DSA-2022-188: Dell BSAFE SSL-J Security Update for a Debug Messages Revealing Unnecessary Information Vulnerability
Summary: Dell BSAFE SSL-J remediation is available to address a vulnerability that may be exploited by malicious users to compromise the affected system.
This article applies to
This article does not apply to
Impact
Medium
Details
| Proprietary Code CVE | Product | CVSS Base Score | CVSS Vector String |
| CVE-2022-34364 | Dell BSAFE SSL-J, versions before 6.5 and version 7.0 contain a debug message revealing unnecessary information vulnerability. This may lead to disclosing sensitive information to a locally privileged user. | 4.4 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
| Proprietary Code CVE | Product | CVSS Base Score | CVSS Vector String |
| CVE-2022-34364 | Dell BSAFE SSL-J, versions before 6.5 and version 7.0 contain a debug message revealing unnecessary information vulnerability. This may lead to disclosing sensitive information to a locally privileged user. | 4.4 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
Affected Products & Remediation
| CVEs addressed | Product | Affected Versions | Updated Versions |
| CVE-2022-34364 | Dell BSAFE SSL-J | All versions before 6.5 7.0 |
6.5 7.1 |
| CVEs addressed | Product | Affected Versions | Updated Versions |
| CVE-2022-34364 | Dell BSAFE SSL-J | All versions before 6.5 7.0 |
6.5 7.1 |
Workarounds & Mitigations
Workarounds or mitigations may exist based on individual use case and usage of the product. Customers with an active BSAFE SSL-J maintenance contract should contact Dell BSAFE Support at bsafe.support@dell.com, or bsafe.support.japan@dell.com for further details.
Revision History
| Revision | Date | Description |
| 1.0 | 2022-09-12 | Initial Release |
| 2.0 | 2023-02-17 | Major Update |
| 2.1 | 2023-02-23 | Minor Revision |
| 3.0 | 2024-01-15 | Added missing link to the CVSS calculator updated the CVE description |
| 4.0 | 2024-01-15 | Updated the formatting without any change to the contents. |