Search
Find a vulnerability
Search criteria
5 vulnerabilities found for Container Storage Modules by Dell
CVE-2026-40711 (GCVE-0-2026-40711)
Vulnerability from cvelistv5 – Published: 2026-06-26 12:31 – Updated: 2026-06-26 12:47
VLAI
Summary
Dell Dell Container Storage Modules, version(s) csi-powerstore v2.16.0, csi-unity v2.16.0, csi-powerflex v2.16.0, csi-powermax v2.16.0, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-za/00047830… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Dell | Container Storage Modules |
Affected:
0 , < 2.15.2 or later
(semver)
Affected: 0 , < 2.17.0 or later (semver) |
Date Public
2026-06-18 06:30
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-40711",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-26T12:47:21.617512Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-26T12:47:26.963Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Container Storage Modules",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.15.2 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "2.17.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2026-06-18T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dell Dell Container Storage Modules, version(s) csi-powerstore v2.16.0, csi-unity v2.16.0, csi-powerflex v2.16.0, csi-powermax v2.16.0, contain(s) an Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution."
}
],
"value": "Dell Dell Container Storage Modules, version(s) csi-powerstore v2.16.0, csi-unity v2.16.0, csi-powerflex v2.16.0, csi-powermax v2.16.0, contain(s) an Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-26T12:31:00.184Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-za/000478300/dsa-2026-259-security-update-for-dell-container-storage-modules-multiple-vulnerabilities?msockid=2e06327ba9266050201f2467a8f461dd"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2026-40711",
"datePublished": "2026-06-26T12:31:00.184Z",
"dateReserved": "2026-04-15T05:04:31.837Z",
"dateUpdated": "2026-06-26T12:47:26.963Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
VAR-202210-0919
Vulnerability from variot - Updated: 2024-08-14 15:32Dell Container Storage Modules 1.2 contains an OS Command Injection in goiscsi and gobrick libraries. A remote unauthenticated attacker could exploit this vulnerability leading to modification of intended OS command execution. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202210-0919",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "container storage modules",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "2.0.0"
},
{
"model": "container storage modules",
"scope": "gte",
"trust": 1.0,
"vendor": "dell",
"version": "1.3.0"
},
{
"model": "container storage modules",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "container storage modules",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "container storage modules",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": "1.3.0 that\u0027s all 2.0.0"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-018858"
},
{
"db": "NVD",
"id": "CVE-2022-34427"
}
]
},
"cve": "CVE-2022-34427",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2022-34427",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-34427",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-34427",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2022-34427",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-34427",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202210-529",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-018858"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-529"
},
{
"db": "NVD",
"id": "CVE-2022-34427"
},
{
"db": "NVD",
"id": "CVE-2022-34427"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell Container Storage Modules 1.2 contains an OS Command Injection in goiscsi and gobrick libraries. A remote unauthenticated attacker could exploit this vulnerability leading to modification of intended OS command execution. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-34427"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018858"
},
{
"db": "VULHUB",
"id": "VHN-426743"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-34427",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018858",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202210-529",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-426743",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426743"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018858"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-529"
},
{
"db": "NVD",
"id": "CVE-2022-34427"
}
]
},
"id": "VAR-202210-0919",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-426743"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T15:32:30.496000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Dell Container Storage Modules Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=210603"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-529"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.1
},
{
"problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426743"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018858"
},
{
"db": "NVD",
"id": "CVE-2022-34427"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.dell.com/support/kbdoc/en-vc/000203352/dsa-2022-259-dell-container-storage-modules-security-update-for-multiple-vulnerabilities"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-34427"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-34427/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426743"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018858"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-529"
},
{
"db": "NVD",
"id": "CVE-2022-34427"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-426743"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018858"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-529"
},
{
"db": "NVD",
"id": "CVE-2022-34427"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-11T00:00:00",
"db": "VULHUB",
"id": "VHN-426743"
},
{
"date": "2023-10-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-018858"
},
{
"date": "2022-10-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-529"
},
{
"date": "2022-10-11T17:15:11.060000",
"db": "NVD",
"id": "CVE-2022-34427"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-13T00:00:00",
"db": "VULHUB",
"id": "VHN-426743"
},
{
"date": "2023-10-23T08:13:00",
"db": "JVNDB",
"id": "JVNDB-2022-018858"
},
{
"date": "2022-10-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-529"
},
{
"date": "2022-10-13T16:16:37.087000",
"db": "NVD",
"id": "CVE-2022-34427"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-529"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell\u0027s \u00a0container\u00a0storage\u00a0modules\u00a0 In \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-018858"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-529"
}
],
"trust": 0.6
}
}
VAR-202208-2199
Vulnerability from variot - Updated: 2024-08-14 14:49Dell Container Storage Modules 1.2 contains a path traversal vulnerability in goiscsi and gobrick libraries. A remote authenticated malicious user with low privileges could exploit this vulnerability leading to unintentional access to path outside of restricted directory
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202208-2199",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "container storage modules",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.3.0"
},
{
"model": "container storage modules",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "container storage modules",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": "1.3.0"
