Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.

Article Number: 000213152


DSA-2023-141: Dell Unity, Unity VSA and Unity XT Security Update for Multiple Vulnerability

Summary: Dell Unity, Unity VSA and Unity XT remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

Article Content


Impact

Critical

Details

Third-party Component CVEs More information
open-vm-tools CVE-2022-31676 https://www.suse.com/security/cve/CVE-2022-31676.htmlThis hyperlink is taking you to a website outside of Dell Technologies.
postgresql-jdbc CVE-2022-41946 https://www.suse.com/security/cve/CVE-2022-41946.htmlThis hyperlink is taking you to a website outside of Dell Technologies.
bind CVE-2021-25220 https://www.suse.com/security/cve/CVE-2021-25220.htmlThis hyperlink is taking you to a website outside of Dell Technologies.
libstdc CVE-2020-13844, CVE-2019-15847, CVE-2019-14250 https://www.suse.com/security/cve/CVE-2020-13844.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2019-15847.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2019-14250.htmlThis hyperlink is taking you to a website outside of Dell Technologies.
ntp CVE-2020-15025, CVE-2020-13817, CVE-2018-8956, CVE-2020-11868 https://www.suse.com/security/cve/CVE-2020-15025.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2020-13817.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2018-8956.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2020-11868.htmlThis hyperlink is taking you to a website outside of Dell Technologies.
runc CVE-2022-31030, CVE-2022-29162 https://www.suse.com/security/cve/CVE-2022-31030.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2022-29162.htmlThis hyperlink is taking you to a website outside of Dell Technologies.
sysstat CVE-2019-16167, CVE-2018-19517, CVE-2018-19416 https://www.suse.com/security/cve/CVE-2019-16167.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2018-19517.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2018-19416.htmlThis hyperlink is taking you to a website outside of Dell Technologies.
cpio CVE-2021-38185 https://www.suse.com/security/cve/CVE-2021-38185.htmlThis hyperlink is taking you to a website outside of Dell Technologies.
dnsmasq CVE-2020-25687, CVE-2020-25686, CVE-2020-25682, CVE-2020-25681, CVE-2020-25685, CVE-2020-25684, CVE-2020-25683, CVE-2022-0934, CVE-2021-3448 https://www.suse.com/security/cve/CVE-2020-25687.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2020-25686.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2020-25682.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2020-25681.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2020-25685.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2020-25684.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2020-25683.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2022-0934.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2021-3448.htmlThis hyperlink is taking you to a website outside of Dell Technologies.
git CVE-2022-29187, CVE-2022-24765 https://www.suse.com/security/cve/CVE-2022-29187.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2022-24765.htmlThis hyperlink is taking you to a website outside of Dell Technologies.
krb5 CVE-2021-3672 https://www.suse.com/security/cve/CVE-2021-3672.htmlThis hyperlink is taking you to a website outside of Dell Technologies.
Dbus CVE-2020-35512, CVE-2020-12049 https://www.suse.com/security/cve/CVE-2020-35512.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2020-12049.htmlThis hyperlink is taking you to a website outside of Dell Technologies.
mozilla CVE-2022-31741, CVE-2015-20107, CVE-2021-3572, CVE-2020-26116, CVE-2019-11324, CVE-2019-11236, CVE-2019-9740, CVE-2018-20060, CVE-2018-18074 https://www.suse.com/security/cve/CVE-2022-31741.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2015-20107.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2021-3572.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2020-26116.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2019-11324.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2019-11236.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2019-9740.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2018-20060.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2018-18074.htmlThis hyperlink is taking you to a website outside of Dell Technologies.
root user CVE-2019-5021 https://www.suse.com/security/cve/CVE-2019-5021.htmlThis hyperlink is taking you to a website outside of Dell Technologies.
xstream CVE-2021-21342 https://www.suse.com/security/cve/CVE-2021-21342.htmlThis hyperlink is taking you to a website outside of Dell Technologies.
dom4j CVE-2020-10683 https://www.suse.com/security/cve/CVE-2020-10683.htmlThis hyperlink is taking you to a website outside of Dell Technologies.
vim CVE-2021-3973 https://www.suse.com/security/cve/CVE-2021-3973.htmlThis hyperlink is taking you to a website outside of Dell Technologies.
tomcat CVE-2022-25762, CVE-2022-23181 https://www.suse.com/security/cve/CVE-2022-25762.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2022-23181.htmlThis hyperlink is taking you to a website outside of Dell Technologies.
apache2 CVE-2022-26373, CVE-2022-26377, CVE-2022-28614, CVE-2022-28615, CVE-2022-29404, CVE-2022-30522, CVE-2022-31813, CVE-2022-30556 https://www.suse.com/security/cve/CVE-2022-26373.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2022-26377.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2022-28614.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2022-28615.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2022-29404.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2022-30522.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2022-31813.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2022-30556.htmlThis hyperlink is taking you to a website outside of Dell Technologies.
libopenssl-1_1 CVE-2022-1292 https://www.suse.com/security/cve/CVE-2022-1292.htmlThis hyperlink is taking you to a website outside of Dell Technologies.
avahi CVE-2021-26720, CVE-2021-3468 https://www.suse.com/security/cve/CVE-2021-26720.html This hyperlink is taking you to a website outside of Dell Technologies.  , https://www.suse.com/security/cve/CVE-2021-3468.htmlThis hyperlink is taking you to a website outside of Dell Technologies.
Libgcrypt CVE-2021-33560 https://www.suse.com/security/cve/CVE-2021-33560.htmlThis hyperlink is taking you to a website outside of Dell Technologies.
Libnettle CVE-2021-3580 https://www.suse.com/security/cve/CVE-2021-3580.htmlThis hyperlink is taking you to a website outside of Dell Technologies.
pcre2 CVE-2022-1587, CVE-2019-20454 https://www.suse.com/security/cve/CVE-2022-1587.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2019-20454.htmlThis hyperlink is taking you to a website outside of Dell Technologies.
