DSA-2023-381: Security Update for Dell ObjectScale 1.3 Vulnerabilities
Résumé: Dell ObjectScale 1.3 remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected systems
Cet article concerne
Cet article ne concerne pas
Cet article n’est associé à aucun produit spécifique.
Toutes les versions du produit ne sont pas identifiées dans cet article.
Impact
Critical
Détails
| Third-Party Component Name | CVEs | More Information |
|---|---|---|
| Apache Commons Net | CVE-2021-37533 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/  |
| cryptography | CVE-2020-36242 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| curl | CVE-2023-27538, CVE-2022-32221, CVE-2023-28319 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| Git | CVE-2023-23946, CVE-2023-22490, CVE-2022-23521, CVE-2022-41903, CVE-2022-39260, CVE-2022-39253, CVE-2022-29187, CVE-2022-24765, CVE-2022-24975, CVE-2021-21300 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| github.com/containerd/containerd |
CVE-2023-25173, CVE-2023-25153 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| github.com/docker/docker |
CVE-2023-28840, CVE-2023-28841, CVE-2023-28842 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| github.com/prometheus/exporter-toolkit |
CVE-2022-46146 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| github.com/snowflakedb/gosnowflake |
CVE-2023-34231 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| glibc | CVE-2023-0687 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| go | CVE-2020-24553, CVE-2021-3114, CVE-2021-41772, CVE-2021-29923, CVE-2021-38297, CVE-2021-36221, CVE-2020-14039, CVE-2021-41771, CVE-2020-16845, CVE-2020-28362, CVE-2021-33198, CVE-2021-33196, CVE-2021-39293, CVE-2021-34558, CVE-2021-27918, CVE-2020-29510, CVE-2021-33195, CVE-2020-28367, CVE-2020-15586, CVE-2021-33197, CVE-2020-28366, CVE-2020-7919 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| golang.org/x/crypto |
CVE-2020-29652 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| golang.org/x/net |
CVE-2021-31525, CVE-2021-33194, CVE-2022-41721 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| golang.org/x/text |
CVE-2022-32149, CVE-2021-38561 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| Grafana | CVE-2022-21713, CVE-2022-21703, CVE-2021-43815, CVE-2022-29170 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| helm/helm | CVE-2022-23526, CVE-2022-23525, CVE-2022-23524 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| jackson-databind | CVE-2021-46877 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| Jettison - Json Stax implementation | CVE-2022-45685, CVE-2022-45693, CVE-2023-1436 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| less | CVE-2022-46663 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| protobuf-java | CVE-2022-3509, CVE-2022-3510, CVE-2022-3171, CVE-2021-22570 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| Python programming language | CVE-2022-37454 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| python-wheel | CVE-2022-40898 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| SnakeYAML | CVE-2022-1471 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| Spring Framework | CVE-2023-20860, CVE-2023-20861, CVE-2023-20863 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| sudo | CVE-2023-28487, CVE-2023-28486, CVE-2023-27320 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| Vim | CVE-2023-1175, CVE-2023-1170, CVE-2023-1127, CVE-2023-0512, CVE-2023-0433, CVE-2023-1355, CVE-2023-1264 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
Produits concernés et mesure corrective
| Product | Affected Versions | Remediated Versions | Link |
|---|---|---|---|
| Dell ObjectScale | Versions 1.0.0, 1.0.1, 1.0.2, and 1.2.0 | Version 1.3.0 | To upgrade to ObjectScale 1.3.0 from older versions, please open a Technical Support case to assist with the ObjectScale upgrade to 1.3.0. https://www.dell.com/support/incidents-online/ |
| Product | Affected Versions | Remediated Versions | Link |
|---|---|---|---|
| Dell ObjectScale | Versions 1.0.0, 1.0.1, 1.0.2, and 1.2.0 | Version 1.3.0 | To upgrade to ObjectScale 1.3.0 from older versions, please open a Technical Support case to assist with the ObjectScale upgrade to 1.3.0. https://www.dell.com/support/incidents-online/ |
Solutions de contournement et mesures d’atténuation
None
Historique des révisions
| Revision | Date | Description |
| 1.0 | 2023-10-17 | Initial Release |
| 2.0 | 2023-11-27 | Updated language in the Affected Products and Remediation Table. Separated instructions for fresh installations and upgrading to 1.3.0 into two distinct line items. Updates are for enhanced presentation only, does not change the content. |
Informations connexes
Mention légale
Produits concernés
ObjectScalePropriétés de l’article
Numéro d’article: 000218660
Type d’article: Dell Security Advisory
Dernière modification: 08 Nov 2025
Trouvez des réponses à vos questions auprès d’autres utilisateurs Dell
Services de support
Vérifiez si votre appareil est couvert par les services de support.