Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-26851

Summary
Assigner-dell
Assigner Org ID-c550e75a-17ff-4988-97f0-544cde3820fe
Published At-08 Apr, 2022 | 19:50
Updated At-16 Sep, 2024 | 16:58
Rejected At-
Credits

Dell PowerScale OneFS, 8.2.2-9.3.x, contains a predictable file name from observable state vulnerability. An unprivileged network attacker could potentially exploit this vulnerability, leading to data loss.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:dell
Assigner Org ID:c550e75a-17ff-4988-97f0-544cde3820fe
Published At:08 Apr, 2022 | 19:50
Updated At:16 Sep, 2024 | 16:58
Rejected At:
▼CVE Numbering Authority (CNA)

Dell PowerScale OneFS, 8.2.2-9.3.x, contains a predictable file name from observable state vulnerability. An unprivileged network attacker could potentially exploit this vulnerability, leading to data loss.

Affected Products
Vendor
Dell Inc.Dell
Product
PowerScale OneFS
Versions
Affected
  • From unspecified before 8.2.x, 9.0.0.x, 9.1.0.x, 9.1.1.x (Super Tubes), 9.2.0.x (Empire), 9.2.1.x (Flying Scotsman), 9.3.0.x (Gotham), (custom)
Problem Types
TypeCWE IDDescription
CWECWE-330CWE-330: Use of Insufficiently Random Values
Type: CWE
CWE ID: CWE-330
Description: CWE-330: Use of Insufficiently Random Values
Metrics
VersionBase scoreBase severityVector
3.19.1CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Version: 3.1
Base score: 9.1
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.dell.com/support/kbdoc/en-us/000197991/dell-emc-powerscale-onefs-security-update-for-multiple-component-vulnerabilities
x_refsource_MISC
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000197991/dell-emc-powerscale-onefs-security-update-for-multiple-component-vulnerabilities
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.dell.com/support/kbdoc/en-us/000197991/dell-emc-powerscale-onefs-security-update-for-multiple-component-vulnerabilities
x_refsource_MISC
x_transferred
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000197991/dell-emc-powerscale-onefs-security-update-for-multiple-component-vulnerabilities
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security_alert@emc.com
Published At:08 Apr, 2022 | 20:15
Updated At:14 Apr, 2022 | 19:02

Dell PowerScale OneFS, 8.2.2-9.3.x, contains a predictable file name from observable state vulnerability. An unprivileged network attacker could potentially exploit this vulnerability, leading to data loss.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.1CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Secondary3.19.1CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Primary2.06.4MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:P
Type: Primary
Version: 3.1
Base score: 9.1
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 9.1
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Type: Primary
Version: 2.0
Base score: 6.4
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:P
CPE Matches
Dell Inc.
dell
>>emc_powerscale_onefs>>Versions from 8.2.2(inclusive) to 9.3.0.0(inclusive)
cpe:2.3:o:dell:emc_powerscale_onefs:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-330Primarynvd@nist.gov
CWE-330Secondarysecurity_alert@emc.com
CWE ID: CWE-330
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-330
Type: Secondary
Source: security_alert@emc.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.dell.com/support/kbdoc/en-us/000197991/dell-emc-powerscale-onefs-security-update-for-multiple-component-vulnerabilitiessecurity_alert@emc.com
Vendor Advisory
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000197991/dell-emc-powerscale-onefs-security-update-for-multiple-component-vulnerabilities
Source: security_alert@emc.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

8Records found
CVE-2025-24383
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-9.1||CRITICAL
EPSS-8.92% / 92.22%
||
7 Day CHG-8.73%
Published-28 Mar, 2025 | 01:24
Updated-08 Jul, 2025 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability to delete arbitrary files. This vulnerability is considered critical as it can be leveraged to delete critical system files as root. Dell recommends customers to upgrade at the earliest opportunity.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentUnity
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2006-2113
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.4||MEDIUM
EPSS-2.35% / 84.25%
||
7 Day CHG~0.00%
Published-25 Aug, 2006 | 01:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The embedded HTTP server in Fuji Xerox Printing Systems (FXPS) print engine, as used in products including (1) Dell 3000cn through 5110cn and (2) Fuji Xerox DocuPrint firmware before 20060628 and Network Option Card firmware before 5.13, does not properly perform authentication for HTTP requests, which allows remote attackers to modify system configuration via crafted requests, including changing the administrator password or causing a denial of service to the print server.