Cyrus CVE-2022-24407 https://www.suse.com/security/cve/CVE-2022-24407.htmlThis hyperlink is taking you to a website outside of Dell Technologies.
libopenssl-1_1 CVE-2022-2097, CVE-2022-2068 https://www.suse.com/security/cve/CVE-2022-2097.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2022-2068.htmlThis hyperlink is taking you to a website outside of Dell Technologies.
apache-commons-httpclient CVE-2020-13956 https://www.suse.com/security/cve/CVE-2020-13956.htmlThis hyperlink is taking you to a website outside of Dell Technologies.
openssh CVE-2021-41617 https://www.suse.com/security/cve/CVE-2021-41617.htmlThis hyperlink is taking you to a website outside of Dell Technologies.
e2fsprogs CVE-2022-1304 https://www.suse.com/security/cve/CVE-2022-1304.htmlThis hyperlink is taking you to a website outside of Dell Technologies.
containerd, docker CVE-2021-43565, CVE-2022-27191, CVE-2022-24769, CVE-2022-23648 https://www.suse.com/security/cve/CVE-2021-43565.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2022-27191.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2022-24769.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2022-23648.htmlThis hyperlink is taking you to a website outside of Dell Technologies.
ucode-intel CVE-2022-21151   https://www.suse.com/security/cve/CVE-2022-21151.htmlThis hyperlink is taking you to a website outside of Dell Technologies.
openjdk CVE-2022-21476, CVE-2022-21426, CVE-2022-21496, CVE-2022-21496, CVE-2022-21434, CVE-2022-21443 https://www.suse.com/security/cve/CVE-2022-21476.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2022-21426.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2022-21496.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2022-21496.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2022-21434.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2022-21443.htmlThis hyperlink is taking you to a website outside of Dell Technologies.
tiff CVE-2022-0909, CVE-2022-0908, CVE-2022-0562, CVE-2022-0561, CVE-2022-0891, CVE-2022-0865, CVE-2022-1056, CVE-2022-0924 https://www.suse.com/security/cve/CVE-2022-0909.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2022-0908.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2022-0562.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2022-0561.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2022-0891.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2022-0865.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2022-1056.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2022-0924.htmlThis hyperlink is taking you to a website outside of Dell Technologies.
gzip, xz CVE-2022-1271 https://www.suse.com/security/cve/CVE-2022-1271.htmlThis hyperlink is taking you to a website outside of Dell Technologies.
mozilla-nss CVE-2022-1097 https://www.suse.com/security/cve/CVE-2022-1097.htmlThis hyperlink is taking you to a website outside of Dell Technologies.
util-linux CVE-2021-37600 https://www.suse.com/security/cve/CVE-2021-37600.htmlThis hyperlink is taking you to a website outside of Dell Technologies.
OpenSSL CVE-2022-0778 https://www.suse.com/security/cve/CVE-2022-0778.htmlThis hyperlink is taking you to a website outside of Dell Technologies.
fbindglibc CVE-2021-3999, CVE-2022-23218, CVE-2022-23219, CVE-2015-8985 https://www.suse.com/security/cve/CVE-2021-3999.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2022-23218.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2022-23219.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2015-8985.htmlThis hyperlink is taking you to a website outside of Dell Technologies.
libxml2 CVE-2022-23308 https://www.suse.com/security/cve/CVE-2022-23308.htmlThis hyperlink is taking you to a website outside of Dell Technologies.
binutils CVE-2020-16591, CVE-2020-16599, CVE-2020-16598, CVE-2020-16592, CVE-2020-16593, CVE-2020-16590, CVE-2020-35448, CVE-2020-35496, CVE-2020-35493, CVE-2020-35507, CVE-2021-20197, CVE-2021-20284, CVE-2021-3487, CVE-2021-20294 https://www.suse.com/security/cve/CVE-2020-16591.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2020-16599.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2020-16598.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2020-16592.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2020-16593.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2020-16590.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2020-35448.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2020-35496.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2020-35493.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2020-35507.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2021-20197.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2021-20284.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2021-3487.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2021-20294.htmlThis hyperlink is taking you to a website outside of Dell Technologies.
pcre CVE-2020-14155, CVE-2019-20838 https://www.suse.com/security/cve/CVE-2020-14155.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2019-20838.htmlThis hyperlink is taking you to a website outside of Dell Technologies.
kernel CVE-2021-4149, CVE-2021-4197, CVE-2021-4202, CVE-2022-0322, CVE-2022-0330, CVE-2022-0435, CVE-2021-44879, CVE-2022-0001, CVE-2022-0002, CVE-2022-0487, CVE-2022-0492, CVE-2022-0617, CVE-2022-0644, CVE-2022-24448, CVE-2022-24959 https://www.suse.com/security/cve/CVE-2021-4149.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2021-4197.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2021-4202.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2022-0322.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2022-0330.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2022-0435.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2021-44879.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2022-0001.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2022-0002.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2022-0487.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2022-0492.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2022-0617.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2022-0644.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2022-24448.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2022-24959.htmlThis hyperlink is taking you to a website outside of Dell Technologies.
libcroco CVE-2020-12825 https://www.suse.com/security/cve/CVE-2020-12825.htmlThis hyperlink is taking you to a website outside of Dell Technologies.
postgresql12 CVE-2021-23222, CVE-2021-23214 https://www.suse.com/security/cve/CVE-2021-23222.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2021-23214.htmlThis hyperlink is taking you to a website outside of Dell Technologies.
git CVE-2021-40330 https://www.suse.com/security/cve/CVE-2021-40330.htmlThis hyperlink is taking you to a website outside of Dell Technologies.

