DSA-2021-064: Dell EMC PowerScale OneFS Security Update for Multiple Vulnerabilities
概要: Dell EMC PowerScale OneFS remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.
この記事は次に適用されます:
この記事は次には適用されません:
この記事は、特定の製品に関連付けられていません。
すべての製品パージョンがこの記事に記載されているわけではありません。
影響
Critical
詳細
| Proprietary Code CVE(s) | Description | CVSS Base Score | CVSS Vector String |
| CVE-2021-21527 | Dell EMC PowerScale OneFS 8.1.0-9.1.0 contain an improper neutralization of special elements used in an OS command vulnerability. This vulnerability may allow an authenticated user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE privileges to escalate privileges. | 6.0 | AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H |
| CVE-2021-21550 | Dell EMC PowerScale OneFS 8.1.0-9.1.0 contain an improper neutralization of special elements used in an OS command vulnerability. This vulnerability may allow an authenticated user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE privileges to escalate privileges. | 6.0 | AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H |
| Proprietary Code CVE(s) | Description | CVSS Base Score | CVSS Vector String |
| CVE-2021-21527 | Dell EMC PowerScale OneFS 8.1.0-9.1.0 contain an improper neutralization of special elements used in an OS command vulnerability. This vulnerability may allow an authenticated user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE privileges to escalate privileges. | 6.0 | AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H |
| CVE-2021-21550 | Dell EMC PowerScale OneFS 8.1.0-9.1.0 contain an improper neutralization of special elements used in an OS command vulnerability. This vulnerability may allow an authenticated user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE privileges to escalate privileges. | 6.0 | AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H |
影響を受ける製品と修復
| CVE(s) Addressed | Affected Version(s) | Updated Version(s) | Link to Update |
| CVE-2021-21527 | 9.0.0.x | Upgrade your version of OneFS | PowerScale Download Area |
| 9.1.0.x | Download and install the April RUP | ||
| CVE-2021-21550 | 8.1.1, 8.2.1, and 9.0.0.x | Upgrade your version of OneFS | |
| 8.1.2, 8.2.2, and 9.1.0.x | Download and install the April RUP |
Note: The table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
| CVE(s) Addressed | Affected Version(s) | Updated Version(s) | Link to Update |
| CVE-2021-21527 | 9.0.0.x | Upgrade your version of OneFS | PowerScale Download Area |
| 9.1.0.x | Download and install the April RUP | ||
| CVE-2021-21550 | 8.1.1, 8.2.1, and 9.0.0.x | Upgrade your version of OneFS | |
| 8.1.2, 8.2.2, and 9.1.0.x | Download and install the April RUP |
Note: The table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
回避策と緩和策
| CVE ID | Workaround(s) or Mitigation(s) |
| CVE-2021-21527 | None. Note: This only is a concern if you have enabled SmartLock Compliance Mode. |
| CVE-2021-21550 | None Note: This only is a concern if you have enabled SmartLock Compliance Mode. |
変更履歴
| Revision | Date | Description |
| 1.0 | 2021-05-03 | Initial Release |
関連情報
法的免責事項
対象製品
Product Security Information文書のプロパティ
文書番号: 000185978
文書の種類: Dell Security Advisory
最終更新: 18 9月 2025
質問に対する他のDellユーザーからの回答を見つける
サポート サービス
お使いのデバイスがサポート サービスの対象かどうかを確認してください。