Article Number: 000204995
Critical
Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
CVE-2022-34440 | Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain admin privileges. | 8.4 HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
CVE-2022-34441 |
Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain admin privileges. | 8.0 HIGH |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L |
CVE-2022-34442 | Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain LDAP user privileges. | 8.0 HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L |
CVE-2022-34462 | Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a Hard-coded Password Vulnerability. An attacker, with the knowledge of the hard-coded credentials, could potentially exploit this vulnerability to login to the system to gain admin privileges. | 8.4 HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Third-Party Component |
CVEs | More information |
SUSE Enterprise 12 SP5 | CVE-2022-1292 |
See NVD (http://nvd.nist.gov/) for individual scores for each CVE |
SUSE Enterprise 12 SP5 | CVE-2022-2068 |
|
org.yaml.snakeyaml | CVE-2022-38752 |
|
com.fasterxml.jackson | CVE-2022-42003 |
|
CVE-2022-42004 |
Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
CVE-2022-34440 | Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain admin privileges. | 8.4 HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
CVE-2022-34441 |
Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain admin privileges. | 8.0 HIGH |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L |
CVE-2022-34442 | Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain LDAP user privileges. | 8.0 HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L |
CVE-2022-34462 | Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a Hard-coded Password Vulnerability. An attacker, with the knowledge of the hard-coded credentials, could potentially exploit this vulnerability to login to the system to gain admin privileges. | 8.4 HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Third-Party Component |
CVEs | More information |
SUSE Enterprise 12 SP5 | CVE-2022-1292 |
See NVD (http://nvd.nist.gov/) for individual scores for each CVE |
SUSE Enterprise 12 SP5 | CVE-2022-2068 |
|
org.yaml.snakeyaml | CVE-2022-38752 |
|
com.fasterxml.jackson | CVE-2022-42003 |
|
CVE-2022-42004 |
CVEs Addressed | Product | Affected Version | Updated Version | Link to Update |
CVE-2022-1292 | Dell SCG Policy Manager | 5.12.00.00 | 5.14.00.00 | SCG PM Download Page |
CVE-2022-2068 | ||||
CVE-2022-34440 | ||||
CVE-2022-34441 | ||||
CVE-2022-34442 | ||||
CVE-2022-34462 | ||||
CVE-2022-42003 | ||||
CVE-2022-42004 |
CVEs Addressed | Product | Affected Version | Updated Version | Link to Update |
CVE-2022-1292 | Dell SCG Policy Manager | 5.12.00.00 | 5.14.00.00 | SCG PM Download Page |
CVE-2022-2068 | ||||
CVE-2022-34440 | ||||
CVE-2022-34441 | ||||
CVE-2022-34442 | ||||
CVE-2022-34462 | ||||
CVE-2022-42003 | ||||
CVE-2022-42004 |
Dell would like to thank Matei "Mal" Badanoiu and sradulea for reporting CVE-2022-34440, CVE-2022-34441, CVE-2022-34442 and CVE-2022-34462.
Revision | Date | Description |
1.0 | 2022-11-10 | Initial Release |
Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide
Secure Connect Gateway
10 Nov 2022
2
Dell Security Advisory