Dell EMC PowerScale OneFS versions 8.2.x - 9.2.1.x contain an OS command injection vulnerability. This may allow a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to escalate privileges and escape the compliance guarantees. This only impacts Smartlock WORM compliance mode clusters as a critical vulnerability and Dell recommends to update/upgrade at the earliest opportunity.
References
Link | Resource |
---|---|
https://www.dell.com/support/kbdoc/000190408 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
25 Aug 2021, 00:50
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:dell:emc_powerscale_onefs:8.2.2:*:*:*:*:*:*:* cpe:2.3:o:dell:emc_powerscale_onefs:*:*:*:*:*:*:*:* |
|
References | (CONFIRM) https://www.dell.com/support/kbdoc/000190408 - Patch, Vendor Advisory | |
CWE | CWE-78 | |
CVSS |
v2 : v3 : |
v2 : 4.6
v3 : 6.7 |
16 Aug 2021, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-08-16 22:15
Updated : 2023-12-10 13:55
NVD link : CVE-2021-21599
Mitre link : CVE-2021-21599
CVE.ORG link : CVE-2021-21599
JSON object : View
Products Affected
dell
- emc_powerscale_onefs
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')