DSA-2024-419: Security Update for Dell Data Lakehouse System Software for Multiple Component Vulnerabilities
Resumen: Dell Data Lakehouse System Software remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
Impacto
Critical
Detalles
|
Third-party Component |
CVEs |
More Information |
|
Elasticsearch |
CVE-2024-23450 |
|
|
org.apache.hadoop_hadoop-hdfs |
CVE-2021-33036, CVE-2021-25642 |
See NVD link below for individual scores for each CVE. |
|
libyaml |
CVE-2024-35328, CVE-2024-35325, CVE-2024-35326 |
See NVD link below for individual scores for each CVE. |
|
com.amazon.redshift_redshift-jdbc42 |
CVE-2024-32888 |
|
|
curl |
CVE-2024-2004, CVE-2024-2398 |
See NVD link below for individual scores for each CVE. |
|
Ethernet Adapters in PowerEdge R660 BIOS versions prior to 2.2.7 |
CVE-2024-21769, CVE-2024-21807, CVE-2024-22374, CVE-2024-22376, CVE-2024-23497, CVE-2024-24986, CVE-2024-21801, CVE-2024-21806, CVE-2024-21810, CVE-2024-23499, CVE-2024-23981, CVE-2024-24983 |
See NVD link below for individual scores for each CVE. |
|
2024.2 IPU – Intel Processor Stream Cache Advisory in PowerEdge R660 BIOS versions prior to 2.2.7 |
CVE-2023-49141 |
|
|
OpenSSH in PowerEdge R660 iDRAC versions prior to 7.10.50.10 |
CVE-2024-6387 |
|
|
Intel Processor in PowerEdge R660 |
CVE-2024-21829, CVE-2024-21781, CVE-2024-23984, CVE-2024-24968, CVE-2024-21853 |
See NVD link below for individual scores for each CVE. |
|
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
|
CVE-2024-47483 |
Dell Data Lakehouse, version(s) 1.0.0.0 and 1.1.0.0, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Information disclosure. |
2.9 |
|
|
CVE-2024-47481 |
Dell Data Lakehouse, version(s) 1.0.0.0, 1.1.0., contain(s) an Improper Access Control vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Denial of service. |
6.5 |
|
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
|
CVE-2024-47483 |
Dell Data Lakehouse, version(s) 1.0.0.0 and 1.1.0.0, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Information disclosure. |
2.9 |
|
|
CVE-2024-47481 |
Dell Data Lakehouse, version(s) 1.0.0.0, 1.1.0., contain(s) an Improper Access Control vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Denial of service. |
6.5 |
Corrección y productos afectados
|
Product |
Affected Versions |
Remediated Versions |
Link |
|
DELL Data Lakehouse System Software |
Versions 1.0.0.0 and 1.1.0.0 |
Version 1.2.0.0 or later |
|
Product |
Affected Versions |
Remediated Versions |
Link |
|
DELL Data Lakehouse System Software |
Versions 1.0.0.0 and 1.1.0.0 |
Version 1.2.0.0 or later |
Historial de revisiones
|
Revision |
Date |
Description |
|
1.0 |
2024-10-25 |
Initial Release |
|
2.0 |
2024-12-12 |
Updated Advisory by adding CVE-2024-21769, CVE-2024-21807, CVE-2024-22374, CVE-2024-22376, CVE-2024-23497, CVE-2024-24986, CVE-2024-21801, CVE-2024-21806, CVE-2024-21810, CVE-2024-23499, CVE-2024-23981, CVE-2024-24983, CVE-2023-49141, CVE-2024-6387 under Third-Party Component Table |
|
3.0 |
2024-12-18 |
Updated Advisory by adding CVE-2024-21829, CVE-2024-21781, CVE-2024-23984, CVE-2024-24968, CVE-2024-21853 under Third-Party Component Table |