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2023-43074 Dell Unity 5.3 contain(s) an Arbitrary File Creation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by crafting arbitrary files through a request to the server. 5.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:LThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2023-43065 Dell Unity prior to 5.3 contains a Cross-site scripting vulnerability. A low-privileged authenticated attacker can exploit these issues to obtain escalated privileges. 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:LThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2023-43066 Dell Unity prior to 5.3 contains a Restricted Shell Bypass vulnerability. This could allow an authenticated, local attacker to exploit this vulnerability by authenticating to the device CLI and issuing certain commands. 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:LThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2023-43067 Dell Unity prior to 5.3 contains an XML External Entity injection vulnerability. An XXE attack could potentially exploit this vulnerability disclosing local files in the file system. 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2023-43082 Dell Unity prior to 5.3 contains a 'man in the middle' vulnerability in the vmadapter component. If a customer has a certificate signed by a third-party public Certificate Authority, the vCenter CA could be spoofed by an attacker who can obtain a CA-signed certificate. 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:NThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2024-22229 Dell Unity, versions prior to 5.4, contain a vulnerability whereby log messages can be spoofed by an authenticated attacker. An attacker could exploit this vulnerability to forge log entries, create false alarms, and inject malicious content into logs that compromise logs integrity. A malicious attacker could also prevent the product from logging information while malicious actions are performed or implicate an arbitrary user for malicious activities. 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:NThis hyperlink is taking you to a website outside of Dell Technologies.
Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2023-43074 Dell Unity 5.3 contain(s) an Arbitrary File Creation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by crafting arbitrary files through a request to the server. 5.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:LThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2023-43065 Dell Unity prior to 5.3 contains a Cross-site scripting vulnerability. A low-privileged authenticated attacker can exploit these issues to obtain escalated privileges. 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:LThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2023-43066 Dell Unity prior to 5.3 contains a Restricted Shell Bypass vulnerability. This could allow an authenticated, local attacker to exploit this vulnerability by authenticating to the device CLI and issuing certain commands. 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:LThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2023-43067 Dell Unity prior to 5.3 contains an XML External Entity injection vulnerability. An XXE attack could potentially exploit this vulnerability disclosing local files in the file system. 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2023-43082 Dell Unity prior to 5.3 contains a 'man in the middle' vulnerability in the vmadapter component. If a customer has a certificate signed by a third-party public Certificate Authority, the vCenter CA could be spoofed by an attacker who can obtain a CA-signed certificate. 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:NThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2024-22229 Dell Unity, versions prior to 5.4, contain a vulnerability whereby log messages can be spoofed by an authenticated attacker. An attacker could exploit this vulnerability to forge log entries, create false alarms, and inject malicious content into logs that compromise logs integrity. A malicious attacker could also prevent the product from logging information while malicious actions are performed or implicate an arbitrary user for malicious activities. 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:NThis hyperlink is taking you to a website outside of Dell Technologies.
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

