Article Number: 000201907
DSA-2022-195: Dell AppSync Security Update for Multiple Vulnerabilities in Embedded Service Enabler Component of AppSync
Summary: Dell AppSync remediation is available for multiple security vulnerabilities in Embedded Service Enabler (ESE) that may be exploited by malicious users to compromise the affected system. ...
Article Content
Impact
High
Details
| Third-party Component |
CVEs | More information |
| curl-7.66.0-4.14 and libexpat1-2.2.5 | CVE-2021-22946 | See NVD (http://nvd.nist.gov/  ) for individual scores for each CVE. |
| CVE-2022-25315 | ||
| OpenSSL 1.0.2za | CVE-2022-0778 |
| Third-party Component |
CVEs | More information |
| curl-7.66.0-4.14 and libexpat1-2.2.5 | CVE-2021-22946 | See NVD (http://nvd.nist.gov/ ) for individual scores for each CVE. |
| CVE-2022-25315 | ||
| OpenSSL 1.0.2za | CVE-2022-0778 |
Affected Products and Remediation
| Product | Affected Versions | Updated Version | Link to Update | |
| Dell AppSync | Versions 4.4.0.0 and 4.4.1.0 | 4.4.1.0_3996_R1 | https://dl.dell.com/downloads/DLD2951_AppSync-patch-4.4.1.0_3996_R1-Software-(HotFix).zip | |
NOTE:
- For AppSync 4.4.0.0, users must upgrade to AppSync 4.4.1.0 and then install above hotfix.
- For AppSync 4.4.1.0, users can directly install this hotfix to fix ESE vulnerability.
| Product | Affected Versions | Updated Version | Link to Update | |
| Dell AppSync | Versions 4.4.0.0 and 4.4.1.0 | 4.4.1.0_3996_R1 | https://dl.dell.com/downloads/DLD2951_AppSync-patch-4.4.1.0_3996_R1-Software-(HotFix).zip | |
NOTE:
- For AppSync 4.4.0.0, users must upgrade to AppSync 4.4.1.0 and then install above hotfix.
- For AppSync 4.4.1.0, users can directly install this hotfix to fix ESE vulnerability.
Revision History
| Revision | Date | Description |
| 1.0 | 2022-07-27 | Initial Release |
Related Information
Legal Information
Article Properties
Affected Product
AppSync
Last Published Date
12 Jun 2023
Version
2
Article Type
Dell Security Advisory