First published: Wed Feb 01 2023(Updated: )
Dell PowerScale OneFS 9.0.0.x - 9.4.0.x contain an insertion of sensitive information into log file vulnerability in platform API of IPMI module. A low-privileged user with permission to read logs on the cluster could potentially exploit this vulnerability, leading to Information disclosure and denial of service.
Credit: security_alert@emc.com
Affected Software | Affected Version | How to fix |
---|---|---|
Dell EMC PowerScale OneFS | >=9.1.0.0<9.1.0.27 | |
Dell EMC PowerScale OneFS | >=9.2.1.0<9.2.1.20 | |
Dell EMC PowerScale OneFS | >=9.4.0.0<9.4.0.11 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2023-22574.
The affected software is Dell EMC PowerScale OneFS versions 9.0.0.x - 9.4.0.x.
The severity of CVE-2023-22574 is high with a CVSS score of 8.1.
This vulnerability could lead to information disclosure and denial of service.
To fix this vulnerability, apply the security updates provided by Dell in the following advisory: [Dell PowerScale OneFS Security Updates](https://www.dell.com/support/kbdoc/en-us/000207863/dell-powerscale-onefs-security-updates-for-multiple-security).