Описание
Dell EMC PowerScale OneFS contains an untrusted search path vulnerability. This vulnerability allows a user with (ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE) and (ISI_PRIV_SYS_UPGRADE or ISI_PRIV_AUDIT) to provide an untrusted path which can lead to run resources that are not under the application’s direct control.
Ссылки
- MitigationVendor Advisory
- MitigationVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:o:dell:emc_powerscale_onefs:8.1.2:*:*:*:*:*:*:*
cpe:2.3:o:dell:emc_powerscale_onefs:8.1.3:*:*:*:*:*:*:*
cpe:2.3:o:dell:emc_powerscale_onefs:9.0.0.0:*:*:*:*:*:*:*
cpe:2.3:o:dell:emc_powerscale_onefs:9.1.0.0:*:*:*:*:*:*:*
EPSS
Процентиль: 18%
0.00056
Низкий
4.4 Medium
CVSS3
2.1 Low
CVSS2
Дефекты
CWE-426
CWE-426
Связанные уязвимости
github
больше 3 лет назад
Dell EMC PowerScale OneFS contains an untrusted search path vulnerability. This vulnerability allows a user with (ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE) and (ISI_PRIV_SYS_UPGRADE or ISI_PRIV_AUDIT) to provide an untrusted path which can lead to run resources that are not under the application’s direct control.
EPSS
Процентиль: 18%
0.00056
Низкий
4.4 Medium
CVSS3
2.1 Low
CVSS2
Дефекты
CWE-426
CWE-426