Numéro d’article: 000200128
High
Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
CVE-2022-29098 | Dell PowerScale OneFS versions 8.2.0.x through 9.3.0.x, contain a weak password requirement vulnerability. An administrator may create an account with no password. A remote attacker may potentially exploit this leading to a user account compromise. | 8.1 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
CVE-2022-29098 | Dell PowerScale OneFS versions 8.2.0.x through 9.3.0.x, contain a weak password requirement vulnerability. An administrator may create an account with no password. A remote attacker may potentially exploit this leading to a user account compromise. | 8.1 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
CVE Addressed | Affected Versions | Updated Versions | Link to Update |
CVE-2022-29098 | 9.0.0, 9.1.1.x, and 9.2.0.x | Upgrade your version of OneFS and follow the additional steps in "Workarounds and Mitigations." | PowerScale OneFS Downloads Area |
9.1.0.x, 9.2.1.x, and 9.3.0.x | Download and install the latest RUP and follow the additional steps in "Workarounds and Mitigations." |
CVE Addressed | Affected Versions | Updated Versions | Link to Update |
CVE-2022-29098 | 9.0.0, 9.1.1.x, and 9.2.0.x | Upgrade your version of OneFS and follow the additional steps in "Workarounds and Mitigations." | PowerScale OneFS Downloads Area |
9.1.0.x, 9.2.1.x, and 9.3.0.x | Download and install the latest RUP and follow the additional steps in "Workarounds and Mitigations." |
CVE addressed | Workarounds and Mitigations |
CVE-2022-29098 | Ensure that the user creation procedure recommends assigning a password to all newly created user accounts which meets your company's complexity requirements. For those accounts that were created before implementing this policy, ensure the users update their password. |
Revision | Date | Description |
1.0 | 2022-04-30 | Initial Release |
PowerScale OneFS
Product Security Information
27 juin 2023
Dell Security Advisory