Description
Dell PowerScale OneFS versions 9.5.0.0 through 9.5.1.6, 9.6.0.0 through 9.7.1.13, 9.8.0.0 through 9.10.1.5 and 9.11.0.0 through 9.12.0.1 contains an Insufficient Logging vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering.
Published: 2026-05-08
Score: 3.3 Low
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Dell PowerScale OneFS includes an insufficient logging flaw that allows a local attacker with low privileges to tamper with audit logs, leading to information tampering. This vulnerability is classified under CWE-778, which covers insufficient logging mechanisms.

Affected Systems

Affected systems are Dell PowerScale OneFS across versions 9.5.0.0–9.5.1.6, 9.6.0.0–9.7.1.13, 9.8.0.0–9.10.1.5, and 9.11.0.0–9.12.0.1. Users running any of these build ranges should verify their deployments.

Risk and Exploitability

The CVSS score of 3.3 indicates low severity, and the EPSS score is not available. The vulnerability is not listed in CISA's KEV catalog. Local access with low privileges is required, meaning that exploitation is limited to machines accessible by the attacker. Though the impact is confined to information tampering, an attacker could hide malicious activity or mislead forensic investigations by altering logs, so the risk is mainly to audit integrity rather than system compromise.

Generated by OpenCVE AI on May 8, 2026 at 18:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Dell DSA-2026-172 security update for PowerScale OneFS to remediate the insufficient logging flaw.
  • Restrict local user privileges and enforce least‑privilege policies to reduce the likelihood that a low‑privileged user can modify logs.
  • Implement or enable log integrity checks and periodically review audit logs for anomalies to detect any tampering attempts.

Generated by OpenCVE AI on May 8, 2026 at 18:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 08 May 2026 20:00:00 +0000

Type Values Removed Values Added
First Time appeared Dell
Dell powerscale Onefs
CPEs cpe:2.3:o:dell:powerscale_onefs:*:*:*:*:*:*:*:*
Vendors & Products Dell
Dell powerscale Onefs

Fri, 08 May 2026 18:45:00 +0000

Type Values Removed Values Added
Title Insufficient Logging in Dell PowerScale OneFS Leading to Information Tampering

Fri, 08 May 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 08 May 2026 14:00:00 +0000

Type Values Removed Values Added
Description Dell PowerScale OneFS versions 9.5.0.0 through 9.5.1.6, 9.6.0.0 through 9.7.1.13, 9.8.0.0 through 9.10.1.5 and 9.11.0.0 through 9.12.0.1 contains an Insufficient Logging vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering.
Weaknesses CWE-778
References
Metrics cvssV3_1

{'score': 3.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

Subscriptions

Dell Powerscale Onefs
cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-05-08T14:45:06.182Z

Reserved: 2026-03-16T17:04:36.794Z

Link: CVE-2026-32803

cve-icon Vulnrichment

Updated: 2026-05-08T14:44:46.078Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-08T14:16:31.787

Modified: 2026-05-08T19:48:35.453

Link: CVE-2026-32803

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-08T21:15:05Z

Weaknesses