DSA-2021-064: Dell EMC PowerScale OneFS Security Update for Multiple Vulnerabilities
Samenvatting: Dell EMC PowerScale OneFS remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.
Dit artikel is van toepassing op
Dit artikel is niet van toepassing op
Dit artikel is niet gebonden aan een specifiek product.
Niet alle productversies worden in dit artikel vermeld.
Impact
Critical
Gegevens
| Proprietary Code CVE(s) | Description | CVSS Base Score | CVSS Vector String |
| CVE-2021-21527 | Dell EMC PowerScale OneFS 8.1.0-9.1.0 contain an improper neutralization of special elements used in an OS command vulnerability. This vulnerability may allow an authenticated user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE privileges to escalate privileges. | 6.0 | AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H |
| CVE-2021-21550 | Dell EMC PowerScale OneFS 8.1.0-9.1.0 contain an improper neutralization of special elements used in an OS command vulnerability. This vulnerability may allow an authenticated user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE privileges to escalate privileges. | 6.0 | AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H |
| Proprietary Code CVE(s) | Description | CVSS Base Score | CVSS Vector String |
| CVE-2021-21527 | Dell EMC PowerScale OneFS 8.1.0-9.1.0 contain an improper neutralization of special elements used in an OS command vulnerability. This vulnerability may allow an authenticated user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE privileges to escalate privileges. | 6.0 | AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H |
| CVE-2021-21550 | Dell EMC PowerScale OneFS 8.1.0-9.1.0 contain an improper neutralization of special elements used in an OS command vulnerability. This vulnerability may allow an authenticated user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE privileges to escalate privileges. | 6.0 | AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H |
Getroffen producten en herstel
| CVE(s) Addressed | Affected Version(s) | Updated Version(s) | Link to Update |
| CVE-2021-21527 | 9.0.0.x | Upgrade your version of OneFS | PowerScale Download Area |
| 9.1.0.x | Download and install the April RUP | ||
| CVE-2021-21550 | 8.1.1, 8.2.1, and 9.0.0.x | Upgrade your version of OneFS | |
| 8.1.2, 8.2.2, and 9.1.0.x | Download and install the April RUP |
Note: The table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
| CVE(s) Addressed | Affected Version(s) | Updated Version(s) | Link to Update |
| CVE-2021-21527 | 9.0.0.x | Upgrade your version of OneFS | PowerScale Download Area |
| 9.1.0.x | Download and install the April RUP | ||
| CVE-2021-21550 | 8.1.1, 8.2.1, and 9.0.0.x | Upgrade your version of OneFS | |
| 8.1.2, 8.2.2, and 9.1.0.x | Download and install the April RUP |
Note: The table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
Tijdelijke oplossingen en risicobeperking
| CVE ID | Workaround(s) or Mitigation(s) |
| CVE-2021-21527 | None. Note: This only is a concern if you have enabled SmartLock Compliance Mode. |
| CVE-2021-21550 | None Note: This only is a concern if you have enabled SmartLock Compliance Mode. |
Revisiegeschiedenis
| Revision | Date | Description |
| 1.0 | 2021-05-03 | Initial Release |
Verwante informatie
Juridische verklaring van afstand
Getroffen producten
Product Security InformationArtikeleigenschappen
Artikelnummer: 000185978
Artikeltype: Dell Security Advisory
Laatst aangepast: 18 sep. 2025
Vind antwoorden op uw vragen via andere Dell gebruikers
Support Services
Controleer of uw apparaat wordt gedekt door Support Services.