Corrected 2 CVEs

2025-05-07 19:17:10 +00:00 · 2022-05-11 11:49:15 -04:00 · 2022-05-11 11:49:15 -04:00 · 8f8bc718fb
commit 8f8bc718fb
parent 9c827e5cc1
2 changed files with 5 additions and 5 deletions
--- a/2021/36xxx/CVE-2021-36278.json
+++ b/2021/36xxx/CVE-2021-36278.json
@ -36,15 +36,15 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "Dell EMC PowerScale OneFS versions 8.2.x and 9.1.0.x contain an insertion of sensitive information into log files vulnerability. This means a malicious actor with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE privileges can access privileged information."
+                "value": "Dell EMC PowerScale OneFS versions 8.2.x, 9.1.0.x, and 9.1.1.1 contain a sensitive information exposure vulnerability in log files. A local malicious user with ISI_PRIV_LOGIN_SSH, ISI_PRIV_LOGIN_CONSOLE, or ISI_PRIV_SYS_SUPPORT privileges may exploit this vulnerability to access sensitive information. If any third-party consumes those logs, the same sensitive information is available to those systems as well."
            }
        ]
    },
    "impact": {
        "cvss": {
-            "baseScore": 7.8,
+            "baseScore": 8.1,
            "baseSeverity": "High",
-            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
        }
    },
--- a/2022/23xxx/CVE-2022-23161.json
+++ b/2022/23xxx/CVE-2022-23161.json
@ -36,7 +36,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "Dell PowerScale OneFS versions 8.2.x - 9.3.0.x contains a denial-of-service vulnerability in SmartConnect. An unprivileged network attacker could potentially exploit this vulnerability, leading to denial-of-service. (of course this is temporary and will need to be adapted/reviewed as we determine the CWE with Srisimha Tummala 's help)"
+                "value": "Dell PowerScale OneFS versions 8.2.x - 9.3.0.x contain a denial-of-service vulnerability in SmartConnect. An unprivileged network attacker may potentially exploit this vulnerability, leading to denial-of-service."
            }
        ]
    },
@ -54,7 +54,7 @@
                "description": [
                    {
                        "lang": "eng",
-                        "value": "Other"
+                        "value": "CWE-755: Improper Handling of Exceptional Conditions"
                    }
                ]
            }