var-202108-1862
Vulnerability from variot
Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment for critical resource vulnerability. This could allow a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to access privileged information about the cluster. DELL EMC PowerScale is a scale-out storage system for unstructured data from Dell (DELL). A security vulnerability exists in Dell EMC PowerScale OneFS that allows users using ISI PRIV LOGIN SSH or ISI PRIV LOGIN CONSOLE to access privileged information about the cluster
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202108-1862", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "emc powerscale onefs", "scope": "lte", "trust": 1.0, "vendor": "dell", "version": "9.2.1" }, { "model": "emc powerscale onefs", "scope": "gte", "trust": 1.0, "vendor": "dell", "version": "9.0.0.0" }, { "model": "emc powerscale onefs", "scope": "eq", "trust": 1.0, "vendor": "dell", "version": "8.2.2" }, { "model": "emc powerscale onefs", "scope": null, "trust": 0.8, "vendor": "\u30c7\u30eb", "version": null }, { "model": "emc powerscale onefs", "scope": "eq", "trust": 0.8, "vendor": "\u30c7\u30eb", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-010666" }, { "db": "NVD", "id": "CVE-2021-36280" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:dell:emc_powerscale_onefs:8.2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:dell:emc_powerscale_onefs:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "9.2.1", "versionStartIncluding": "9.0.0.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-36280" } ] }, "cve": "CVE-2021-36280", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "LOW", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Local", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 2.1, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-36280", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Low", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "id": "VHN-397097", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "LOW", "trust": 0.1, "vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, { "attackComplexity": "HIGH", "attackVector": "LOCAL", "author": "security_alert@emc.com", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.1, "impactScore": 6.0, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.5, "baseSeverity": "Medium", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-36280", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-36280", "trust": 1.8, "value": "MEDIUM" }, { "author": "security_alert@emc.com", "id": "CVE-2021-36280", "trust": 1.0, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202108-1494", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-397097", "trust": 0.1, "value": "LOW" }, { "author": "VULMON", "id": "CVE-2021-36280", "trust": 0.1, "value": "LOW" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-397097" }, { "db": "VULMON", "id": "CVE-2021-36280" }, { "db": "JVNDB", "id": "JVNDB-2021-010666" }, { "db": "NVD", "id": "CVE-2021-36280" }, { "db": "NVD", "id": "CVE-2021-36280" }, { "db": "CNNVD", "id": "CNNVD-202108-1494" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment for critical resource vulnerability. This could allow a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to access privileged information about the cluster. DELL EMC PowerScale is a scale-out storage system for unstructured data from Dell (DELL). A security vulnerability exists in Dell EMC PowerScale OneFS that allows users using ISI PRIV LOGIN SSH or ISI PRIV LOGIN CONSOLE to access privileged information about the cluster", "sources": [ { "db": "NVD", "id": "CVE-2021-36280" }, { "db": "JVNDB", "id": "JVNDB-2021-010666" }, { "db": "VULHUB", "id": "VHN-397097" }, { "db": "VULMON", "id": "CVE-2021-36280" } ], "trust": 1.8 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-36280", "trust": 3.4 }, { "db": "JVNDB", "id": "JVNDB-2021-010666", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202108-1494", "trust": 0.7 }, { "db": "VULHUB", "id": "VHN-397097", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2021-36280", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-397097" }, { "db": "VULMON", "id": "CVE-2021-36280" }, { "db": "JVNDB", "id": "JVNDB-2021-010666" }, { "db": "NVD", "id": "CVE-2021-36280" }, { "db": "CNNVD", "id": "CNNVD-202108-1494" } ] }, "id": "VAR-202108-1862", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-397097" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T13:32:33.169000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "DSA-2021-142", "trust": 0.8, "url": "https://www.dell.com/support/kbdoc/ja-jp/000190408/dsa-2021-142-dell-powerscale-onefs-security-update-for-multiple-vulnerabilities" }, { "title": "Dell EMC PowerScale Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=160726" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-010666" }, { "db": "CNNVD", "id": "CNNVD-202108-1494" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-732", "trust": 1.1 }, { "problemtype": "Improper permission assignment for critical resources (CWE-732) [ others ]", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-397097" }, { "db": "JVNDB", "id": "JVNDB-2021-010666" }, { "db": "NVD", "id": "CVE-2021-36280" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "https://www.dell.com/support/kbdoc/000190408" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-36280" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/732.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "VULHUB", "id": "VHN-397097" }, { "db": "VULMON", "id": "CVE-2021-36280" }, { "db": "JVNDB", "id": "JVNDB-2021-010666" }, { "db": "NVD", "id": "CVE-2021-36280" }, { "db": "CNNVD", "id": "CNNVD-202108-1494" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-397097" }, { "db": "VULMON", "id": "CVE-2021-36280" }, { "db": "JVNDB", "id": "JVNDB-2021-010666" }, { "db": "NVD", "id": "CVE-2021-36280" }, { "db": "CNNVD", "id": "CNNVD-202108-1494" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-08-16T00:00:00", "db": "VULHUB", "id": "VHN-397097" }, { "date": "2021-08-16T00:00:00", "db": "VULMON", "id": "CVE-2021-36280" }, { "date": "2022-07-06T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-010666" }, { "date": "2021-08-16T22:15:07.883000", "db": "NVD", "id": "CVE-2021-36280" }, { "date": "2021-08-16T00:00:00", "db": "CNNVD", "id": "CNNVD-202108-1494" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-08-25T00:00:00", "db": "VULHUB", "id": "VHN-397097" }, { "date": "2021-08-25T00:00:00", "db": "VULMON", "id": "CVE-2021-36280" }, { "date": "2022-07-06T08:42:00", "db": "JVNDB", "id": "JVNDB-2021-010666" }, { "date": "2021-08-25T01:15:12.207000", "db": "NVD", "id": "CVE-2021-36280" }, { "date": "2021-08-26T00:00:00", "db": "CNNVD", "id": "CNNVD-202108-1494" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202108-1494" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Dell\u00a0EMC\u00a0PowerScale\u00a0OneFS\u00a0 Vulnerability in improper permission assignment for critical resources in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-010666" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202108-1494" } ], "trust": 0.6 } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.