},
{
"model": "container storage modules",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-016138"
},
{
"db": "NVD",
"id": "CVE-2022-34375"
}
]
},
"cve": "CVE-2022-34375",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2022-34375",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "security_alert@emc.com",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2022-34375",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-34375",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-34375",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2022-34375",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-34375",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202208-4464",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-016138"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-4464"
},
{
"db": "NVD",
"id": "CVE-2022-34375"
},
{
"db": "NVD",
"id": "CVE-2022-34375"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell Container Storage Modules 1.2 contains a path traversal vulnerability in goiscsi and gobrick libraries. A remote authenticated malicious user with low privileges could exploit this vulnerability leading to unintentional access to path outside of restricted directory",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-34375"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-016138"
},
{
"db": "VULHUB",
"id": "VHN-426691"
},
{
"db": "VULMON",
"id": "CVE-2022-34375"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-34375",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2022-016138",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202208-4464",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-426691",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-34375",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426691"
},
{
"db": "VULMON",
"id": "CVE-2022-34375"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-016138"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-4464"
},
{
"db": "NVD",
"id": "CVE-2022-34375"
}
]
},
"id": "VAR-202208-2199",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-426691"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T14:49:39.172000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Dell Container Storage Modules Repair measures for path traversal vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=206808"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-4464"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.1
},
{
"problemtype": "Path traversal (CWE-22) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426691"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-016138"
},
{
"db": "NVD",
"id": "CVE-2022-34375"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://www.dell.com/support/kbdoc/en-us/000201835/dsa-2022-202-dell-container-storage-modules-security-update-for-multiple-vulnerabilities"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-34375"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-34375/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426691"
},
{
"db": "VULMON",
"id": "CVE-2022-34375"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-016138"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-4464"
},
{
"db": "NVD",
"id": "CVE-2022-34375"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-426691"
},
{
"db": "VULMON",
"id": "CVE-2022-34375"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-016138"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-4464"
},
{
"db": "NVD",
"id": "CVE-2022-34375"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-30T00:00:00",
"db": "VULHUB",
"id": "VHN-426691"
},
{
"date": "2022-08-30T00:00:00",
"db": "VULMON",
"id": "CVE-2022-34375"
},
{
"date": "2023-10-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-016138"
},
{
"date": "2022-08-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-4464"
},
{
"date": "2022-08-30T21:15:08.940000",
"db": "NVD",
"id": "CVE-2022-34375"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-07T00:00:00",
"db": "VULHUB",
"id": "VHN-426691"
},
{
"date": "2022-08-30T00:00:00",
"db": "VULMON",
"id": "CVE-2022-34375"
},
{
"date": "2023-10-02T08:10:00",
"db": "JVNDB",
"id": "JVNDB-2022-016138"
},
{
"date": "2022-09-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-4464"
},
{
"date": "2022-09-07T01:17:48.880000",
"db": "NVD",
"id": "CVE-2022-34375"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-4464"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell\u0027s \u00a0container\u00a0storage\u00a0modules\u00a0 Past traversal vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-016138"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-4464"
}
],
"trust": 0.6
}
}
VAR-202210-0666
Vulnerability from variot - Updated: 2024-08-14 14:49Dell Container Storage Modules 1.2 contains an Improper Limitation of a Pathname to a Restricted Directory in goiscsi and gobrick libraries which could lead to OS command injection. A remote unauthenticated attacker could exploit this vulnerability leading to unintentional access to path outside of restricted directory. Dell's container storage modules Exists in a past traversal vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202210-0666",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "container storage modules",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "2.0.0"
},
{
"model": "container storage modules",
"scope": "gte",
"trust": 1.0,
"vendor": "dell",
"version": "1.3.0"
},
{
"model": "container storage modules",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "container storage modules",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": "1.3.0 that\u0027s all 2.0.0"
},
{
"model": "container storage modules",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-018705"
},
{
"db": "NVD",
"id": "CVE-2022-34426"
}
]
},
"cve": "CVE-2022-34426",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2022-34426",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-34426",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-34426",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2022-34426",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-34426",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202210-536",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-018705"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-536"
},
{
"db": "NVD",
"id": "CVE-2022-34426"
},
{
"db": "NVD",
"id": "CVE-2022-34426"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell Container Storage Modules 1.2 contains an Improper Limitation of a Pathname to a Restricted Directory in goiscsi and gobrick libraries which could lead to OS command injection. A remote unauthenticated attacker could exploit this vulnerability leading to unintentional access to path outside of restricted directory. Dell\u0027s container storage modules Exists in a past traversal vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-34426"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018705"
},
{
"db": "VULHUB",
"id": "VHN-426742"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-34426",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018705",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202210-536",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-426742",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426742"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018705"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-536"
},
{
"db": "NVD",
"id": "CVE-2022-34426"
}
]
},
