Critical
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-31229 | Dell PowerScale OneFS, versions 8.2.x through 9.3.0.x, contain an error message with sensitive information vulnerability. An administrator may potentially exploit this vulnerability, leading to disclosure of sensitive information. This sensitive information can be used to access sensitive resources. | 9.6 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N |
| CVE-2022-31230 | Dell PowerScale OneFS, versions 8.2.x through 9.3.0.x, contain a broken or risky cryptographic algorithm vulnerability. A remote unprivileged malicious attacker may potentially exploit this vulnerability, leading to full system access. | 8.1 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Third-party Component | CVEs | More information |
| Libexpat | CVE-2013-0340 CVE-2018-20843 CVE-2019-15903 CVE-2021-45960 CVE-2021-46143 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 CVE-2022-23852 CVE-2022-23990 CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 |
See NVD for individual scores. |
| OpenSSL | CVE-2022-0778 | See NVD for individual score. |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-31229 | Dell PowerScale OneFS, versions 8.2.x through 9.3.0.x, contain an error message with sensitive information vulnerability. An administrator may potentially exploit this vulnerability, leading to disclosure of sensitive information. This sensitive information can be used to access sensitive resources. | 9.6 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N |
| CVE-2022-31230 | Dell PowerScale OneFS, versions 8.2.x through 9.3.0.x, contain a broken or risky cryptographic algorithm vulnerability. A remote unprivileged malicious attacker may potentially exploit this vulnerability, leading to full system access. | 8.1 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Third-party Component | CVEs | More information |
| Libexpat | CVE-2013-0340 CVE-2018-20843 CVE-2019-15903 CVE-2021-45960 CVE-2021-46143 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 CVE-2022-23852 CVE-2022-23990 CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 |
See NVD for individual scores. |
| OpenSSL | CVE-2022-0778 | See NVD for individual score. |
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2013-0340 CVE-2018-20843 CVE-2019-15903 CVE-2021-45960 CVE-2021-46143 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 CVE-2022-23852 CVE-2022-23990 CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 |
libexpat | 9.1.0.x, 9.2.1.x, and 9.4.0.x | Download and install the latest RUP. | PowerScale OneFS Downloads Area |
| 9.3.0.x | RUP expected in July. If a fix is needed sooner, upgrade your version of OneFS. | |||
| 9.0.0, 9.1.1.x, and 9.2.0.x | Upgrade your version of OneFS. | |||
| CVE-2022-0778 | OpenSSL | 9.1.0.x, 9.2.1.x, and 9.4.0.x | Download and install the latest RUP. | |
| 9.3.0.x | RUP expected in July. If a fix is needed sooner, upgrade your version of OneFS. | |||
| 9.0.0, 9.1.1.x, and 9.2.0.x | Upgrade your version of OneFS. | |||
| CVE-2022-31230 | OneFS | 9.1.0.x and 9.2.1.x | Download and install the latest RUP. | |
| 9.3.0.x | RUP expected in October. If a fix is needed sooner, upgrade your version of OneFS. | |||
| 9.0.0, 9.1.1.x, and 9.2.0.x | Upgrade your version of OneFS. | |||
| CVE-2022-31229 | OneFS | 9.1.0.x and 9.2.1.x | Download and install the latest RUP and follow the additional steps in "Workarounds and Mitigations". | |
| 9.3.0.x | RUP expected in July. If a fix is needed sooner, upgrade your version of OneFS. | |||
| 9.0.0, 9.1.1.x, and 9.2.0.x | Upgrade your version of OneFS and follow the additional steps in "Workarounds and Mitigations". |
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2013-0340 CVE-2018-20843 CVE-2019-15903 CVE-2021-45960 CVE-2021-46143 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 CVE-2022-23852 CVE-2022-23990 CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 |
libexpat | 9.1.0.x, 9.2.1.x, and 9.4.0.x | Download and install the latest RUP. | PowerScale OneFS Downloads Area |
| 9.3.0.x | RUP expected in July. If a fix is needed sooner, upgrade your version of OneFS. | |||
| 9.0.0, 9.1.1.x, and 9.2.0.x | Upgrade your version of OneFS. | |||
| CVE-2022-0778 | OpenSSL | 9.1.0.x, 9.2.1.x, and 9.4.0.x | Download and install the latest RUP. | |
| 9.3.0.x | RUP expected in July. If a fix is needed sooner, upgrade your version of OneFS. | |||
| 9.0.0, 9.1.1.x, and 9.2.0.x | Upgrade your version of OneFS. | |||
| CVE-2022-31230 | OneFS | 9.1.0.x and 9.2.1.x | Download and install the latest RUP. | |
| 9.3.0.x | RUP expected in October. If a fix is needed sooner, upgrade your version of OneFS. | |||
| 9.0.0, 9.1.1.x, and 9.2.0.x | Upgrade your version of OneFS. | |||
| CVE-2022-31229 | OneFS | 9.1.0.x and 9.2.1.x | Download and install the latest RUP and follow the additional steps in "Workarounds and Mitigations". | |
| 9.3.0.x | RUP expected in July. If a fix is needed sooner, upgrade your version of OneFS. | |||
| 9.0.0, 9.1.1.x, and 9.2.0.x | Upgrade your version of OneFS and follow the additional steps in "Workarounds and Mitigations". |
| CVE addressed | Workaround and Mitigation |
| CVE-2022-31229 | In addition to upgrading your version of OneFS or downloading and installing the latest RUP, Dell recommends changing your Dell account password. If the password for your Dell account was used as a password elsewhere, Dell recommends changing these passwords and does not recommend using the same password on multiple accounts or programs. If your Dell account is used by other clients or accounts, they must be updated with the new password. |
| Revision | Date | Description |
| 1.1 | 2022-06-16 | Initial release |