Sign-up

ID

VAR-202302-0068


CVE

CVE-2022-45096


TITLE

Dell PowerScale OneFS  Vulnerability in improperly limiting rendered user interface layers or frames in

Trust: 0.8

sources: JVNDB: JVNDB-2022-012304

DESCRIPTION

Dell PowerScale OneFS, 8.2.0 through 9.3.0, contain an User Interface Security Issue. An unauthenticated remote user could unintentionally lead an administrator to enable this vulnerability, leading to disclosure of information

Trust: 1.8

sources: NVD: CVE-2022-45096 // JVNDB: JVNDB-2022-012304 // VULHUB: VHN-442691 // VULMON: CVE-2022-45096

AFFECTED PRODUCTS

vendor:dellmodel:emc powerscale onefsscope:gteversion:9.4.0.0

Trust: 1.0

vendor:dellmodel:emc powerscale onefsscope:gteversion:9.1.0.0

Trust: 1.0

vendor:dellmodel:emc powerscale onefsscope:ltversion:9.4.0.9

Trust: 1.0

vendor:dellmodel:emc powerscale onefsscope:gteversion:9.2.1.0

Trust: 1.0

vendor:dellmodel:emc powerscale onefsscope:ltversion:9.2.1.18

Trust: 1.0

vendor:dellmodel:emc powerscale onefsscope:ltversion:9.1.0.25

Trust: 1.0

vendor:デルmodel:emc powerscale onefsscope: - version: -

Trust: 0.8

vendor:デルmodel:emc powerscale onefsscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-012304 // NVD: CVE-2022-45096

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-45096
value: MEDIUM

Trust: 1.0

security_alert@emc.com: CVE-2022-45096
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-45096
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202302-008
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2022-45096
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

security_alert@emc.com: CVE-2022-45096
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.5
version: 3.1

Trust: 1.0

NVD: CVE-2022-45096
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-012304 // CNNVD: CNNVD-202302-008 // NVD: CVE-2022-45096 // NVD: CVE-2022-45096

PROBLEMTYPE DATA

problemtype:CWE-355

Trust: 1.0

problemtype:CWE-1021

Trust: 1.0

problemtype:Improper restrictions on rendered user interface layers or frames (CWE-1021) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-012304 // NVD: CVE-2022-45096

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202302-008

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202302-008

PATCH

title:DSA-2022-295url:https://www.dell.com/support/kbdoc/en-us/000206357/dell-emc-powerscale-onefs-security-updates-for-multiple-security-vulnerabilities

Trust: 0.8

title:Dell PowerScale OneFS Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=224362

Trust: 0.6

title: - url:https://github.com/Live-Hack-CVE/CVE-2022-45096

Trust: 0.1

sources: VULMON: CVE-2022-45096 // JVNDB: JVNDB-2022-012304 // CNNVD: CNNVD-202302-008

EXTERNAL IDS

db:NVDid:CVE-2022-45096

Trust: 3.4

db:JVNDBid:JVNDB-2022-012304

Trust: 0.8

db:CNNVDid:CNNVD-202302-008

Trust: 0.6

db:VULHUBid:VHN-442691

Trust: 0.1

db:VULMONid:CVE-2022-45096

Trust: 0.1

sources: VULHUB: VHN-442691 // VULMON: CVE-2022-45096 // JVNDB: JVNDB-2022-012304 // CNNVD: CNNVD-202302-008 // NVD: CVE-2022-45096

REFERENCES

url:https://www.dell.com/support/kbdoc/en-us/000206357/dell-emc-powerscale-onefs-security-updates-for-multiple-security-vulnerabilities

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-45096

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-45096/

Trust: 0.6

url:https://github.com/live-hack-cve/cve-2022-45096

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-442691 // VULMON: CVE-2022-45096 // JVNDB: JVNDB-2022-012304 // CNNVD: CNNVD-202302-008 // NVD: CVE-2022-45096

SOURCES

db:VULHUBid:VHN-442691
db:VULMONid:CVE-2022-45096
db:JVNDBid:JVNDB-2022-012304
db:CNNVDid:CNNVD-202302-008
db:NVDid:CVE-2022-45096

LAST UPDATE DATE

2024-08-14T14:54:59.292000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-442691date:2023-02-08T00:00:00
db:VULMONid:CVE-2022-45096date:2023-02-01T00:00:00
db:JVNDBid:JVNDB-2022-012304date:2023-08-29T03:26:00
db:CNNVDid:CNNVD-202302-008date:2023-02-09T00:00:00
db:NVDid:CVE-2022-45096date:2023-11-07T03:54:33.370

SOURCES RELEASE DATE

db:VULHUBid:VHN-442691date:2023-02-01T00:00:00
db:VULMONid:CVE-2022-45096date:2023-02-01T00:00:00
db:JVNDBid:JVNDB-2022-012304date:2023-08-29T00:00:00
db:CNNVDid:CNNVD-202302-008date:2023-02-01T00:00:00
db:NVDid:CVE-2022-45096date:2023-02-01T05:15:12.740