DSA-2021-123: Dell PowerScale OneFS Security Update for multiple vulnerabilities
摘要: Dell PowerScale OneFS remediation is available for multiple vulnerabilities that may be exploited by malicious users to compromise the affected system.
本文适用于
本文不适用于
本文并非针对某种特定的产品。
本文并非包含所有产品版本。
影响
Critical
详情
| Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
| CVE-2021-21567 | Dell PowerScale OneFS 9.1.0.x contains an improper privilege management vulnerability. It may allow an authenticated user with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE to elevate privilege. Since this also affects Compliance mode, this is a critical vulnerability and Dell recommends upgrading at the earliest opportunity. | 7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Third-party Component | CVE | More information |
| Python | CVE-2021-3177 | See Advisory: Python Issue 42938 |
| Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
| CVE-2021-21567 | Dell PowerScale OneFS 9.1.0.x contains an improper privilege management vulnerability. It may allow an authenticated user with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE to elevate privilege. Since this also affects Compliance mode, this is a critical vulnerability and Dell recommends upgrading at the earliest opportunity. | 7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Third-party Component | CVE | More information |
| Python | CVE-2021-3177 | See Advisory: Python Issue 42938 |
受影响的产品和补救措施
| CVEs Addressed | Affected Versions | Updated Versions | Link to Update |
| CVE-2021-3177 | 8.1.x, 8.2x, 9.0.0.x, and 9.2.0 | Upgrade your version of OneFS | PowerScale Downloads Area |
| 8.1.2, 8.2.2, and 9.1.0.x | Download and install the relevant GA-RUP_2021-06 | ||
| CVE-2021-21567 | 9.0.0.x | Upgrade your version of OneFS | |
| 9.1.0.x | Download and install the relevant GA-RUP_2021-06 |
| CVEs Addressed | Affected Versions | Updated Versions | Link to Update |
| CVE-2021-3177 | 8.1.x, 8.2x, 9.0.0.x, and 9.2.0 | Upgrade your version of OneFS | PowerScale Downloads Area |
| 8.1.2, 8.2.2, and 9.1.0.x | Download and install the relevant GA-RUP_2021-06 | ||
| CVE-2021-21567 | 9.0.0.x | Upgrade your version of OneFS | |
| 9.1.0.x | Download and install the relevant GA-RUP_2021-06 |
修订历史记录
| Revision | Date | Description |
| 1.0 | 2021-07-12 | Initial Release |
相关信息
法律免责声明
受影响的产品
PowerScale OneFS, Product Security Information文章属性
文章编号: 000189495
文章类型: Dell Security Advisory
上次修改时间: 15 2月 2022
从其他戴尔用户那里查找问题的答案
支持服务
检查您的设备是否在支持服务涵盖的范围内。