admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-29 01:31:20 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2021/CVE-2021-215xx/CVE-2021-21595.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

142 lines
4.4 KiB
JSON
Raw Blame History

{
"id": "CVE-2021-21595",
"sourceIdentifier": "security_alert@emc.com",
"published": "2021-08-16T22:15:07.490",
"lastModified": "2021-08-25T00:43:50.323",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC PowerScale OneFS versions 8.2.x - 9.1.1.x contain an improper neutralization of special elements used in an OS command. This vulnerability could allow the compadmin user to elevate privileges. This only impacts Smartlock WORM compliance mode clusters as a critical vulnerability and Dell recommends to update/upgrade at the earliest opportunity."
},
{
"lang": "es",
"value": "Dell EMC PowerScale OneFS versiones 8.2.x - 9.1.1.x, contienen una neutralizaci\u00f3n inapropiada de los elementos especiales usados en un comando del Sistema Operativo. Esta vulnerabilidad podr\u00eda permitir al usuario compadmin elevar sus privilegios. Esto s\u00f3lo afecta a los cl\u00fasteres en modo de cumplimiento Smartlock WORM como una vulnerabilidad cr\u00edtica y Dell recomienda actualizar/mejorar a la mayor brevedad posible."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.2
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector": "LOCAL",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dell:emc_powerscale_onefs:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.0.0.0",
"versionEndExcluding": "9.2.0",
"matchCriteriaId": "3FA1981C-C851-4154-B0DC-E4D0C8FF719C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dell:emc_powerscale_onefs:8.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FF89B320-6D5A-4E46-A1FA-FCDB31F325C4"
}
]
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/000190408",
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink