DSA-2024-453: Security Update for Dell PowerScale OneFS Multiple Security Vulnerabilities

摘要: Dell PowerScale OneFS remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

影响

详情

受影响的产品和补救措施

解决方法和缓解措施

修订历史记录

法律免责声明

受影响的产品

提供反馈

本文适用于本文不适用于本文并非针对某种特定的产品。本文并非包含所有产品版本。

查看其他资源

影响

High

详情

Third-Party Component	CVEs	More information
FreeBSD	CVE-2024-43102	https://nvd.nist.gov/vuln/search
Apache HTTP Server	CVE-2024-38477, CVE-2024-38474, CVE-2024-38475, CVE-2024-38473, CVE-2024-39573	https://nvd.nist.gov/vuln/search
follow_redirect	CVE-2024-28849	https://nvd.nist.gov/vuln/search
Apache Portable Runtime	CVE-2023-49582	https://nvd.nist.gov/vuln/search

Proprietary Code CVEs	Description	CVSS Base Score	CVSS Vector String
CVE-2025-26481	Dell PowerScale OneFS, versions 9.4.0.0 through 9.9.0.0, contains an uncontrolled resource consumption vulnerability. A remote unprivileged attacker could potentially exploit this vulnerability, leading to denial of service.	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2024-49602	Dell PowerScale OneFS, versions 9.4.0.0 through 9.8.0.0, contains an improper resource unlocking vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to denial of service.	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2024-49603	Dell PowerScale OneFS, versions 9.4.0.0 through 9.9.0.0, contains an incorrect specified argument vulnerability. A remote low privileged legitimate user could potentially exploit this vulnerability, leading to information disclosure.	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVE-2024-42426	Dell PowerScale OneFS, versions 9.5.0.0 through 9.8.0.0, contains an uncontrolled resource consumption vulnerability. A low privilege remote attacker could potentially exploit this vulnerability, leading to denial of service.	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Proprietary Code CVEs	Description	CVSS Base Score	CVSS Vector String
CVE-2025-26481	Dell PowerScale OneFS, versions 9.4.0.0 through 9.9.0.0, contains an uncontrolled resource consumption vulnerability. A remote unprivileged attacker could potentially exploit this vulnerability, leading to denial of service.	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2024-49602	Dell PowerScale OneFS, versions 9.4.0.0 through 9.8.0.0, contains an improper resource unlocking vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to denial of service.	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2024-49603	Dell PowerScale OneFS, versions 9.4.0.0 through 9.9.0.0, contains an incorrect specified argument vulnerability. A remote low privileged legitimate user could potentially exploit this vulnerability, leading to information disclosure.	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVE-2024-42426	Dell PowerScale OneFS, versions 9.5.0.0 through 9.8.0.0, contains an uncontrolled resource consumption vulnerability. A low privilege remote attacker could potentially exploit this vulnerability, leading to denial of service.	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Dell Technologies 建议所有客户考虑 CVSS 基本分数以及任何相关的时间和环境分数，这可能会影响与特定安全漏洞相关的潜在严重程度。

受影响的产品和补救措施

CVEs Addressed	Product	Affected Versions	Remediated Versions	Link
CVE-2024-43102, CVE-2024-38477, CVE-2024-38474, CVE-2024-38475, CVE-2024-38473, CVE-2024-39573, CVE-2024-28849, CVE-2024-49602, CVE-2023-49582, CVE-2024-49603, CVE-2025-26481	PowerScale OneFS	Versions 9.4.0.0 through 9.7.1.2	Versions 9.7.1.7 or later	PowerScale OneFS Downloads Area
CVE-2024-43102, CVE-2025-26481, CVE-2024-38477, CVE-2024-38474, CVE-2024-38475, CVE-2024-38473, CVE-2024-39573, CVE-2024-28849, CVE-2024-49602	PowerScale OneFS	Versions 9.5.0.0 through 9.5.1.0	Versions 9.5.1.3 or later	PowerScale OneFS Downloads Area
CVE-2024-42426	PowerScale OneFS	Versions 9.5.0.0 through 9.7.1.2	Versions 9.7.1.7 or later	PowerScale OneFS Downloads Area
CVE-2024-49602	PowerScale OneFS	Version 9.8.0.0	Versions 9.8.0.3 or later	PowerScale OneFS Downloads Area
CVE-2024-28849, CVE-2024-49602, CVE-2024-42426	PowerScale OneFS	Version 9.8.0.0	Versions 9.9.0.2 or later	PowerScale OneFS Downloads Area
CVE-2025-26481, CVE-2024-49603	PowerScale OneFS	Version 9.8.0.0 through 9.9.0.0	Versions 9.9.0.2 or later	PowerScale OneFS Downloads Area
CVE-2024-43102, CVE-2024-38477, CVE-2024-38474, CVE-2024-38475, CVE-2024-38473, CVE-2024-39573, CVE-2023-49582, CVE-2023-50782, CVE-2023-52425	PowerScale OneFS	Versions 9.8.0.0 through 9.9.0.1	Versions 9.10.1.2 or later	PowerScale OneFS Downloads Area

