Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.
Sign In Create an Account Premier Sign In Partner Program Sign In
Contact Us

Your Dell.com Carts

Article Number: 000212820

DSA-2023-150: Dell CloudLink Security Update for multiple third-party component vulnerabilities

Summary: Dell CloudLink remediation is available for multiple third-party component vulnerabilities that could be exploited by malicious users to compromise the affected system.

Article Content

Impact

Critical

Details

Third-party Component CVEs More Information
Spring Security 4.2.3 CVE-2021-22112, CVE-2020-5408 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
spring-security-oauth 2.0.3 CVE-2018-1260, CVE-2016-4977, CVE-2018-15758, CVE-2019-3778 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Jetty: Java based HTTP/1.x, HTTP/2, Servlet, WebSocket Server 9.2.10.v20150310 CVE-2017-7657, CVE-2017-9735, CVE-2017-7656, CVE-2019-10241, CVE-2020-27216  See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Hibernate ORM 4.3.11 CVE-2020-25638, CVE-2019-14900 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Apache MINA Core API 2.0.16 CVE-2021-41973 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Apache HttpClient 4.4 CVE-2020-13956 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Netty Project 4.1.65 CVE-2021-43797 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
dom4j: flexible XML framework for Java 1.6.1 CVE-2020-10683, CVE-2018-1000632 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
jackson-databind 2.6.7 CVE-2017-17485 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Jackson dataformats 2.6.7 CVE-2020-28491 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Bouncy Castle 1.58 CVE-2018-1000613, CVE-2018-1000180, CVE-2017-13098 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Data Mapper for Jackson 1.9.9 CVE-2019-10172 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
OWASP AntiSamy 1.6.3 CVE-2021-35043 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

Product Affected Versions Remediated Versions Link
Dell CloudLink Versions prior to 8.0 Version 8.0 CloudLink Downloads
Product Affected Versions Remediated Versions Link
Dell CloudLink Versions prior to 8.0 Version 8.0 CloudLink Downloads

Revision History

RevisionDateDescription
1.02023-04-26 Initial Release
2.02023-09-01Updated for enhanced presentation with no changes to content.

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Information

Article Properties

Affected Product

CloudLink SecureVM, CloudLink

Last Published Date

01 Sept 2023

Version

2

Article Type

Dell Security Advisory

Back to Top