"id": "VAR-202210-0666",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-426742"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T14:49:32.622000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Dell Container Storage Modules Repair measures for path traversal vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=210807"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-536"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.1
},
{
"problemtype": "Path traversal (CWE-22) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426742"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018705"
},
{
"db": "NVD",
"id": "CVE-2022-34426"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.dell.com/support/kbdoc/en-vc/000203352/dsa-2022-259-dell-container-storage-modules-security-update-for-multiple-vulnerabilities"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-34426"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-34426/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426742"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018705"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-536"
},
{
"db": "NVD",
"id": "CVE-2022-34426"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-426742"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018705"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-536"
},
{
"db": "NVD",
"id": "CVE-2022-34426"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-11T00:00:00",
"db": "VULHUB",
"id": "VHN-426742"
},
{
"date": "2023-10-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-018705"
},
{
"date": "2022-10-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-536"
},
{
"date": "2022-10-11T17:15:10.977000",
"db": "NVD",
"id": "CVE-2022-34426"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-14T00:00:00",
"db": "VULHUB",
"id": "VHN-426742"
},
{
"date": "2023-10-23T02:28:00",
"db": "JVNDB",
"id": "JVNDB-2022-018705"
},
{
"date": "2022-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-536"
},
{
"date": "2022-10-14T14:00:49.937000",
"db": "NVD",
"id": "CVE-2022-34426"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-536"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell\u0027s \u00a0container\u00a0storage\u00a0modules\u00a0 Past traversal vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-018705"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-536"
}
],
"trust": 0.6
}
}
VAR-202208-2167
Vulnerability from variot - Updated: 2024-08-14 14:02Dell Container Storage Modules 1.2 contains an OS command injection in goiscsi and gobrick libraries. A remote authenticated malicious user with low privileges could exploit this vulnerability leading to to execute arbitrary OS commands on the affected system. (DoS) It may be in a state. Designed to provide additional functionality beyond what is available with container storage. The vulnerability stems from the inclusion of operating system command injection in the goiscsi and gobrick libraries
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202208-2167",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "container storage modules",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.3.0"
},
{
"model": "container storage modules",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "container storage modules",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": "1.3.0"
},
{
"model": "container storage modules",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-015985"
},
{
"db": "NVD",
"id": "CVE-2022-34374"
}
]
},
"cve": "CVE-2022-34374",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2022-34374",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-34374",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-34374",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2022-34374",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-34374",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202208-4463",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-015985"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-4463"
},
{
"db": "NVD",
"id": "CVE-2022-34374"
},
{
"db": "NVD",
"id": "CVE-2022-34374"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell Container Storage Modules 1.2 contains an OS command injection in goiscsi and gobrick libraries. A remote authenticated malicious user with low privileges could exploit this vulnerability leading to to execute arbitrary OS commands on the affected system. (DoS) It may be in a state. Designed to provide additional functionality beyond what is available with container storage. The vulnerability stems from the inclusion of operating system command injection in the goiscsi and gobrick libraries",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-34374"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015985"
},
{
"db": "VULHUB",
"id": "VHN-426690"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-34374",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015985",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202208-4463",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-426690",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426690"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015985"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-4463"
},
{
"db": "NVD",
"id": "CVE-2022-34374"
}
]
},
"id": "VAR-202208-2167",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-426690"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T14:02:23.919000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Dell Container Storage Modules Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=206520"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-4463"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.1
},
{
"problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426690"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015985"
},
{
"db": "NVD",
"id": "CVE-2022-34374"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.dell.com/support/kbdoc/en-us/000201835/dsa-2022-202-dell-container-storage-modules-security-update-for-multiple-vulnerabilities"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-34374"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-34374/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426690"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015985"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-4463"
},
{
"db": "NVD",
"id": "CVE-2022-34374"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-426690"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015985"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-4463"
},
{
"db": "NVD",
"id": "CVE-2022-34374"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-30T00:00:00",
"db": "VULHUB",
"id": "VHN-426690"
},
{
"date": "2023-09-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-015985"
},
{
"date": "2022-08-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-4463"
},
{
"date": "2022-08-30T21:15:08.867000",
"db": "NVD",
"id": "CVE-2022-34374"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-02T00:00:00",
"db": "VULHUB",
"id": "VHN-426690"
},
{
"date": "2023-09-29T08:07:00",
"db": "JVNDB",
"id": "JVNDB-2022-015985"
},
{
"date": "2022-09-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-4463"
},
{
"date": "2022-09-02T19:48:48.493000",
"db": "NVD",
"id": "CVE-2022-34374"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-4463"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell\u0027s \u00a0container\u00a0storage\u00a0modules\u00a0 In \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-015985"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-4463"
}
],
"trust": 0.6
}
}