CVEs Addressed	Product	Affected Versions	Remediated Versions	Link
CVE-2024-43102, CVE-2024-38477, CVE-2024-38474, CVE-2024-38475, CVE-2024-38473, CVE-2024-39573, CVE-2024-28849, CVE-2024-49602, CVE-2023-49582, CVE-2024-49603, CVE-2025-26481	PowerScale OneFS	Versions 9.4.0.0 through 9.7.1.2	Versions 9.7.1.7 or later	PowerScale OneFS Downloads Area
CVE-2024-43102, CVE-2025-26481, CVE-2024-38477, CVE-2024-38474, CVE-2024-38475, CVE-2024-38473, CVE-2024-39573, CVE-2024-28849, CVE-2024-49602	PowerScale OneFS	Versions 9.5.0.0 through 9.5.1.0	Versions 9.5.1.3 or later	PowerScale OneFS Downloads Area
CVE-2024-42426	PowerScale OneFS	Versions 9.5.0.0 through 9.7.1.2	Versions 9.7.1.7 or later	PowerScale OneFS Downloads Area
CVE-2024-49602	PowerScale OneFS	Version 9.8.0.0	Versions 9.8.0.3 or later	PowerScale OneFS Downloads Area
CVE-2024-28849, CVE-2024-49602, CVE-2024-42426	PowerScale OneFS	Version 9.8.0.0	Versions 9.9.0.2 or later	PowerScale OneFS Downloads Area
CVE-2025-26481, CVE-2024-49603	PowerScale OneFS	Version 9.8.0.0 through 9.9.0.0	Versions 9.9.0.2 or later	PowerScale OneFS Downloads Area
CVE-2024-43102, CVE-2024-38477, CVE-2024-38474, CVE-2024-38475, CVE-2024-38473, CVE-2024-39573, CVE-2023-49582, CVE-2023-50782, CVE-2023-52425	PowerScale OneFS	Versions 9.8.0.0 through 9.9.0.1	Versions 9.10.1.2 or later	PowerScale OneFS Downloads Area

Note: The Affected Products and Remediation table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.

We encourage all customers to adopt the Long-Term Support (LTS) 2025 version which is 9.10.x code line, with the latest maintenance MR 9.10.1.2.

For more information on code lines, see Dell Infrastructure Solutions Group (ISG) LTS Release Support Customer Summary.

解决方法和缓解措施

None

修订历史记录

Revision	Date	Description
1.0	2024-12-04	Initial Release
2.0	2024-12-10	Updated to process external notifications with no changes to content
3.0	2024-12-10	Updated for enhanced presentation with no changes to content
4.0	2025-01-16	Updated DSA to include PowerScale OneFS 9.5.1.2 and 9.10.0.0 release information
5.0	2025-01-17	Updated to process external notifications with no changes to content
6.0	2025-05-13	Updated DSA to remove EOL affected versions 9.4.0.x, include a new CVE and adjust format.
7.0	2025-05-15	Updated DSA to adjust remediated version from 9.10.0.2 to 9.10.1.2

法律免责声明

受影响的产品

Isilon, PowerScale OneFS

文章编号: 000256645

文章类型: Dell Security Advisory

上次修改时间: 15 5月 2025

DSA-2024-453: Security Update for Dell PowerScale OneFS Multiple Security Vulnerabilities

摘要: Dell PowerScale OneFS remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

影响

详情

受影响的产品和补救措施

解决方法和缓解措施

修订历史记录

相关信息

法律免责声明

受影响的产品

影响

详情

受影响的产品和补救措施

解决方法和缓解措施

修订历史记录

相关信息

法律免责声明

受影响的产品

文章属性

从其他戴尔用户那里查找问题的答案

支持服务

文章属性

从其他戴尔用户那里查找问题的答案

支持服务

DSA-2024-453: Security Update for Dell PowerScale OneFS Multiple Security Vulnerabilities

摘要: Dell PowerScale OneFS remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

详细文章

影响

详情

受影响的产品和补救措施

解决方法和缓解措施

修订历史记录

相关信息

法律免责声明

受影响的产品

文章属性

从其他戴尔用户那里查找问题的答案

支持服务

文章属性

从其他戴尔用户那里查找问题的答案

支持服务