CVE Vulnerabilities

CVE-2021-21594

Use of GET Request Method With Sensitive Query Strings

Published: Aug 16, 2021 | Modified: Aug 25, 2021
CVSS 3.x
5.3
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

Dell PowerScale OneFS versions 8.2.2 - 9.1.0.x contain a use of get request method with sensitive query strings vulnerability. It can lead to potential disclosure of sensitive data. Dell recommends upgrading at your earliest opportunity.

Weakness

The web application uses the HTTP GET method to process a request and includes sensitive information in the query string of that request.

Affected Software

Name Vendor Start Version End Version
Emc_powerscale_onefs Dell 8.2.2 8.2.2
Emc_powerscale_onefs Dell 9.0.0.0 9.1.0

Potential Mitigations

References