Details of VAR-202108-0512

ID

VAR-202108-0512

CVE

CVE-2021-21594

TITLE

Dell EMC PowerScale OneFS In GET Vulnerability regarding information leakage from query string in request

Trust: 0.8

sources: JVNDB: JVNDB-2021-010672

DESCRIPTION

Dell PowerScale OneFS versions 8.2.2 - 9.1.0.x contain a use of get request method with sensitive query strings vulnerability. It can lead to potential disclosure of sensitive data. Dell recommends upgrading at your earliest opportunity. Dell Technologies Dell PowerScale OneFS is an operating system of Dell Technologies in the United States. Offers the PowerScale OneFS operating system for scale-out NAS

Trust: 1.8

sources: NVD: CVE-2021-21594 // JVNDB: JVNDB-2021-010672 // VULHUB: VHN-379998 // VULMON: CVE-2021-21594

AFFECTED PRODUCTS

vendor:	dell	model:	emc powerscale onefs	scope:	gte	version:	9.0.0.0	Trust: 1.0
vendor:	dell	model:	emc powerscale onefs	scope:	lte	version:	9.1.0	Trust: 1.0
vendor:	dell	model:	emc powerscale onefs	scope:	eq	version:	8.2.2	Trust: 1.0
vendor:	デル	model:	emc powerscale onefs	scope:	-	version:	-	Trust: 0.8
vendor:	デル	model:	emc powerscale onefs	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-010672 // NVD: CVE-2021-21594

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-21594
value:	MEDIUM
Trust: 1.0
security_alert@emc.com:	CVE-2021-21594
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-21594
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202108-1489
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-379998
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-21594
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-21594
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-379998
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-21594
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
security_alert@emc.com:	CVE-2021-21594
baseSeverity:	HIGH
baseScore:	8.2
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	4.2
version:	3.1
Trust: 1.0
NVD:	CVE-2021-21594
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-379998 // VULMON: CVE-2021-21594 // JVNDB: JVNDB-2021-010672 // CNNVD: CNNVD-202108-1489 // NVD: CVE-2021-21594 // NVD: CVE-2021-21594

PROBLEMTYPE DATA

problemtype:	CWE-598	Trust: 1.1
problemtype:	GET Information leakage from query string in request (CWE-598) [ others ]	Trust: 0.8

sources: VULHUB: VHN-379998 // JVNDB: JVNDB-2021-010672 // NVD: CVE-2021-21594

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202108-1489

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202108-1489

PATCH

title:	DSA-2021-142	url:	https://www.dell.com/support/kbdoc/ja-jp/000190408/dsa-2021-142-dell-powerscale-onefs-security-update-for-multiple-vulnerabilities	Trust: 0.8
title:	Dell Technologies Dell PowerScale OneFS Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=160722	Trust: 0.6

sources: JVNDB: JVNDB-2021-010672 // CNNVD: CNNVD-202108-1489

EXTERNAL IDS

db:	NVD	id:	CVE-2021-21594	Trust: 3.4
db:	JVNDB	id:	JVNDB-2021-010672	Trust: 0.8
db:	CNNVD	id:	CNNVD-202108-1489	Trust: 0.7
db:	VULHUB	id:	VHN-379998	Trust: 0.1
db:	VULMON	id:	CVE-2021-21594	Trust: 0.1

sources: VULHUB: VHN-379998 // VULMON: CVE-2021-21594 // JVNDB: JVNDB-2021-010672 // CNNVD: CNNVD-202108-1489 // NVD: CVE-2021-21594

REFERENCES

url:	https://www.dell.com/support/kbdoc/000190408	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-21594	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/598.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-379998 // VULMON: CVE-2021-21594 // JVNDB: JVNDB-2021-010672 // CNNVD: CNNVD-202108-1489 // NVD: CVE-2021-21594

SOURCES

db:	VULHUB	id:	VHN-379998
db:	VULMON	id:	CVE-2021-21594
db:	JVNDB	id:	JVNDB-2021-010672
db:	CNNVD	id:	CNNVD-202108-1489
db:	NVD	id:	CVE-2021-21594

LAST UPDATE DATE

2024-08-14T14:50:12.668000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-379998	date:	2021-08-25T00:00:00
db:	VULMON	id:	CVE-2021-21594	date:	2021-08-25T00:00:00
db:	JVNDB	id:	JVNDB-2021-010672	date:	2022-07-07T01:21:00
db:	CNNVD	id:	CNNVD-202108-1489	date:	2021-08-26T00:00:00
db:	NVD	id:	CVE-2021-21594	date:	2021-08-25T00:40:50.880

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-379998	date:	2021-08-16T00:00:00
db:	VULMON	id:	CVE-2021-21594	date:	2021-08-16T00:00:00
db:	JVNDB	id:	JVNDB-2021-010672	date:	2022-07-07T00:00:00
db:	CNNVD	id:	CNNVD-202108-1489	date:	2021-08-16T00:00:00
db:	NVD	id:	CVE-2021-21594	date:	2021-08-16T22:15:07.357