Impact
High
Gegevens
Proprietary Code CVE |
Description |
CVSS Base Score |
CVSS Vector String |
CVE-2022-29098 |
Dell PowerScale OneFS versions 8.2.0.x through 9.3.0.x, contain a weak password requirement vulnerability. An administrator may create an account with no password. A remote attacker may potentially exploit this leading to a user account compromise. |
8.1 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Proprietary Code CVE |
Description |
CVSS Base Score |
CVSS Vector String |
CVE-2022-29098 |
Dell PowerScale OneFS versions 8.2.0.x through 9.3.0.x, contain a weak password requirement vulnerability. An administrator may create an account with no password. A remote attacker may potentially exploit this leading to a user account compromise. |
8.1 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Dell Technologies raadt aan dat alle klanten rekening houden met zowel de basisscore van CVSS als alle relevante tijdelijke en omgevingsscores die gevolgen kunnen hebben voor de mogelijke ernst van de specifieke beveiligingsproblemen.
CVE Addressed |
Affected Versions |
Updated Versions |
Link to Update |
CVE-2022-29098 |
9.0.0, 9.1.1.x, and 9.2.0.x |
Upgrade your version of OneFS and follow the additional steps in "Workarounds and Mitigations." |
PowerScale OneFS Downloads Area |
9.1.0.x, 9.2.1.x, and 9.3.0.x |
Download and install the latest RUP and follow the additional steps in "Workarounds and Mitigations." |
CVE Addressed |
Affected Versions |
Updated Versions |
Link to Update |
CVE-2022-29098 |
9.0.0, 9.1.1.x, and 9.2.0.x |
Upgrade your version of OneFS and follow the additional steps in "Workarounds and Mitigations." |
PowerScale OneFS Downloads Area |
9.1.0.x, 9.2.1.x, and 9.3.0.x |
Download and install the latest RUP and follow the additional steps in "Workarounds and Mitigations." |
Tijdelijke oplossingen en risicobeperking
CVE addressed |
Workarounds and Mitigations |
CVE-2022-29098 |
Ensure that the user creation procedure recommends assigning a password to all newly created user accounts which meets your company's complexity requirements. For those accounts that were created before implementing this policy, ensure the users update their password. |
Revisiegeschiedenis
Revision | Date | Description |
1.0 | 2022-04-30 | Initial Release |
Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide
Getroffen producten
PowerScale OneFS
Producten
Product Security Information