Dell EMC OpenManage Enterprise False Positive Security Vulnerabilities
Oversigt: This article provides a list of security vulnerabilities that cannot be exploited on all versions of Dell EMC OpenManage Enterprise, but which may be identified by security scanners.
Denne artikel gælder for
Denne artikel gælder ikke for
Denne artikel er ikke knyttet til et bestemt produkt.
Det er ikke alle produktversioner, der er identificeret i denne artikel.
Sikkerhedsartikeltype
Security KB
CVE-id
The CVE IDs are listed in the table below.
Oversigt over problemet
This article provides a list of security vulnerabilities that cannot be exploited on all versions of Dell EMC OpenManage Enterprise, but which may be identified by security scanners.
Anbefalinger
The vulnerabilities that are listed in the table below are in order by the date on which Dell EMC OpenManage Enterprise Engineering determined that all versions of Dell EMC OpenManage Enterprise were not vulnerable.
| Third-party Component | CVE IDs | Summary of Vulnerability | Reason why Product is not Vulnerable | Date Determined False Positive |
| Log4j-2.16 | CVE-2021-45105 | Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to potentially cause a denial of service when a crafted string is interpreted. | Dell EMC Open Manage Enterprise log configuration is not using the context lookups (for example, ${ctx:loginId}) in the Log4j pattern layout. | December 17, 2021 |
| Log4j-2.16 | CVE-2021-44832 | Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack where an attacker with permission to modify the logging configuration file may potentially construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI which can run remote code. | Dell EMC Open Manage Enterprise team confirmed that JDBC Appender is being used, and it is not configured to use any protocol other than Java.
|
December 29, 2021 |
| Spring-mvc | CVE-2022-22965 | A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) using data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. | This vulnerability is not applicable to the Dell EMC Open Manage Enterprise due to the JDK usage, and deployment of the application are different from the prerequisites of the vulnerability. | April 8, 2022 |
| Spring-Cloud | CVE-2022-22963 | In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources. | Open Manage Enterprise is not using the Spring Cloud libraries. | April 8, 2022 |
| Spring Framework | CVE-2022-22950 | In Spring Framework versions 5.3.0 - 5.3.16, 5.2.0 - 5.2.19, and earlier unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition. | Open Manage Enterprise is not using SpEL and not aware of any other practical way to exploit this vulnerability. | April 8, 2022 |
Ansvarsfraskrivelse
Berørte produkter
Dell OpenManage Enterprise, Dell EMC OpenManage Enterprise, Product Security InformationArtikelegenskaber
Artikelnummer: 000194933
Artikeltype: Security KB
Senest ændret: 12 maj 2026
Version: 4
Find svar på dine spørgsmål fra andre Dell-brugere
Supportservices
Kontrollér, om din enhed er dækket af supportservices.