{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-25959", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "state": "PUBLISHED", "assignerShortName": "dell", "dateReserved": "2024-02-13T05:32:19.480Z", "datePublished": "2024-03-28T17:49:47.793Z", "dateUpdated": "2024-08-16T20:01:09.901Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "PowerScale OneFS", "vendor": "Dell", "versions": [{"lessThanOrEqual": "9.4.0.16", "status": "affected", "version": "9.4.0.0", "versionType": "semver"}, {"lessThanOrEqual": "9.5.0.7", "status": "affected", "version": "9.5.0.0", "versionType": "semver"}, {"lessThanOrEqual": "9.7.0.0", "status": "affected", "version": "9.6.1.0", "versionType": "semver"}, {"lessThanOrEqual": "9.7.0.1", "status": "affected", "version": "9.7.0.0", "versionType": "semver"}]}], "datePublic": "2024-03-28T06:30:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Dell PowerScale OneFS versions 9.4.0.x through 9.7.0.x contains an insertion of sensitive information into log file vulnerability. A low privileged local attacker could potentially exploit this vulnerability, leading to sensitive information disclosure, escalation of privileges."}], "value": "Dell PowerScale OneFS versions 9.4.0.x through 9.7.0.x contains an insertion of sensitive information into log file vulnerability. A low privileged local attacker could potentially exploit this vulnerability, leading to sensitive information disclosure, escalation of privileges."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 7.9, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-532", "description": "CWE-532: Insertion of Sensitive Information into Log File", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2024-03-28T17:52:03.526Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000223366/dsa-2024-115-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:52:06.441Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.dell.com/support/kbdoc/en-us/000223366/dsa-2024-115-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities"}]}, {"affected": [{"vendor": "dell", "product": "powerscale_onefs", "cpes": ["cpe:2.3:a:dell:powerscale_onefs:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "9.4.0.0", "status": "affected", "lessThanOrEqual": "9.4.0.16", "versionType": "semver"}, {"version": "9.5.0.0", "status": "affected", "lessThanOrEqual": "9.5.0.7", "versionType": "semver"}, {"version": "9.6.1.0", "status": "affected", "lessThanOrEqual": "9.7.0.0", "versionType": "semver"}, {"version": "9.7.0.0", "status": "affected", "lessThanOrEqual": "9.7.0.1", "versionType": "semver"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-04-09T15:12:12.827681Z", "id": "CVE-2024-25959", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-16T20:01:09.901Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000223366/dsa-2024-115-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:52:06.441Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-25959", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-04-09T15:12:12.827681Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:dell:powerscale_onefs:*:*:*:*:*:*:*:*"], "vendor": "dell", "product": "powerscale_onefs", "versions": [{"status": "affected", "version": "9.4.0.0", "versionType": "semver", "lessThanOrEqual": "9.4.0.16"}, {"status": "affected", "version": "9.5.0.0", "versionType": "semver", "lessThanOrEqual": "9.5.0.7"}, {"status": "affected", "version": "9.6.1.0", "versionType": "semver", "lessThanOrEqual": "9.7.0.0"}, {"status": "affected", "version": "9.7.0.0", "versionType": "semver", "lessThanOrEqual": "9.7.0.1"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-16T20:00:59.891Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.9, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Dell", "product": "PowerScale OneFS", "versions": [{"status": "affected", "version": "9.4.0.0", "versionType": "semver", "lessThanOrEqual": "9.4.0.16"}, {"status": "affected", "version": "9.5.0.0", "versionType": "semver", "lessThanOrEqual": "9.5.0.7"}, {"status": "affected", "version": "9.6.1.0", "versionType": "semver", "lessThanOrEqual": "9.7.0.0"}, {"status": "affected", "version": "9.7.0.0", "versionType": "semver", "lessThanOrEqual": "9.7.0.1"}], "defaultStatus": "unaffected"}], "datePublic": "2024-03-28T06:30:00.000Z", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000223366/dsa-2024-115-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Dell PowerScale OneFS versions 9.4.0.x through 9.7.0.x contains an insertion of sensitive information into log file vulnerability. A low privileged local attacker could potentially exploit this vulnerability, leading to sensitive information disclosure, escalation of privileges.", "supportingMedia": [{"type": "text/html", "value": "Dell PowerScale OneFS versions 9.4.0.x through 9.7.0.x contains an insertion of sensitive information into log file vulnerability. A low privileged local attacker could potentially exploit this vulnerability, leading to sensitive information disclosure, escalation of privileges.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-532", "description": "CWE-532: Insertion of Sensitive Information into Log File"}]}], "providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2024-03-28T17:52:03.526Z"}}}, "cveMetadata": {"cveId": "CVE-2024-25959", "state": "PUBLISHED", "dateUpdated": "2024-08-16T20:01:09.901Z", "dateReserved": "2024-02-13T05:32:19.480Z", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "datePublished": "2024-03-28T17:49:47.793Z", "assignerShortName": "dell"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dell:powerscale_onefs:*:*:*:*:*:*:*:*", "matchCriteriaId": "F9DD8B8B-4D2C-421B-8C16-304C380599EC", "versionEndExcluding": "9.4.0.17", "versionStartIncluding": "9.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:dell:powerscale_onefs:*:*:*:*:*:*:*:*", "matchCriteriaId": "48D79CD4-DCF3-4E0B-B864-3DDB95384D0E", "versionEndExcluding": "9.5.0.8", "versionStartIncluding": "9.5.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:dell:powerscale_onefs:*:*:*:*:*:*:*:*", "matchCriteriaId": "3E642222-C9E1-4DC4-A23A-3DE1C730BEFE", "versionEndExcluding": "9.7.0.2", "versionStartIncluding": "9.6.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Dell PowerScale OneFS versions 9.4.0.x through 9.7.0.x contains an insertion of sensitive information into log file vulnerability. A low privileged local attacker could potentially exploit this vulnerability, leading to sensitive information disclosure, escalation of privileges."}, {"lang": "es", "value": "Dell PowerScale OneFS versiones 9.4.0.x a 9.7.0.x contiene una inserci\u00f3n de informaci\u00f3n confidencial en la vulnerabilidad del archivo de registro. Un atacante local con pocos privilegios podr\u00eda explotar esta vulnerabilidad, lo que provocar\u00eda la divulgaci\u00f3n de informaci\u00f3n confidencial y una escalada de privilegios."}], "id": "CVE-2024-25959", "lastModified": "2025-01-09T16:45:52.213", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 7.9, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.0, "impactScore": 5.3, "source": "security_alert@emc.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-03-28T18:15:07.767", "references": [{"source": "security_alert@emc.com", "tags": ["Vendor Advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000223366/dsa-2024-115-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000223366/dsa-2024-115-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-532"}], "source": "security_alert@emc.com", "type": "Secondary"}]}

{}