Product Affected Versions Remediated Versions Link
Dell Unity Operating Environment (OE) Versions prior to 5.3.0.0.5.120 Version 5.3.0.0.5.120 https://www.dell.com/support/home/product-support/product/unity-all-flash-family/drivers 
Dell UnityVSA Operating Environment (OE) Versions prior to 5.3.0.0.5.120 Version 5.3.0.0.5.120 https://www.dell.com/support/home/product-support/product/unity-all-flash-family/drivers
Dell Unity XT Operating Environment (OE) Versions prior to 5.3.0.0.5.120 Version 5.3.0.0.5.120 https://www.dell.com/support/home/product-support/product/unity-all-flash-family/drivers
Product Affected Versions Remediated Versions Link
Dell Unity Operating Environment (OE) Versions prior to 5.3.0.0.5.120 Version 5.3.0.0.5.120 https://www.dell.com/support/home/product-support/product/unity-all-flash-family/drivers 
Dell UnityVSA Operating Environment (OE) Versions prior to 5.3.0.0.5.120 Version 5.3.0.0.5.120 https://www.dell.com/support/home/product-support/product/unity-all-flash-family/drivers
Dell Unity XT Operating Environment (OE) Versions prior to 5.3.0.0.5.120 Version 5.3.0.0.5.120 https://www.dell.com/support/home/product-support/product/unity-all-flash-family/drivers

Revision History

Revision

Date

Description

1.0

2023-05-08

Initial Release

2.02023-09-01Updated for enhanced presentation with no changes to content.
3.02023-10-23Added 4 new CVEs, CVE-2023-43074, CVE-2023-43065, CVE-2023-43066, CVE-2023-43067 under "PROPRIERTARY CODE" section 
4.02023-11-22Added 1 new CVE-2023-43082 under "PROPRIERTARY CODE" section 
5.02024-01-24Added 1 new CVE-2024-22229 under "PROPRIERTARY CODE" section 

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide


Article Properties


Affected Product

Dell EMC Unity, Dell Unity 300, Dell EMC Unity 300F, Dell EMC Unity 350F, Dell EMC Unity 400, Dell EMC Unity 400F, Dell Unity Operating Environment (OE), Dell EMC UnityVSA Professional Edition/Unity Cloud Edition

Last Published Date

24 Jan 2024

Version

6

Article Type

Dell Security Advisory