CVE-2022-22563
CVE-2022-22563 is a medium-severity vulnerability in Dell Emc Powerscale Onefs with a CVSS 3.x base score of 4.4. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-223.
Key facts
- Severity: Medium (CVSS 3.x base score 4.4)
- CVSS v2: 2.1
- EPSS exploit prediction: 0% (11th percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-223
- Affected product: Dell Emc Powerscale Onefs
- Published:
- Last modified:
Description
Dell EMC Powerscale OneFS 8.2.x - 9.2.x omit security-relevant information in /etc/master.passwd. A high-privileged user can exploit this vulnerability to not record information identifying the source of account information changes.
Frequently asked questions
- What is CVE-2022-22563?
- Dell EMC Powerscale OneFS 8.2.x - 9.2.x omit security-relevant information in /etc/master.passwd. A high-privileged user can exploit this vulnerability to not record information identifying the source of account information changes.
- How severe is CVE-2022-22563?
- CVE-2022-22563 has a CVSS 3.x base score of 4.4, rated medium severity. It is exploitable over local access with low attack complexity, requires high privileges and no user interaction. Impact on confidentiality is none, integrity high, and availability none.
- Is CVE-2022-22563 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (11th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2022-22563?
- CVE-2022-22563 affects Dell Emc Powerscale Onefs. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2022-22563?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2022-22563 published?
- CVE-2022-22563 was published on 2022-04-08 and last updated on 2026-06-17.
References
- https://www.dell.com/support/kbdoc/000196657
- https://www.dell.com/support/kbdoc/en-an/000197991/dell-emc-powerscale-onefs-security-update-for-multiple-component-vulnerabilities
Affected products (1)
- cpe:2.3:o:dell:emc_powerscale_onefs:*:*:*:*:*:*:*:*
More vulnerabilities in Dell Emc Powerscale Onefs
- CVE-2021-21502 — Critical (CVSS 9.8): Dell PowerScale OneFS versions 8.1.0 – 9.1.0 contain a "use of SSH key past account expiration" vulnerability. A user…
- CVE-2022-26851 — Critical (CVSS 9.1): Dell PowerScale OneFS, 8.2.2-9.3.x, contains a predictable file name from observable state vulnerability. An…
- CVE-2020-5353 — High (CVSS 8.8): The Dell Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale OneFS version 9.0.0 default configuration for…
- CVE-2021-21506 — High (CVSS 8.8): PowerScale OneFS 8.1.2,8.2.2 and 9.1.0 contains an improper input sanitization issue in its API handler. An…
- CVE-2020-5369 — High (CVSS 8.8): Dell EMC Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale OneFS version 9.0.0 contain a privilege…
- CVE-2023-22575 — High (CVSS 8.7): Dell PowerScale OneFS 9.0.0.x - 9.4.0.x contain an insertion of sensitive information into log file vulnerability in…
All CVEs affecting Dell Emc Powerscale Onefs →
Other CWE-223 vulnerabilities
- CVE-2023-31191 — Critical (CVSS 9.3): DroneScout ds230 Remote ID receiver from BlueMark Innovations is affected by an information loss vulnerability through…
- CVE-2026-31890 — Medium (CVSS 5.5): Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and…
- CVE-2023-29156 — Medium (CVSS 4.7): DroneScout ds230 Remote ID receiver from BlueMark Innovations is affected by an information loss vulnerability…
- CVE-2024-52813 — Medium (CVSS 4.3): matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. Versions of the matrix-sdk-crypto Rust…
- CVE-2023-28360 — Medium (CVSS 4.3): An omission of security-relevant information vulnerability exists in Brave desktop prior to version 1.48.171 when a…
- CVE-2025-52926 — Low (CVSS 2.7): In scan.rs in spytrap-adb before 0.3.5, matches for known stalkerware are not rendered in the interactive user…