CVE-2022-45096

Dell PowerScale OneFS, 8.2.0 through 9.3.0, contain an User Interface Security Issue. An unauthenticated remote user could unintentionally lead an administrator to enable this vulnerability, leading to disclosure of information.

CVSS v3 5.4 MEDIUM

5.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.dell.com/support/kbdoc/en-us/000206357/dell-emc-powerscale-onefs-security-updates-for-multiple-security-vulnerabilities	Vendor Advisory
https://www.dell.com/support/kbdoc/en-us/000206357/dell-emc-powerscale-onefs-security-updates-for-multiple-security-vulnerabilities	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:dell:emc_powerscale_onefs::::::::
	cpe:2.3:o:dell:emc_powerscale_onefs::::::::
	cpe:2.3:o:dell:emc_powerscale_onefs::::::::

History

21 Nov 2024, 07:28

Type	Values Removed	Values Added
References	~~() https://www.dell.com/support/kbdoc/en-us/000206357/dell-emc-powerscale-onefs-security-updates-for-multiple-security-vulnerabilities - Vendor Advisory~~	() https://www.dell.com/support/kbdoc/en-us/000206357/dell-emc-powerscale-onefs-security-updates-for-multiple-security-vulnerabilities - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~6.5~~	v2 : unknown v3 : 5.4

Information

Published : 2023-02-01 05:15

Updated : 2024-11-21 07:28

NVD link : CVE-2022-45096

Mitre link : CVE-2022-45096

CVE.ORG link : CVE-2022-45096

JSON object : View

Products Affected

dell

emc_powerscale_onefs

CWE

CWE-355

User Interface Security Issues

CWE-1021

Improper Restriction of Rendered UI Layers or Frames

{"id": "CVE-2022-45096", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security_alert@emc.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2023-02-01T05:15:12.740", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000206357/dell-emc-powerscale-onefs-security-updates-for-multiple-security-vulnerabilities", "tags": ["Vendor Advisory"], "source": "security_alert@emc.com"}, {"url": "https://www.dell.com/support/kbdoc/en-us/000206357/dell-emc-powerscale-onefs-security-updates-for-multiple-security-vulnerabilities", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security_alert@emc.com", "description": [{"lang": "en", "value": "CWE-355"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-1021"}]}], "descriptions": [{"lang": "en", "value": "\nDell PowerScale OneFS, 8.2.0 through 9.3.0, contain an User Interface Security Issue. An unauthenticated remote user could unintentionally lead an administrator to enable this vulnerability, leading to disclosure of information.\n\n\n\n\n\n"}], "lastModified": "2024-11-21T07:28:46.457", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dell:emc_powerscale_onefs:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5B70E157-0469-4AFC-AEA0-9772934655C1", "versionEndExcluding": "9.1.0.25", "versionStartIncluding": "9.1.0.0"}, {"criteria": "cpe:2.3:o:dell:emc_powerscale_onefs:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FB381CD3-FEC0-44D7-A011-070575ECB27B", "versionEndExcluding": "9.2.1.18", "versionStartIncluding": "9.2.1.0"}, {"criteria": "cpe:2.3:o:dell:emc_powerscale_onefs:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "703052FC-339D-4BE6-A549-96B5AFF27DB1", "versionEndExcluding": "9.4.0.9", "versionStartIncluding": "9.4.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}