High
Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
CVE-2021-36350 | Dell PowerScale OneFS, versions 8.2.2-9.3.0.x, contain an authentication bypass by primary weakness in one of the authentication factors. A remote unauthenticated attacker may potentially exploit this vulnerability and bypass one of the factors of authentication. | 5.9 | AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N |
Third-party Component | CVEs | More information |
OpenSSL | CVE-2021-3712 | https://nvd.nist.gov/vuln/detail/CVE-2021-3712 |
Intel Platform | Multiple CVEs | https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00463.html |
cURL | Multiple CVEs | https://curl.se/docs/vuln-7.78.0.html |
Python | CVE-2021-23336 | https://nvd.nist.gov/vuln/detail/CVE-2021-23336 |
Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
CVE-2021-36350 | Dell PowerScale OneFS, versions 8.2.2-9.3.0.x, contain an authentication bypass by primary weakness in one of the authentication factors. A remote unauthenticated attacker may potentially exploit this vulnerability and bypass one of the factors of authentication. | 5.9 | AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N |
Third-party Component | CVEs | More information |
OpenSSL | CVE-2021-3712 | https://nvd.nist.gov/vuln/detail/CVE-2021-3712 |
Intel Platform | Multiple CVEs | https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00463.html |
cURL | Multiple CVEs | https://curl.se/docs/vuln-7.78.0.html |
Python | CVE-2021-23336 | https://nvd.nist.gov/vuln/detail/CVE-2021-23336 |
CVEs Addressed |
|
Updated Versions | Link to Update | |
CVE-2021-3712 (OpenSSL) | 8.2.x, 9.0.0.x, 9.1.1.x, and 9.2.0.x | Upgrade your version of OneFS | PowerScale OneFS Downloads Area |
|
9.3.0.x | Available from December (or later) RUP | |||
9.1.0.x, 9 and2.1.x | Download and install the latest RUP | |||
Multiple CVEs (Intel) | All supported OneFS versions | Download and install the latest NFP for your node types | ||
Multiple CVEs (cURL) | 8.2.x, 9.0.0.x, 9.1.1.x, and 9.2.0.x | Upgrade your version of OneFS | ||
9.3.0.x | Download and install December (or later) RUP | |||
9.1.0.x and 9.2.1.x | Download and install the latest RUP | |||
CVE-2021-23336 (Python) | 8.2.1.x, 9.0.0.x, 9.1.1.x, 9.2.0.x | Upgrade your version of OneFS | ||
9.3.0.x | Download and install December (or later) RUP | |||
8.2.x, 9.1.0.x, and 9.2.1.x | Download and install the latest RUP | |||
CVE-2021-36350 (PowerScale OneFS) | 8.2.1.x, 9.0.0.x, 9.1.1.x, and 9.2.0.x | Upgrade your version of OneFS | ||
9.3.0.x | Download and install December (or later) RUP | |||
8.2.2, 9.1.0.x, and 9.2.1.x | Download and install the latest RUP |
CVEs Addressed |
|
Updated Versions | Link to Update | |
CVE-2021-3712 (OpenSSL) | 8.2.x, 9.0.0.x, 9.1.1.x, and 9.2.0.x | Upgrade your version of OneFS | PowerScale OneFS Downloads Area |
|
9.3.0.x | Available from December (or later) RUP | |||
9.1.0.x, 9 and2.1.x | Download and install the latest RUP | |||
Multiple CVEs (Intel) | All supported OneFS versions | Download and install the latest NFP for your node types | ||
Multiple CVEs (cURL) | 8.2.x, 9.0.0.x, 9.1.1.x, and 9.2.0.x | Upgrade your version of OneFS | ||
9.3.0.x | Download and install December (or later) RUP | |||
9.1.0.x and 9.2.1.x | Download and install the latest RUP | |||
CVE-2021-23336 (Python) | 8.2.1.x, 9.0.0.x, 9.1.1.x, 9.2.0.x | Upgrade your version of OneFS | ||
9.3.0.x | Download and install December (or later) RUP | |||
8.2.x, 9.1.0.x, and 9.2.1.x | Download and install the latest RUP | |||
CVE-2021-36350 (PowerScale OneFS) | 8.2.1.x, 9.0.0.x, 9.1.1.x, and 9.2.0.x | Upgrade your version of OneFS | ||
9.3.0.x | Download and install December (or later) RUP | |||
8.2.2, 9.1.0.x, and 9.2.1.x | Download and install the latest RUP |
CVEs Addressed | Workarounds or Mitigations |
CVE-2021-3712 (OpenSSL) | Avoid granting the ISI_PRIV_AUTH_SSH RBAC role to non-administrators. |
Multiple CVEs (Intel) | None |
Multiple CVEs (cURL) | None |
CVE-2021-23336 (Python) | None |
CVE-2021-36350 (PowerScale OneFS) | Avoid configuring DUO for groups with spaces in their name, until you have patched your OneFS installation. |
Revision | Date | Description |
1.0 | 2021-12-06 | Initial Release |