Sign-up

ID

VAR-202206-2053


CVE

CVE-2022-31229


TITLE

Dell's  powerscale onefs  Vulnerability regarding information leakage due to error messages in

Trust: 0.8

sources: JVNDB: JVNDB-2022-012649

DESCRIPTION

Dell PowerScale OneFS, 8.2.x through 9.3.0.x, contain an error message with sensitive information. An administrator could potentially exploit this vulnerability, leading to disclosure of sensitive information. This sensitive information can be used to access sensitive resources

Trust: 1.8

sources: NVD: CVE-2022-31229 // JVNDB: JVNDB-2022-012649 // VULHUB: VHN-422925 // VULMON: CVE-2022-31229

AFFECTED PRODUCTS

vendor:dellmodel:powerscale onefsscope:lteversion:9.3.0.0

Trust: 1.0

vendor:dellmodel:powerscale onefsscope:gteversion:8.2.0

Trust: 1.0

vendor:デルmodel:powerscale onefsscope:eqversion: -

Trust: 0.8

vendor:デルmodel:powerscale onefsscope:eqversion:8.2.0 to 9.3.0.0

Trust: 0.8

vendor:デルmodel:powerscale onefsscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-012649 // NVD: CVE-2022-31229

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-31229
value: MEDIUM

Trust: 1.0

security_alert@emc.com: CVE-2022-31229
value: CRITICAL

Trust: 1.0

NVD: CVE-2022-31229
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202206-2736
value: MEDIUM

Trust: 0.6

VULHUB: VHN-422925
value: MEDIUM

Trust: 0.1

VULMON: CVE-2022-31229
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2022-31229
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-422925
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2022-31229
baseSeverity: MEDIUM
baseScore: 4.9
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.2
impactScore: 3.6
version: 3.1

Trust: 1.0

security_alert@emc.com: CVE-2022-31229
baseSeverity: CRITICAL
baseScore: 9.6
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.1
impactScore: 5.8
version: 3.1

Trust: 1.0

NVD: CVE-2022-31229
baseSeverity: MEDIUM
baseScore: 4.9
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-422925 // VULMON: CVE-2022-31229 // JVNDB: JVNDB-2022-012649 // CNNVD: CNNVD-202206-2736 // NVD: CVE-2022-31229 // NVD: CVE-2022-31229

PROBLEMTYPE DATA

problemtype:CWE-209

Trust: 1.1

problemtype:Information leakage due to error message (CWE-209) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-422925 // JVNDB: JVNDB-2022-012649 // NVD: CVE-2022-31229

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202206-2736

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202206-2736

PATCH

title:Dell PowerScale OneFS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=199155

Trust: 0.6

sources: CNNVD: CNNVD-202206-2736

EXTERNAL IDS

db:NVDid:CVE-2022-31229

Trust: 3.4

db:JVNDBid:JVNDB-2022-012649

Trust: 0.8

db:CNNVDid:CNNVD-202206-2736

Trust: 0.6

db:VULHUBid:VHN-422925

Trust: 0.1

db:VULMONid:CVE-2022-31229

Trust: 0.1

sources: VULHUB: VHN-422925 // VULMON: CVE-2022-31229 // JVNDB: JVNDB-2022-012649 // CNNVD: CNNVD-202206-2736 // NVD: CVE-2022-31229

REFERENCES

url:https://www.dell.com/support/kbdoc/en-us/000200681/dsa-2022-118-dell-emc-powerscale-onefs-security-update?lang=en

Trust: 2.6

url:https://nvd.nist.gov/vuln/detail/cve-2022-31229

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-31229/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/209.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-422925 // VULMON: CVE-2022-31229 // JVNDB: JVNDB-2022-012649 // CNNVD: CNNVD-202206-2736 // NVD: CVE-2022-31229

SOURCES

db:VULHUBid:VHN-422925
db:VULMONid:CVE-2022-31229
db:JVNDBid:JVNDB-2022-012649
db:CNNVDid:CNNVD-202206-2736
db:NVDid:CVE-2022-31229

LAST UPDATE DATE

2024-08-14T13:53:12.898000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-422925date:2022-07-09T00:00:00
db:VULMONid:CVE-2022-31229date:2022-07-09T00:00:00
db:JVNDBid:JVNDB-2022-012649date:2023-08-31T08:31:00
db:CNNVDid:CNNVD-202206-2736date:2022-07-11T00:00:00
db:NVDid:CVE-2022-31229date:2022-07-09T00:18:04.637

SOURCES RELEASE DATE

db:VULHUBid:VHN-422925date:2022-06-28T00:00:00
db:VULMONid:CVE-2022-31229date:2022-06-28T00:00:00
db:JVNDBid:JVNDB-2022-012649date:2023-08-31T00:00:00
db:CNNVDid:CNNVD-202206-2736date:2022-06-28T00:00:00
db:NVDid:CVE-2022-31229date:2022-06-28T19:15:09.487