DSA-2023-150: Dell CloudLink Security Update for multiple third-party component vulnerabilities
Résumé: Dell CloudLink remediation is available for multiple third-party component vulnerabilities that could be exploited by malicious users to compromise the affected system.
Cet article concerne
Cet article ne concerne pas
Cet article n’est associé à aucun produit spécifique.
Toutes les versions du produit ne sont pas identifiées dans cet article.
Impact
Critical
Détails
| Third-party Component | CVEs | More Information |
| Spring Security 4.2.3 | CVE-2021-22112, CVE-2020-5408 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/  |
| spring-security-oauth 2.0.3 | CVE-2018-1260, CVE-2016-4977, CVE-2018-15758, CVE-2019-3778 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| Jetty: Java based HTTP/1.x, HTTP/2, Servlet, WebSocket Server 9.2.10.v20150310 | CVE-2017-7657, CVE-2017-9735, CVE-2017-7656, CVE-2019-10241, CVE-2020-27216 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| Hibernate ORM 4.3.11 | CVE-2020-25638, CVE-2019-14900 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| Apache MINA Core API 2.0.16 | CVE-2021-41973 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| Apache HttpClient 4.4 | CVE-2020-13956 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| Netty Project 4.1.65 | CVE-2021-43797 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| dom4j: flexible XML framework for Java 1.6.1 | CVE-2020-10683, CVE-2018-1000632 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| jackson-databind 2.6.7 | CVE-2017-17485 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| Jackson dataformats 2.6.7 | CVE-2020-28491 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| Bouncy Castle 1.58 | CVE-2018-1000613, CVE-2018-1000180, CVE-2017-13098 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| Data Mapper for Jackson 1.9.9 | CVE-2019-10172 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| OWASP AntiSamy 1.6.3 | CVE-2021-35043 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
Produits concernés et mesure corrective
| Product | Affected Versions | Remediated Versions | Link |
|---|---|---|---|
| Dell CloudLink | Versions prior to 8.0 | Version 8.0 | CloudLink Downloads |
| Product | Affected Versions | Remediated Versions | Link |
|---|---|---|---|
| Dell CloudLink | Versions prior to 8.0 | Version 8.0 | CloudLink Downloads |
Historique des révisions
| Revision | Date | Description |
|---|---|---|
| 1.0 | 2023-04-26 | Initial Release |
| 2.0 | 2023-09-01 | Updated for enhanced presentation with no changes to content. |
Informations connexes
Mention légale
Produits concernés
CloudLink SecureVM, CloudLinkPropriétés de l’article
Numéro d’article: 000212820
Type d’article: Dell Security Advisory
Dernière modification: 01 Sep 2023
Trouvez des réponses à vos questions auprès d’autres utilisateurs Dell
Services de support
Vérifiez si votre appareil est couvert par les services de support.