CVE-2022-29098

Dell PowerScale OneFS versions 8.2.0.x through 9.3.0.x, contain a weak password requirement vulnerability. An administrator may create an account with no password. A remote attacker may potentially exploit this leading to a user account compromise.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:dell:powerscale_onefs:9.0.0:*:*:*:*:*:*:*
cpe:2.3:a:dell:powerscale_onefs:9.1.0:*:*:*:*:*:*:*
cpe:2.3:a:dell:powerscale_onefs:9.1.1:*:*:*:*:*:*:*
cpe:2.3:a:dell:powerscale_onefs:9.2.0:*:*:*:*:*:*:*
cpe:2.3:a:dell:powerscale_onefs:9.2.1:*:*:*:*:*:*:*
cpe:2.3:a:dell:powerscale_onefs:9.3.0:*:*:*:*:*:*:*

History

21 Nov 2024, 06:58

Type Values Removed Values Added
References () https://www.dell.com/support/kbdoc/en-us/000200128/dsa-2022-082-dell-emc-powerscale-onefs-security-update?lang=en - Patch, Vendor Advisory () https://www.dell.com/support/kbdoc/en-us/000200128/dsa-2022-082-dell-emc-powerscale-onefs-security-update?lang=en - Patch, Vendor Advisory
CVSS v2 : 5.0
v3 : 7.5
v2 : 5.0
v3 : 8.1

Information

Published : 2022-06-01 15:15

Updated : 2024-11-21 06:58


NVD link : CVE-2022-29098

Mitre link : CVE-2022-29098

CVE.ORG link : CVE-2022-29098


JSON object : View

Products Affected

dell

  • powerscale_onefs
CWE
CWE-521

Weak Password Requirements