DSA-2023-415: Security Update for Dell Repository Manager vulnerability
Summary: Dell Repository Manager remediation is available for Multiple Improper Access Controls Vulnerabilities that could be exploited by malicious users to compromise the affected system.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Impact
Medium
Details
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2023-44292 | Dell Repository Manager, 3.4.3 and prior, contains an Improper Access Control vulnerability in its installation module. A local low-privileged attacker could potentially exploit this vulnerability, leading to gaining escalated privileges. | 6.7 | CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H  |
| CVE-2023-44282 | Dell Repository Manager, 3.4.3 and prior, contains an Improper Access Control vulnerability in its installation module. A local low-privileged attacker could potentially exploit this vulnerability, leading to gaining escalated privileges. | 6.7 | CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2023-44292 | Dell Repository Manager, 3.4.3 and prior, contains an Improper Access Control vulnerability in its installation module. A local low-privileged attacker could potentially exploit this vulnerability, leading to gaining escalated privileges. | 6.7 | CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H |
| CVE-2023-44282 | Dell Repository Manager, 3.4.3 and prior, contains an Improper Access Control vulnerability in its installation module. A local low-privileged attacker could potentially exploit this vulnerability, leading to gaining escalated privileges. | 6.7 | CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H |
Affected Products & Remediation
| CVEs Addressed | Product | Affected Versions | Remediated Versions | Link |
|---|---|---|---|---|
| CVE-2023-44292, CVE-2023-44282 | Dell Repository Manager | Versions prior to 3.4.4 | 3.4.4 | Apply the latest Security Remediation |
| CVEs Addressed | Product | Affected Versions | Remediated Versions | Link |
|---|---|---|---|---|
| CVE-2023-44292, CVE-2023-44282 | Dell Repository Manager | Versions prior to 3.4.4 | 3.4.4 | Apply the latest Security Remediation |
Revision History
| Revision | Date | Description |
|---|---|---|
| 1.0 | 2023-11-07 | Initial Release |
| 2.0 | 2023-11-08 | Minor formatting editing with no changes to the information. |
| 3.0 | 2023-11-13 | Minor formatting editing with no changes to the information. |
| 4.0 | 2023-11-14 | Minor formatting editing with no changes to the information. |
| 5.0 | 2013-11-15 | Minor formatting editing with no changes to the information. |
Related Information
Legal Disclaimer
Affected Products
Dell Repository Manager Version 2.1, Dell Repository Manager Version 2.2, Dell Repository Manager Version 1.0, Dell Repository Manager Version 1.1, Dell Repository Manager Version 1.2, Dell Repository Manager Version 1.3
, Dell Repository Manager Version 1.4, Dell Repository Manager Version 1.5, Dell Repository Manager Version 1.6, Dell Repository Manager Version 1.7, Dell Repository Manager Version 1.8, Dell Repository Manager Version 1.9, Dell Repository Manager Version 2.0
...
Article Properties
Article Number: 000219303
Article Type: Dell Security Advisory
Last Modified: 15 Nov 2023
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.