CVE-2020-26197
20.04.2021, 17:15
Dell PowerScale OneFS 8.1.0 - 9.1.0 contains an LDAP Provider inability to connect over TLSv1.2 vulnerability. It may make it easier to eavesdrop and decrypt such traffic for a malicious actor. Note: This does not affect clusters which are not relying on an LDAP server for the authentication provider.Enginsight
| Vendor | Product | Version |
|---|---|---|
| dell | emc_powerscale_onefs | 8.1.0 |
| dell | emc_powerscale_onefs | 8.1.1 |
| dell | emc_powerscale_onefs | 8.1.2 |
| dell | emc_powerscale_onefs | 8.2.2 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-326 - Inadequate Encryption StrengthThe software stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.
- CWE-319 - Cleartext Transmission of Sensitive InformationThe software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.