Ir al contenido principal
Cerrar sesión

Le damos la bienvenida a Dell

Mi cuenta
  • Realice pedidos rápida y fácilmente.
  • Vea los pedidos y haga el seguimiento del estado del envío.
  • Cree una lista de sus productos y acceda a ella
Iniciar sesión Crear una cuenta Inicio de sesión en Premier Iniciar sesión en el programa para socios
Contáctenos

Sus carritos de Dell.com

DSA-2023-150: Dell CloudLink Security Update for multiple third-party component vulnerabilities

Resumen: Dell CloudLink remediation is available for multiple third-party component vulnerabilities that could be exploited by malicious users to compromise the affected system.

Este artículo se aplica a:   Este artículo no se aplica a: 
Consulta los recursos para:

Impacto

Critical

Detalles

Third-party Component CVEs More Information
Spring Security 4.2.3 CVE-2021-22112, CVE-2020-5408 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
spring-security-oauth 2.0.3 CVE-2018-1260, CVE-2016-4977, CVE-2018-15758, CVE-2019-3778 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Jetty: Java based HTTP/1.x, HTTP/2, Servlet, WebSocket Server 9.2.10.v20150310 CVE-2017-7657, CVE-2017-9735, CVE-2017-7656, CVE-2019-10241, CVE-2020-27216  See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Hibernate ORM 4.3.11 CVE-2020-25638, CVE-2019-14900 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Apache MINA Core API 2.0.16 CVE-2021-41973 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Apache HttpClient 4.4 CVE-2020-13956 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Netty Project 4.1.65 CVE-2021-43797 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
dom4j: flexible XML framework for Java 1.6.1 CVE-2020-10683, CVE-2018-1000632 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
jackson-databind 2.6.7 CVE-2017-17485 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Jackson dataformats 2.6.7 CVE-2020-28491 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Bouncy Castle 1.58 CVE-2018-1000613, CVE-2018-1000180, CVE-2017-13098 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Data Mapper for Jackson 1.9.9 CVE-2019-10172 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
OWASP AntiSamy 1.6.3 CVE-2021-35043 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.

Dell Technologies recomienda que todos los clientes tengan en cuenta la puntuación base CVSS y las puntuaciones temporales o de entorno relevantes que puedan afectar a la posible gravedad asociada a una determinada vulnerabilidad de seguridad.

Productos afectados y corrección

Product Affected Versions Remediated Versions Link
Dell CloudLink Versions prior to 8.0 Version 8.0 CloudLink Downloads
Product Affected Versions Remediated Versions Link
Dell CloudLink Versions prior to 8.0 Version 8.0 CloudLink Downloads

Historial de revisiones

RevisionDateDescription
1.02023-04-26 Initial Release
2.02023-09-01Updated for enhanced presentation with no changes to content.

Información relacionada

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Aviso legal

Productos afectados

CloudLink SecureVM, CloudLink