First published: Tue Apr 20 2021(Updated: )
Dell PowerScale OneFS 8.1.0 - 9.1.0 contains an LDAP Provider inability to connect over TLSv1.2 vulnerability. It may make it easier to eavesdrop and decrypt such traffic for a malicious actor. Note: This does not affect clusters which are not relying on an LDAP server for the authentication provider.
Credit: security_alert@emc.com
Affected Software | Affected Version | How to fix |
---|---|---|
Dell EMC Isilon OneFS | =8.1.0 | |
Dell EMC Isilon OneFS | =8.1.1 | |
Dell EMC Isilon OneFS | =8.1.2 | |
Dell EMC Isilon OneFS | =8.2.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-26197 is considered a critical vulnerability due to the potential for eavesdropping and decryption of sensitive traffic.
To fix CVE-2020-26197, ensure that your Dell PowerScale OneFS is updated to a version that supports TLSv1.2 for LDAP connections.
CVE-2020-26197 affects Dell PowerScale OneFS versions 8.1.0 to 9.1.0, specifically those utilizing LDAP for authentication.
CVE-2020-26197 results in an LDAP Provider inability to connect securely over TLSv1.2, exposing communication to potential interception.
No, CVE-2020-26197 only affects environments that rely on an LDAP server for authentication within specific versions of Dell PowerScale OneFS.