Número de artículo: 000212820

DSA-2023-150: Dell CloudLink Security Update for multiple third-party component vulnerabilities

Resumen: Dell CloudLink remediation is available for multiple third-party component vulnerabilities that could be exploited by malicious users to compromise the affected system.

Contenido del artículo

Impacto

Critical

Detalles

Third-party Component	CVEs	More Information
Spring Security 4.2.3	CVE-2021-22112, CVE-2020-5408	See NVD link below for individual scores for each CVE. https://nvd.nist.gov/
spring-security-oauth 2.0.3	CVE-2018-1260, CVE-2016-4977, CVE-2018-15758, CVE-2019-3778	See NVD link below for individual scores for each CVE. https://nvd.nist.gov/
Jetty: Java based HTTP/1.x, HTTP/2, Servlet, WebSocket Server 9.2.10.v20150310	CVE-2017-7657, CVE-2017-9735, CVE-2017-7656, CVE-2019-10241, CVE-2020-27216	See NVD link below for individual scores for each CVE. https://nvd.nist.gov/
Hibernate ORM 4.3.11	CVE-2020-25638, CVE-2019-14900	See NVD link below for individual scores for each CVE. https://nvd.nist.gov/
Apache MINA Core API 2.0.16	CVE-2021-41973	See NVD link below for individual scores for each CVE. https://nvd.nist.gov/
Apache HttpClient 4.4	CVE-2020-13956	See NVD link below for individual scores for each CVE. https://nvd.nist.gov/
Netty Project 4.1.65	CVE-2021-43797	See NVD link below for individual scores for each CVE. https://nvd.nist.gov/
dom4j: flexible XML framework for Java 1.6.1	CVE-2020-10683, CVE-2018-1000632	See NVD link below for individual scores for each CVE. https://nvd.nist.gov/
jackson-databind 2.6.7	CVE-2017-17485	See NVD link below for individual scores for each CVE. https://nvd.nist.gov/
Jackson dataformats 2.6.7	CVE-2020-28491	See NVD link below for individual scores for each CVE. https://nvd.nist.gov/
Bouncy Castle 1.58	CVE-2018-1000613, CVE-2018-1000180, CVE-2017-13098	See NVD link below for individual scores for each CVE. https://nvd.nist.gov/
Data Mapper for Jackson 1.9.9	CVE-2019-10172	See NVD link below for individual scores for each CVE. https://nvd.nist.gov/
OWASP AntiSamy 1.6.3	CVE-2021-35043	See NVD link below for individual scores for each CVE. https://nvd.nist.gov/

Dell Technologies recomienda que todos los clientes tengan en cuenta la puntuación base CVSS y las puntuaciones temporales o de entorno relevantes que puedan afectar a la posible gravedad asociada a una determinada vulnerabilidad de seguridad.

Productos afectados y corrección

Product	Affected Versions	Remediated Versions	Link
Dell CloudLink	Versions prior to 8.0	Version 8.0	CloudLink Downloads

Product	Affected Versions	Remediated Versions	Link
Dell CloudLink	Versions prior to 8.0	Version 8.0	CloudLink Downloads

Historial de revisiones

Revision	Date	Description
1.0	2023-04-26	Initial Release
2.0	2023-09-01	Updated for enhanced presentation with no changes to content.

Información relacionada

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

DSA-2023-150: Dell CloudLink Security Update for multiple third-party component vulnerabilities

Resumen: Dell CloudLink remediation is available for multiple third-party component vulnerabilities that could be exploited by malicious users to compromise the affected system.

Contenido del artículo

Impacto

Detalles

Productos afectados y corrección

Historial de revisiones

Información relacionada

Información legal

Propiedades del artículo

Producto afectado

Fecha de la última publicación

Versión

Tipo de artículo

Le damos la bienvenida

Le damos la bienvenida a Dell

DSA-2023-150: Dell CloudLink Security Update for multiple third-party component vulnerabilities

Resumen: Dell CloudLink remediation is available for multiple third-party component vulnerabilities that could be exploited by malicious users to compromise the affected system.

Contenido del artículo

Impacto

Detalles

Productos afectados y corrección

Historial de revisiones

Información relacionada

Información legal

Propiedades del artículo

Producto afectado

Fecha de la última publicación

Versión

Tipo de artículo