Action-Not Available
Vendor-fuji_xeroxn/aDell Inc.
Product-docuprint_181_network_option_card3000cnfuji_xerox_printing_systems_print_enginedocuprint_c830_network_option_carddocuprint_211docuprint_c1616_network_option_card3100cn3110cndocuprint_c525a_network_option_carddocuprint_1815110cnphaser_6201jdocuprint_c1616docuprint_c830docuprint_211_network_option_carddocuprint_c2535a3010cndocuprint_c525a5100cnn/a
CWE ID-CWE-287
Improper Authentication
CVE-2019-3723
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-9.1||CRITICAL
EPSS-0.43% / 61.77%
||
7 Day CHG~0.00%
Published-06 Jun, 2019 | 19:14
Updated-16 Sep, 2024 | 19:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Web Parameter Tampering Vulnerability

Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4 contain a web parameter tampering vulnerability. A remote unauthenticated attacker could potentially manipulate parameters of web requests to OMSA to create arbitrary files with empty content or delete the contents of any existing file, due to improper input parameter validation

Action-Not Available
Vendor-Dell Inc.
Product-emc_openmanage_server_administratorOpenManage Server Administrator
CWE ID-CWE-20
Improper Input Validation
CVE-2024-25943
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.6||HIGH
EPSS-2.79% / 85.52%
||
7 Day CHG~0.00%
Published-29 Jun, 2024 | 12:52
Updated-03 Feb, 2025 | 15:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

iDRAC9, versions prior to 7.00.00.172 for 14th Generation and 7.10.50.00 for 15th and 16th Generations, contains a session hijacking vulnerability in IPMI. A remote attacker could potentially exploit this vulnerability, leading to arbitrary code execution on the vulnerable application.

Action-Not Available
Vendor-Dell Inc.
Product-idrac9Integrated Dell Remote Access Controller 9integrated_dell_remote_access_controller_9_firmware
CWE ID-CWE-330
Use of Insufficiently Random Values
CVE-2021-36294
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-9.8||CRITICAL
EPSS-0.24% / 46.21%
||
7 Day CHG~0.00%
Published-25 Jan, 2022 | 22:15
Updated-16 Sep, 2024 | 16:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an authentication bypass vulnerability. A remote unauthenticated attacker may exploit this vulnerability by forging a cookie to login as any user.

Action-Not Available
Vendor-Dell Inc.
Product-vnx5600vnx5400vnx5800vnx_vg10emc_unity_operating_environmentvnx5200vnx_vg50vnx7600vnx8000VNX Control Station
CWE ID-CWE-331
Insufficient Entropy
CWE ID-CWE-330
Use of Insufficiently Random Values
CVE-2020-5365
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-5.3||MEDIUM
EPSS-0.26% / 49.06%
||
7 Day CHG~0.00%
Published-20 May, 2020 | 20:45
Updated-16 Sep, 2024 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Isilon versions 8.2.2 and earlier contain a remotesupport vulnerability. The pre-configured support account, remotesupport, is bundled in the Dell EMC Isilon OneFS installation. This account is used for diagnostics and other support functions. Although the default password is different for every cluster, it is predictable.

Action-Not Available
Vendor-Dell Inc.
Product-emc_isilon_onefsIsilon OneFS
CWE ID-CWE-341
Predictable from Observable State
CWE ID-CWE-330
Use of Insufficiently Random Values
CVE-2020-35163
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-5.3||MEDIUM
EPSS-0.74% / 71.96%
||
7 Day CHG~0.00%
Published-11 Jul, 2022 | 19:25
Updated-17 Sep, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain a Use of Insufficiently Random Values Vulnerability.

Action-Not Available
Vendor-Oracle CorporationDell Inc.
Product-http_serverweblogic_server_proxy_plug-inbsafe_crypto-c-micro-editiondatabasebsafe_micro-edition-suitesecurity_serviceDell BSAFE Crypto-C Micro Edition
CWE ID-CWE-330
Use of Insufficiently Random Values
CVE-2023-3373
Matching Score-4
Assigner-Mitsubishi Electric Corporation
ShareView Details
Matching Score-4
Assigner-Mitsubishi Electric Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.48% / 63.93%
||
7 Day CHG~0.00%
Published-03 Aug, 2023 | 23:44
Updated-27 Feb, 2025 | 21:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Predictable Exact Value from Previous Values vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT21 model versions 01.49.000 and prior and GOT SIMPLE Series GS21 model versions 01.49.000 and prior allows a remote unauthenticated attacker to hijack data connections (session hijacking) or prevent legitimate users from establishing data connections (to cause DoS condition) by guessing the listening port of the data connection on FTP server and connecting to it.

Action-Not Available
Vendor-Mitsubishi Electric Corporation
Product-gt21_firmwaregs21_firmwaregt21gs21GOT2000 Series GT21 modelGOT SIMPLE Series GS21 model
CWE ID-CWE-342
Predictable Exact Value from Previous Values
CWE ID-CWE-330
Use of Insufficiently Random Values
Details not found