Dell NetWorker False Positive Security Vulnerability (CVE-2022-29885)
Summary: This article provides details on security vulnerability CVE-2022-29885 that cannot be exploited on Dell NetWorker, but which may be flagged by security scanners.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Security Article Type
Security KB
CVE Identifier
CVE-2022-29885
Issue Summary
See the 'Recommendation' section below for details on each CVE.
Recommendations
The vulnerabilities listed in the table below are in order by the date on which Dell NetWorker Engineering determined that the Dell NetWorker was not vulnerable.
| Third Party Component |
CVE ID |
Summary of Vulnerability |
Reason why Product is not Vulnerable |
Date Determined False Positive |
| Apache Tomcat versions 9.0.13 < 9.0.63 | CVE-2022-29885 | The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the EncryptInterceptor does provide confidentiality and integrity protection, it does not protect against all risks associated with running over any untrusted network, particularly DoS risks. | CVE-2022-29885 does not affect Dell NetWorker because it does not use Tomcat clusters. | September 15, 2023 |
Legal Disclaimer
Affected Products
NetWorkerArticle Properties
Article Number: 000215649
Article Type: Security KB
Last Modified: 13 Nov 2023
Version: 2
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.