DSA-2022-118: Dell EMC PowerScale OneFS Security Update
Zusammenfassung: Dell EMC PowerScale OneFS remediation is available for vulnerabilities that may be exploited by malicious users to compromise the affected system.
Dieser Artikel gilt für
Dieser Artikel gilt nicht für
Dieser Artikel ist nicht an ein bestimmtes Produkt gebunden.
In diesem Artikel werden nicht alle Produktversionen aufgeführt.
Auswirkungen
Critical
Details
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-31229 | Dell PowerScale OneFS, versions 8.2.x through 9.3.0.x, contain an error message with sensitive information vulnerability. An administrator may potentially exploit this vulnerability, leading to disclosure of sensitive information. This sensitive information can be used to access sensitive resources. | 9.6 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N |
| CVE-2022-31230 | Dell PowerScale OneFS, versions 8.2.x through 9.3.0.x, contain a broken or risky cryptographic algorithm vulnerability. A remote unprivileged malicious attacker may potentially exploit this vulnerability, leading to full system access. | 8.1 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Third-party Component | CVEs | More information |
| Libexpat | CVE-2013-0340 CVE-2018-20843 CVE-2019-15903 CVE-2021-45960 CVE-2021-46143 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 CVE-2022-23852 CVE-2022-23990 CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 |
See NVD for individual scores. |
| OpenSSL | CVE-2022-0778 | See NVD for individual score. |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-31229 | Dell PowerScale OneFS, versions 8.2.x through 9.3.0.x, contain an error message with sensitive information vulnerability. An administrator may potentially exploit this vulnerability, leading to disclosure of sensitive information. This sensitive information can be used to access sensitive resources. | 9.6 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N |
| CVE-2022-31230 | Dell PowerScale OneFS, versions 8.2.x through 9.3.0.x, contain a broken or risky cryptographic algorithm vulnerability. A remote unprivileged malicious attacker may potentially exploit this vulnerability, leading to full system access. | 8.1 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Third-party Component | CVEs | More information |
| Libexpat | CVE-2013-0340 CVE-2018-20843 CVE-2019-15903 CVE-2021-45960 CVE-2021-46143 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 CVE-2022-23852 CVE-2022-23990 CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 |
See NVD for individual scores. |
| OpenSSL | CVE-2022-0778 | See NVD for individual score. |
Betroffene Produkte und Korrektur
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2013-0340 CVE-2018-20843 CVE-2019-15903 CVE-2021-45960 CVE-2021-46143 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 CVE-2022-23852 CVE-2022-23990 CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 |
libexpat | 9.1.0.x, 9.2.1.x, and 9.4.0.x | Download and install the latest RUP. | PowerScale OneFS Downloads Area |
| 9.3.0.x | RUP expected in July. If a fix is needed sooner, upgrade your version of OneFS. | |||
| 9.0.0, 9.1.1.x, and 9.2.0.x | Upgrade your version of OneFS. | |||
| CVE-2022-0778 | OpenSSL | 9.1.0.x, 9.2.1.x, and 9.4.0.x | Download and install the latest RUP. | |
| 9.3.0.x | RUP expected in July. If a fix is needed sooner, upgrade your version of OneFS. | |||
| 9.0.0, 9.1.1.x, and 9.2.0.x | Upgrade your version of OneFS. | |||
| CVE-2022-31230 | OneFS | 9.1.0.x and 9.2.1.x | Download and install the latest RUP. | |
| 9.3.0.x | RUP expected in October. If a fix is needed sooner, upgrade your version of OneFS. | |||
| 9.0.0, 9.1.1.x, and 9.2.0.x | Upgrade your version of OneFS. | |||
| CVE-2022-31229 | OneFS | 9.1.0.x and 9.2.1.x | Download and install the latest RUP and follow the additional steps in "Workarounds and Mitigations". | |
| 9.3.0.x | RUP expected in July. If a fix is needed sooner, upgrade your version of OneFS. | |||
| 9.0.0, 9.1.1.x, and 9.2.0.x | Upgrade your version of OneFS and follow the additional steps in "Workarounds and Mitigations". |
NOTE: The table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2013-0340 CVE-2018-20843 CVE-2019-15903 CVE-2021-45960 CVE-2021-46143 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 CVE-2022-23852 CVE-2022-23990 CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 |
libexpat | 9.1.0.x, 9.2.1.x, and 9.4.0.x | Download and install the latest RUP. | PowerScale OneFS Downloads Area |
| 9.3.0.x | RUP expected in July. If a fix is needed sooner, upgrade your version of OneFS. | |||
| 9.0.0, 9.1.1.x, and 9.2.0.x | Upgrade your version of OneFS. | |||
| CVE-2022-0778 | OpenSSL | 9.1.0.x, 9.2.1.x, and 9.4.0.x | Download and install the latest RUP. | |
| 9.3.0.x | RUP expected in July. If a fix is needed sooner, upgrade your version of OneFS. | |||
| 9.0.0, 9.1.1.x, and 9.2.0.x | Upgrade your version of OneFS. | |||
| CVE-2022-31230 | OneFS | 9.1.0.x and 9.2.1.x | Download and install the latest RUP. | |
| 9.3.0.x | RUP expected in October. If a fix is needed sooner, upgrade your version of OneFS. | |||
| 9.0.0, 9.1.1.x, and 9.2.0.x | Upgrade your version of OneFS. | |||
| CVE-2022-31229 | OneFS | 9.1.0.x and 9.2.1.x | Download and install the latest RUP and follow the additional steps in "Workarounds and Mitigations". | |
| 9.3.0.x | RUP expected in July. If a fix is needed sooner, upgrade your version of OneFS. | |||
| 9.0.0, 9.1.1.x, and 9.2.0.x | Upgrade your version of OneFS and follow the additional steps in "Workarounds and Mitigations". |
NOTE: The table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
Workarounds und Korrekturmaßnahmen
| CVE addressed | Workaround and Mitigation |
| CVE-2022-31229 | In addition to upgrading your version of OneFS or downloading and installing the latest RUP, Dell recommends changing your Dell account password. If the password for your Dell account was used as a password elsewhere, Dell recommends changing these passwords and does not recommend using the same password on multiple accounts or programs. If your Dell account is used by other clients or accounts, they must be updated with the new password. |
Revisionsverlauf
| Revision | Date | Description |
| 1.1 | 2022-06-16 | Initial release |
Zugehörige Informationen
Rechtlicher Hinweis
Betroffene Produkte
PowerScale OneFS, Product Security InformationArtikeleigenschaften
Artikelnummer: 000200681
Artikeltyp: Dell Security Advisory
Zuletzt geändert: 23 Juni 2023
Antworten auf Ihre Fragen erhalten Sie von anderen Dell NutzerInnen
Support Services
Prüfen Sie, ob Ihr Gerät durch Support Services abgedeckt ist.