Details of VAR-202209-0228

ID

VAR-202209-0228

CVE

CVE-2022-34369

TITLE

Dell's emc powerscale onefs Vulnerability regarding information leakage from log files in

Trust: 0.8

sources: JVNDB: JVNDB-2022-016354

DESCRIPTION

Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3 , contain an insertion of sensitive information in log files vulnerability. A remote unprivileged attacker could potentially exploit this vulnerability, leading to exposure of this sensitive data. Dell PowerScale OneFS is an operating system of Dell (Dell). Offers the PowerScale OneFS operating system for scale-out NAS

Trust: 1.8

sources: NVD: CVE-2022-34369 // JVNDB: JVNDB-2022-016354 // VULHUB: VHN-426685 // VULMON: CVE-2022-34369

AFFECTED PRODUCTS

vendor:	dell	model:	emc powerscale onefs	scope:	lte	version:	9.3.0.6	Trust: 1.0
vendor:	dell	model:	emc powerscale onefs	scope:	lte	version:	9.1.0.20	Trust: 1.0
vendor:	dell	model:	emc powerscale onefs	scope:	gte	version:	9.1.0.0	Trust: 1.0
vendor:	dell	model:	emc powerscale onefs	scope:	lte	version:	9.2.1.13	Trust: 1.0
vendor:	dell	model:	emc powerscale onefs	scope:	gte	version:	9.3.0.0	Trust: 1.0
vendor:	dell	model:	emc powerscale onefs	scope:	lte	version:	9.4.0.3	Trust: 1.0
vendor:	dell	model:	emc powerscale onefs	scope:	gte	version:	9.2.1.0	Trust: 1.0
vendor:	dell	model:	emc powerscale onefs	scope:	gte	version:	9.4.0.0	Trust: 1.0
vendor:	デル	model:	emc powerscale onefs	scope:	eq	version:	9.1.0.0 to 9.1.0.20	Trust: 0.8
vendor:	デル	model:	emc powerscale onefs	scope:	eq	version:	-	Trust: 0.8
vendor:	デル	model:	emc powerscale onefs	scope:	eq	version:	9.3.0.0 to 9.3.0.6	Trust: 0.8
vendor:	デル	model:	emc powerscale onefs	scope:	-	version:	-	Trust: 0.8
vendor:	デル	model:	emc powerscale onefs	scope:	eq	version:	9.4.0.0 to 9.4.0.3	Trust: 0.8
vendor:	デル	model:	emc powerscale onefs	scope:	eq	version:	9.2.1.0 to 9.2.1.13	Trust: 0.8

sources: JVNDB: JVNDB-2022-016354 // NVD: CVE-2022-34369

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-34369
value:	HIGH
Trust: 1.0
security_alert@emc.com:	CVE-2022-34369
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-34369
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202209-123
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2022-34369
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
security_alert@emc.com:	CVE-2022-34369
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.2
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2022-34369
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-016354 // CNNVD: CNNVD-202209-123 // NVD: CVE-2022-34369 // NVD: CVE-2022-34369

PROBLEMTYPE DATA

problemtype:	CWE-532	Trust: 1.1
problemtype:	Information leakage from log files (CWE-532) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-426685 // JVNDB: JVNDB-2022-016354 // NVD: CVE-2022-34369

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202209-123

TYPE

log information leak

Trust: 0.6

sources: CNNVD: CNNVD-202209-123

PATCH

title:

Dell PowerScale OneFS Repair measures for log information disclosure vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=206951

Trust: 0.6

sources: CNNVD: CNNVD-202209-123

EXTERNAL IDS

db:	NVD	id:	CVE-2022-34369	Trust: 3.4
db:	JVNDB	id:	JVNDB-2022-016354	Trust: 0.8
db:	CNNVD	id:	CNNVD-202209-123	Trust: 0.7
db:	VULHUB	id:	VHN-426685	Trust: 0.1
db:	VULMON	id:	CVE-2022-34369	Trust: 0.1

sources: VULHUB: VHN-426685 // VULMON: CVE-2022-34369 // JVNDB: JVNDB-2022-016354 // CNNVD: CNNVD-202209-123 // NVD: CVE-2022-34369

REFERENCES

url:	https://www.dell.com/support/kbdoc/en-us/000202171/dsa-2022-172-dell-powerscale-onefs-security-update-for-multiple-vulnerabilities	Trust: 2.6
url:	https://nvd.nist.gov/vuln/detail/cve-2022-34369	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-34369/	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-426685 // VULMON: CVE-2022-34369 // JVNDB: JVNDB-2022-016354 // CNNVD: CNNVD-202209-123 // NVD: CVE-2022-34369

SOURCES

db:	VULHUB	id:	VHN-426685
db:	VULMON	id:	CVE-2022-34369
db:	JVNDB	id:	JVNDB-2022-016354
db:	CNNVD	id:	CNNVD-202209-123
db:	NVD	id:	CVE-2022-34369

LAST UPDATE DATE

2024-08-14T15:42:14.516000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-426685	date:	2022-09-08T00:00:00
db:	VULMON	id:	CVE-2022-34369	date:	2022-09-03T00:00:00
db:	JVNDB	id:	JVNDB-2022-016354	date:	2023-10-03T08:09:00
db:	CNNVD	id:	CNNVD-202209-123	date:	2022-09-09T00:00:00
db:	NVD	id:	CVE-2022-34369	date:	2022-09-08T12:24:03.433

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-426685	date:	2022-09-02T00:00:00
db:	VULMON	id:	CVE-2022-34369	date:	2022-09-02T00:00:00
db:	JVNDB	id:	JVNDB-2022-016354	date:	2023-10-03T00:00:00
db:	CNNVD	id:	CNNVD-202209-123	date:	2022-09-02T00:00:00
db:	NVD	id:	CVE-2022-34369	date:	2022-09-02T18:15:11.887