VAR-202206-0171
Vulnerability from variot - Updated: 2023-12-18 13:32PowerStore SW v2.1.1.0 supports the option to export data to either a CSV or an XLSX file. The data is taken as is, without any validation or sanitization. It allows a malicious, authenticated user to inject payloads that might get interpreted as formulas by the corresponding spreadsheet application that is being used to open the CSV/XLSX file. Dell's powerstoreos for, CSV A vulnerability exists regarding the neutralization of formula elements in files.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Dell PowerStore all-flash data storage appliances use a data-centric, highly adaptable intelligent infrastructure to deliver AppsON capabilities to transform traditional and modern workloads.
A formula injection vulnerability exists in Dell PowerStore that could be exploited by attackers to inject payloads
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-0171",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "powerstoreos",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "2.1.1.0"
},
{
"model": "powerstoreos",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "powerstoreos",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "powerstoreos",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": "2.1.1.0"
},
{
"model": "powerstore",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "2.1.1.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-83206"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010905"
},
{
"db": "NVD",
"id": "CVE-2022-26867"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dell:powerstoreos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.1.1.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dell:powerstore_x:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:dell:powerstore_t:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-26867"
}
]
},
"cve": "CVE-2022-26867",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2022-26867",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "CNVD-2022-83206",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "security_alert@emc.com",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.7,
"impactScore": 3.7,
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.0,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-26867",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-26867",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2022-26867",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2022-83206",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-414",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2022-26867",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-83206"
},
{
"db": "VULMON",
"id": "CVE-2022-26867"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010905"
},
{
"db": "NVD",
"id": "CVE-2022-26867"
},
{
"db": "NVD",
"id": "CVE-2022-26867"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-414"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "PowerStore SW v2.1.1.0 supports the option to export data to either a CSV or an XLSX file. The data is taken as is, without any validation or sanitization. It allows a malicious, authenticated user to inject payloads that might get interpreted as formulas by the corresponding spreadsheet application that is being used to open the CSV/XLSX file. Dell\u0027s powerstoreos for, CSV A vulnerability exists regarding the neutralization of formula elements in files.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Dell PowerStore all-flash data storage appliances use a data-centric, highly adaptable intelligent infrastructure to deliver AppsON capabilities to transform traditional and modern workloads. \n\r\n\r\nA formula injection vulnerability exists in Dell PowerStore that could be exploited by attackers to inject payloads",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-26867"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010905"
},
{
"db": "CNVD",
"id": "CNVD-2022-83206"
},
{
"db": "VULMON",
"id": "CVE-2022-26867"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-26867",
"trust": 3.9
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010905",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-83206",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202206-414",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-26867",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-83206"
},
{
"db": "VULMON",
"id": "CVE-2022-26867"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010905"
},
{
"db": "NVD",
"id": "CVE-2022-26867"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-414"
}
]
},
"id": "VAR-202206-0171",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-83206"
}
],
"trust": 1.37272725
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-83206"
}
]
},
"last_update_date": "2023-12-18T13:32:08.060000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Dell PowerStore Formula Injection Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/362281"
},
{
"title": "Dell EMC PowerStore Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=195968"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-83206"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-414"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-1236",
"trust": 1.0
},
{
"problemtype": "CSV Improper neutralization of math elements in the file (CWE-1236) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-010905"
},
{
"db": "NVD",
"id": "CVE-2022-26867"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://www.dell.com/support/kbdoc/000196367"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26867"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-26867/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/1236.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-83206"
},
{
"db": "VULMON",
"id": "CVE-2022-26867"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010905"
},
{
"db": "NVD",
"id": "CVE-2022-26867"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-414"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-83206"
},
{
"db": "VULMON",
"id": "CVE-2022-26867"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010905"
},
{
"db": "NVD",
"id": "CVE-2022-26867"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-414"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-83206"
},
{
"date": "2022-06-02T00:00:00",
"db": "VULMON",
"id": "CVE-2022-26867"
},
{
"date": "2023-08-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-010905"
},
{
"date": "2022-06-02T21:15:07.667000",
"db": "NVD",
"id": "CVE-2022-26867"
},
{
"date": "2022-06-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-414"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-83206"
},
{
"date": "2022-06-13T00:00:00",
"db": "VULMON",
"id": "CVE-2022-26867"
},
{
"date": "2023-08-17T08:35:00",
"db": "JVNDB",
"id": "JVNDB-2022-010905"
},
{
"date": "2022-06-13T16:41:58.033000",
"db": "NVD",
"id": "CVE-2022-26867"
},
{
"date": "2022-06-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-414"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-414"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell\u0027s \u00a0powerstoreos\u00a0 In \u00a0CSV\u00a0 Vulnerability in neutralizing math elements in files",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-010905"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-414"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…