DSA-2022-264: Cloud Mobility for Dell Storage Security Update for an Insecure Database Vulnerability
Summary: Cloud Mobility for Dell Storage, versions before and including 1.3.0, contain an authorization bypass vulnerability. A nonauthorized user may potentially exploit this vulnerability, leading to complete data exposure of information stored within the products database. ...
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Impact
Medium
Details
| Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-34434 | Cloud Mobility for Dell Storage versions 1.3.0 and earlier contains an Improper Access Control vulnerability within the Postgres database. A threat actor with root level access to either the vApp or containerized versions of Cloud Mobility may potentially exploit this vulnerability, leading to the modification or deletion of tables that are required for many of the core functionalities of Cloud Mobility. Exploitation may lead to the compromise of integrity and availability of the normal functionality of the Cloud Mobility application. | 6.7 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
| Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-34434 | Cloud Mobility for Dell Storage versions 1.3.0 and earlier contains an Improper Access Control vulnerability within the Postgres database. A threat actor with root level access to either the vApp or containerized versions of Cloud Mobility may potentially exploit this vulnerability, leading to the modification or deletion of tables that are required for many of the core functionalities of Cloud Mobility. Exploitation may lead to the compromise of integrity and availability of the normal functionality of the Cloud Mobility application. | 6.7 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Affected Products & Remediation
| CVEs Addressed | Product | Affected Versions | Updated Version | Link to Update |
| CVE-2022-34434 | Cloud Mobility for Dell Storage | Versions before and including 1.3.0 | 1.3.1 | AWS: https://aws.amazon.com/marketplace/pp/prodview-puxtams7ngwwk#pdp-usage VMware: https://marketplace.cloud.vmware.com/services/details/cloud-mobility-for-dell-emc-storage-1-1-1-1-1?slug=true |
| CVEs Addressed | Product | Affected Versions | Updated Version | Link to Update |
| CVE-2022-34434 | Cloud Mobility for Dell Storage | Versions before and including 1.3.0 | 1.3.1 | AWS: https://aws.amazon.com/marketplace/pp/prodview-puxtams7ngwwk#pdp-usage VMware: https://marketplace.cloud.vmware.com/services/details/cloud-mobility-for-dell-emc-storage-1-1-1-1-1?slug=true |
Workarounds & Mitigations
The vulnerability may be avoided by creating a dynamic password that is generated upon database startup and stored securely. Next the trust of all internal connections is removed, requiring connections to use the newly created password to access the database.
Revision History
| Revision | Date | Description |
| 1.0 | 09-15-2022 | Initial release |
Related Information
Legal Disclaimer
Affected Products
Product Security InformationArticle Properties
Article Number: 000203434
Article Type: Dell Security Advisory
Last Modified: 21 Nov 2025
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.