DSA-2023-150: Dell CloudLink Security Update for multiple third-party component vulnerabilities
Summary: Dell CloudLink remediation is available for multiple third-party component vulnerabilities that could be exploited by malicious users to compromise the affected system.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Impact
Critical
Details
| Third-party Component | CVEs | More Information |
| Spring Security 4.2.3 | CVE-2021-22112, CVE-2020-5408 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/  |
| spring-security-oauth 2.0.3 | CVE-2018-1260, CVE-2016-4977, CVE-2018-15758, CVE-2019-3778 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| Jetty: Java based HTTP/1.x, HTTP/2, Servlet, WebSocket Server 9.2.10.v20150310 | CVE-2017-7657, CVE-2017-9735, CVE-2017-7656, CVE-2019-10241, CVE-2020-27216 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| Hibernate ORM 4.3.11 | CVE-2020-25638, CVE-2019-14900 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| Apache MINA Core API 2.0.16 | CVE-2021-41973 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| Apache HttpClient 4.4 | CVE-2020-13956 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| Netty Project 4.1.65 | CVE-2021-43797 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| dom4j: flexible XML framework for Java 1.6.1 | CVE-2020-10683, CVE-2018-1000632 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| jackson-databind 2.6.7 | CVE-2017-17485 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| Jackson dataformats 2.6.7 | CVE-2020-28491 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| Bouncy Castle 1.58 | CVE-2018-1000613, CVE-2018-1000180, CVE-2017-13098 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| Data Mapper for Jackson 1.9.9 | CVE-2019-10172 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| OWASP AntiSamy 1.6.3 | CVE-2021-35043 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
Affected Products & Remediation
| Product | Affected Versions | Remediated Versions | Link |
|---|---|---|---|
| Dell CloudLink | Versions prior to 8.0 | Version 8.0 | CloudLink Downloads |
| Product | Affected Versions | Remediated Versions | Link |
|---|---|---|---|
| Dell CloudLink | Versions prior to 8.0 | Version 8.0 | CloudLink Downloads |
Revision History
| Revision | Date | Description |
|---|---|---|
| 1.0 | 2023-04-26 | Initial Release |
| 2.0 | 2023-09-01 | Updated for enhanced presentation with no changes to content. |
Related Information
Legal Disclaimer
Affected Products
CloudLink SecureVM, CloudLinkArticle Properties
Article Number: 000212820
Article Type: Dell Security Advisory
Last Modified: 01 Sept 2023
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.