.0.0.1, does not require SMB signing within a DCERPC session over ncacn_np, which allows man-in-the-middle attackers to spoof SMB clients by modifying the client-server data stream, a similar issue to CVE-2016-2115.
network
high complexity
emc CWE-254
5.9
5.9