CVE-2022-32480 - Vulnerability Details - OpenCVE

Dell PowerScale OneFS, versions 9.0.0, up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain an insecure default initialization of a resource vulnerability. A remote authenticated attacker may potentially exploit this vulnerability, leading to information disclosure.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Dell	Emc Powerscale Onefs

Configuration 1 [-]

OR	cpe:2.3:o:dell:emc_powerscale_onefs::::::::
	cpe:2.3:o:dell:emc_powerscale_onefs::::::::
	cpe:2.3:o:dell:emc_powerscale_onefs::::::::
	cpe:2.3:o:dell:emc_powerscale_onefs::::::::

No data.

References

Link	Providers
https://www.dell.com/support/kbdoc/en-us/000201094/dsa-2022-149-dell-emc-powerscale-onefs-security-update?lang=en

History

No history.

MITRE

Status: PUBLISHED

Assigner: dell

Published: 2022-08-22T16:50:55.935679Z

Updated: 2024-09-16T23:05:58.156Z

Reserved: 2022-06-06T00:00:00

Link: CVE-2022-32480

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-08-22T17:15:08.320

Modified: 2024-11-21T07:06:24.890

Link: CVE-2022-32480

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "PowerScale OneFS", "vendor": "Dell", "versions": [{"lessThan": "9.1.0.x, 9.2.0.x,, 9.2.1.x, 9.3.0.x", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2022-06-30T00:00:00", "descriptions": [{"lang": "en", "value": "Dell PowerScale OneFS, versions 9.0.0, up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain an insecure default initialization of a resource vulnerability. A remote authenticated attacker may potentially exploit this vulnerability, leading to information disclosure."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1188", "description": "CWE-1188: Insecure Default Initialization of Resource", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-08-22T16:50:55", "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.dell.com/support/kbdoc/en-us/000201094/dsa-2022-149-dell-emc-powerscale-onefs-security-update?lang=en"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@dell.com", "DATE_PUBLIC": "2022-06-30", "ID": "CVE-2022-32480", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "PowerScale OneFS", "version": {"version_data": [{"version_affected": "<", "version_value": "9.1.0.x, 9.2.0.x,, 9.2.1.x, 9.3.0.x"}]}}]}, "vendor_name": "Dell"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Dell PowerScale OneFS, versions 9.0.0, up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain an insecure default initialization of a resource vulnerability. A remote authenticated attacker may potentially exploit this vulnerability, leading to information disclosure."}]}, "impact": {"cvss": {"baseScore": 4.3, "baseSeverity": "Medium", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-1188: Insecure Default Initialization of Resource"}]}]}, "references": {"reference_data": [{"name": "https://www.dell.com/support/kbdoc/en-us/000201094/dsa-2022-149-dell-emc-powerscale-onefs-security-update?lang=en", "refsource": "MISC", "url": "https://www.dell.com/support/kbdoc/en-us/000201094/dsa-2022-149-dell-emc-powerscale-onefs-security-update?lang=en"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T07:39:51.193Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.dell.com/support/kbdoc/en-us/000201094/dsa-2022-149-dell-emc-powerscale-onefs-security-update?lang=en"}]}]}, "cveMetadata": {"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "assignerShortName": "dell", "cveId": "CVE-2022-32480", "datePublished": "2022-08-22T16:50:55.935679Z", "dateReserved": "2022-06-06T00:00:00", "dateUpdated": "2024-09-16T23:05:58.156Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:emc_powerscale_onefs:*:*:*:*:*:*:*:*", "matchCriteriaId": "1C0A982E-C690-4103-B27D-F30C7B913D33", "versionEndIncluding": "9.1.0.19", "versionStartIncluding": "9.1.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:dell:emc_powerscale_onefs:*:*:*:*:*:*:*:*", "matchCriteriaId": "C8C6C3D7-DEF8-4299-B2D9-CADFE9CF6FE6", "versionEndIncluding": "9.2.1.12", "versionStartIncluding": "9.2.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:dell:emc_powerscale_onefs:*:*:*:*:*:*:*:*", "matchCriteriaId": "59849B62-4A3A-4249-9FCF-8C076F94DA22", "versionEndIncluding": "9.3.0.6", "versionStartIncluding": "9.3.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:dell:emc_powerscale_onefs:*:*:*:*:*:*:*:*", "matchCriteriaId": "D61851E6-186E-44BF-BB61-B48AF3A9D836", "versionEndIncluding": "9.4.0.2", "versionStartIncluding": "9.4.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Dell PowerScale OneFS, versions 9.0.0, up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain an insecure default initialization of a resource vulnerability. A remote authenticated attacker may potentially exploit this vulnerability, leading to information disclosure."}, {"lang": "es", "value": "Dell PowerScale OneFS, versiones 9.0.0, hasta 9.1.0.19, 9.2.1.12, 9.3.0.6 y 9.4.0.2 incluy\u00e9ndola, contienen una vulnerabilidad de inicializaci\u00f3n por defecto de un recurso. Un atacante remoto autenticado puede potencialmente explotar esta vulnerabilidad, conllevando a una divulgaci\u00f3n de informaci\u00f3n."}], "id": "CVE-2022-32480", "lastModified": "2024-11-21T07:06:24.890", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security_alert@emc.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-08-22T17:15:08.320", "references": [{"source": "security_alert@emc.com", "tags": ["Vendor Advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000201094/dsa-2022-149-dell-emc-powerscale-onefs-security-update?lang=en"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000201094/dsa-2022-149-dell-emc-powerscale-onefs-security-update?lang=en"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1188"}], "source": "security_alert@emc.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-1188"}], "source": "nvd@nist.gov", "type": "Primary"}]}