CVE-2021-21562

MEDIUM

Dell Emc Powerscale Onefs - Untrusted Search Path

Title source: rule

Description

Dell EMC PowerScale OneFS contains an untrusted search path vulnerability. This vulnerability allows a user with (ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE) and (ISI_PRIV_SYS_UPGRADE or ISI_PRIV_AUDIT) to provide an untrusted path which can lead to run resources that are not under the application’s direct control.

References (1)

[Mitigation, Vendor Advisory] https://www.dell.com/support/kbdoc/000188148

Scores

CVSS v3 4.4

EPSS 0.0006

EPSS Percentile 17.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Details

CWE

CWE-426

Status published

Products (4)

dell/emc_powerscale_onefs 8.1.2

dell/emc_powerscale_onefs 8.1.3

dell/emc_powerscale_onefs 9.0.0.0

dell/emc_powerscale_onefs 9.1.0.0

Published Aug 03, 2021

Tracked Since Feb 18, 2026