Artikelnummer: 000212820

DSA-2023-150: Dell CloudLink Security Update for multiple third-party component vulnerabilities

Samenvatting: Dell CloudLink remediation is available for multiple third-party component vulnerabilities that could be exploited by malicious users to compromise the affected system.

Article content

Impact

Critical

Gegevens

Third-party Component	CVEs	More Information
Spring Security 4.2.3	CVE-2021-22112, CVE-2020-5408	See NVD link below for individual scores for each CVE. https://nvd.nist.gov/
spring-security-oauth 2.0.3	CVE-2018-1260, CVE-2016-4977, CVE-2018-15758, CVE-2019-3778	See NVD link below for individual scores for each CVE. https://nvd.nist.gov/
Jetty: Java based HTTP/1.x, HTTP/2, Servlet, WebSocket Server 9.2.10.v20150310	CVE-2017-7657, CVE-2017-9735, CVE-2017-7656, CVE-2019-10241, CVE-2020-27216	See NVD link below for individual scores for each CVE. https://nvd.nist.gov/
Hibernate ORM 4.3.11	CVE-2020-25638, CVE-2019-14900	See NVD link below for individual scores for each CVE. https://nvd.nist.gov/
Apache MINA Core API 2.0.16	CVE-2021-41973	See NVD link below for individual scores for each CVE. https://nvd.nist.gov/
Apache HttpClient 4.4	CVE-2020-13956	See NVD link below for individual scores for each CVE. https://nvd.nist.gov/
Netty Project 4.1.65	CVE-2021-43797	See NVD link below for individual scores for each CVE. https://nvd.nist.gov/
dom4j: flexible XML framework for Java 1.6.1	CVE-2020-10683, CVE-2018-1000632	See NVD link below for individual scores for each CVE. https://nvd.nist.gov/
jackson-databind 2.6.7	CVE-2017-17485	See NVD link below for individual scores for each CVE. https://nvd.nist.gov/
Jackson dataformats 2.6.7	CVE-2020-28491	See NVD link below for individual scores for each CVE. https://nvd.nist.gov/
Bouncy Castle 1.58	CVE-2018-1000613, CVE-2018-1000180, CVE-2017-13098	See NVD link below for individual scores for each CVE. https://nvd.nist.gov/
Data Mapper for Jackson 1.9.9	CVE-2019-10172	See NVD link below for individual scores for each CVE. https://nvd.nist.gov/
OWASP AntiSamy 1.6.3	CVE-2021-35043	See NVD link below for individual scores for each CVE. https://nvd.nist.gov/

Dell Technologies raadt aan dat alle klanten rekening houden met zowel de basisscore van CVSS als alle relevante tijdelijke en omgevingsscores die gevolgen kunnen hebben voor de mogelijke ernst van de specifieke beveiligingsproblemen.

Getroffen producten en herstel

Product	Affected Versions	Remediated Versions	Link
Dell CloudLink	Versions prior to 8.0	Version 8.0	CloudLink Downloads

Product	Affected Versions	Remediated Versions	Link
Dell CloudLink	Versions prior to 8.0	Version 8.0	CloudLink Downloads

Revisiegeschiedenis

Revision	Date	Description
1.0	2023-04-26	Initial Release
2.0	2023-09-01	Updated for enhanced presentation with no changes to content.

DSA-2023-150: Dell CloudLink Security Update for multiple third-party component vulnerabilities

Samenvatting: Dell CloudLink remediation is available for multiple third-party component vulnerabilities that could be exploited by malicious users to compromise the affected system.

Article content

Impact

Gegevens

Getroffen producten en herstel

Revisiegeschiedenis

Verwante informatie

Juridische informatie

Artikeleigenschappen

Getroffen product

Datum laatst gepubliceerd

Versie

Artikeltype

Welkom

Welkom bij Dell

DSA-2023-150: Dell CloudLink Security Update for multiple third-party component vulnerabilities

Samenvatting: Dell CloudLink remediation is available for multiple third-party component vulnerabilities that could be exploited by malicious users to compromise the affected system.

Article content

Impact

Gegevens

Getroffen producten en herstel

Revisiegeschiedenis

Verwante informatie

Juridische informatie

Artikeleigenschappen

Getroffen product

Datum laatst gepubliceerd

Versie

Artikeltype