Vulnerability Details : CVE-2022-45098
Dell PowerScale OneFS, 9.0.0.x-9.4.0.x, contain a cleartext storage of sensitive information vulnerability in S3 component. An authenticated local attacker could potentially exploit this vulnerability, leading to information disclosure.
Vulnerability category: Information leak
Products affected by CVE-2022-45098
- cpe:2.3:o:dell:emc_powerscale_onefs:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:emc_powerscale_onefs:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:emc_powerscale_onefs:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-45098
0.02%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 4 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-45098
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
1.8
|
3.6
|
NIST | |
|
6.1
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L |
1.3
|
4.7
|
Dell |
CWE ids for CVE-2022-45098
-
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.Assigned by: nvd@nist.gov (Primary)
-
The product writes sensitive information to a log file.Assigned by: security_alert@emc.com (Secondary)
References for CVE-2022-45098
Jump to