var-202208-1466
Vulnerability from variot
Dell PowerScale OneFS, versions 9.2.0 up to and including 9.2.1.12 and 9.3.0.5 contain an improper preservation of permissions vulnerability in SyncIQ. A low privileged local attacker may potentially exploit this vulnerability, leading to limited information disclosure. Dell's emc powerscale onefs contains an improper permissions retention vulnerability.Information may be obtained
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202208-1466",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "emc powerscale onefs",
"scope": "lte",
"trust": 1.0,
"vendor": "dell",
"version": "9.3.0.6"
},
{
"model": "emc powerscale onefs",
"scope": "lte",
"trust": 1.0,
"vendor": "dell",
"version": "9.2.1.12"
},
{
"model": "emc powerscale onefs",
"scope": "gte",
"trust": 1.0,
"vendor": "dell",
"version": "9.2.0"
},
{
"model": "emc powerscale onefs",
"scope": "gte",
"trust": 1.0,
"vendor": "dell",
"version": "9.3.0.0"
},
{
"model": "emc powerscale onefs",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": "9.2.0 to 9.2.1.12"
},
{
"model": "emc powerscale onefs",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "emc powerscale onefs",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "emc powerscale onefs",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": "9.3.0.0 to 9.3.0.6"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-015381"
},
{
"db": "NVD",
"id": "CVE-2022-31237"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dell:emc_powerscale_onefs:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.3.0.6",
"versionStartIncluding": "9.3.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dell:emc_powerscale_onefs:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.2.1.12",
"versionStartIncluding": "9.2.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-31237"
}
]
},
"cve": "CVE-2022-31237",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.3,
"baseSeverity": "Low",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2022-31237",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-31237",
"trust": 1.8,
"value": "LOW"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2022-31237",
"trust": 1.0,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-202208-3678",
"trust": 0.6,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-015381"
},
{
"db": "NVD",
"id": "CVE-2022-31237"
},
{
"db": "NVD",
"id": "CVE-2022-31237"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-3678"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell PowerScale OneFS, versions 9.2.0 up to and including 9.2.1.12 and 9.3.0.5 contain an improper preservation of permissions vulnerability in SyncIQ. A low privileged local attacker may potentially exploit this vulnerability, leading to limited information disclosure. Dell\u0027s emc powerscale onefs contains an improper permissions retention vulnerability.Information may be obtained",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-31237"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015381"
},
{
"db": "VULHUB",
"id": "VHN-422933"
},
{
"db": "VULMON",
"id": "CVE-2022-31237"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-31237",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015381",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202208-3678",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-422933",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-31237",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-422933"
},
{
"db": "VULMON",
"id": "CVE-2022-31237"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015381"
},
{
"db": "NVD",
"id": "CVE-2022-31237"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-3678"
}
]
},
"id": "VAR-202208-1466",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-422933"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:25:57.383000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Dell PowerScale OneFS Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=205392"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-3678"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-281",
"trust": 1.1
},
{
"problemtype": "Improper retention of permissions (CWE-281) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-422933"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015381"
},
{
"db": "NVD",
"id": "CVE-2022-31237"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://www.dell.com/support/kbdoc/en-us/000201094/dsa-2022-149-dell-emc-powerscale-onefs-security-update?lang=en"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-31237"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-31237/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-422933"
},
{
"db": "VULMON",
"id": "CVE-2022-31237"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015381"
},
{
"db": "NVD",
"id": "CVE-2022-31237"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-3678"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-422933"
},
{
"db": "VULMON",
"id": "CVE-2022-31237"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015381"
},
{
"db": "NVD",
"id": "CVE-2022-31237"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-3678"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-22T00:00:00",
"db": "VULHUB",
"id": "VHN-422933"
},
{
"date": "2022-08-22T00:00:00",
"db": "VULMON",
"id": "CVE-2022-31237"
},
{
"date": "2023-09-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-015381"
},
{
"date": "2022-08-22T17:15:08.180000",
"db": "NVD",
"id": "CVE-2022-31237"
},
{
"date": "2022-08-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-3678"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-422933"
},
{
"date": "2022-08-22T00:00:00",
"db": "VULMON",
"id": "CVE-2022-31237"
},
{
"date": "2023-09-26T08:27:00",
"db": "JVNDB",
"id": "JVNDB-2022-015381"
},
{
"date": "2022-08-24T14:50:08.467000",
"db": "NVD",
"id": "CVE-2022-31237"
},
{
"date": "2022-08-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-3678"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-3678"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell\u0027s \u00a0emc\u00a0powerscale\u00a0onefs\u00a0 Improper Permission Preservation Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-015381"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-3678"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.