DSA-2024-419: Security Update for Dell Data Lakehouse System Software for Multiple Component Vulnerabilities
概要: Dell Data Lakehouse System Software remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
この記事は次に適用されます:
この記事は次には適用されません:
この記事は、特定の製品に関連付けられていません。
すべての製品パージョンがこの記事に記載されているわけではありません。
影響
Critical
詳細
|
Third-party Component |
CVEs |
More Information |
|
Elasticsearch |
CVE-2024-23450 |
|
|
org.apache.hadoop_hadoop-hdfs |
CVE-2021-33036, CVE-2021-25642 |
See NVD link below for individual scores for each CVE. |
|
libyaml |
CVE-2024-35328, CVE-2024-35325, CVE-2024-35326 |
See NVD link below for individual scores for each CVE. |
|
com.amazon.redshift_redshift-jdbc42 |
CVE-2024-32888 |
|
|
curl |
CVE-2024-2004, CVE-2024-2398 |
See NVD link below for individual scores for each CVE. |
|
Ethernet Adapters in PowerEdge R660 BIOS versions prior to 2.2.7 |
CVE-2024-21769, CVE-2024-21807, CVE-2024-22374, CVE-2024-22376, CVE-2024-23497, CVE-2024-24986, CVE-2024-21801, CVE-2024-21806, CVE-2024-21810, CVE-2024-23499, CVE-2024-23981, CVE-2024-24983 |
See NVD link below for individual scores for each CVE. |
|
2024.2 IPU – Intel Processor Stream Cache Advisory in PowerEdge R660 BIOS versions prior to 2.2.7 |
CVE-2023-49141 |
|
|
OpenSSH in PowerEdge R660 iDRAC versions prior to 7.10.50.10 |
CVE-2024-6387 |
|
|
Intel Processor in PowerEdge R660 |
CVE-2024-21829, CVE-2024-21781, CVE-2024-23984, CVE-2024-24968, CVE-2024-21853 |
See NVD link below for individual scores for each CVE. |
|
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
|
CVE-2024-47483 |
Dell Data Lakehouse, version(s) 1.0.0.0 and 1.1.0.0, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Information disclosure. |
2.9 |
|
|
CVE-2024-47481 |
Dell Data Lakehouse, version(s) 1.0.0.0, 1.1.0., contain(s) an Improper Access Control vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Denial of service. |
6.5 |
|
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
|
CVE-2024-47483 |
Dell Data Lakehouse, version(s) 1.0.0.0 and 1.1.0.0, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Information disclosure. |
2.9 |
|
|
CVE-2024-47481 |
Dell Data Lakehouse, version(s) 1.0.0.0, 1.1.0., contain(s) an Improper Access Control vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Denial of service. |
6.5 |
影響を受ける製品と修復
|
Product |
Affected Versions |
Remediated Versions |
Link |
|
DELL Data Lakehouse System Software |
Versions 1.0.0.0 and 1.1.0.0 |
Version 1.2.0.0 or later |
|
Product |
Affected Versions |
Remediated Versions |
Link |
|
DELL Data Lakehouse System Software |
Versions 1.0.0.0 and 1.1.0.0 |
Version 1.2.0.0 or later |
変更履歴
|
Revision |
Date |
Description |
|
1.0 |
2024-10-25 |
Initial Release |
|
2.0 |
2024-12-12 |
Updated Advisory by adding CVE-2024-21769, CVE-2024-21807, CVE-2024-22374, CVE-2024-22376, CVE-2024-23497, CVE-2024-24986, CVE-2024-21801, CVE-2024-21806, CVE-2024-21810, CVE-2024-23499, CVE-2024-23981, CVE-2024-24983, CVE-2023-49141, CVE-2024-6387 under Third-Party Component Table |
|
3.0 |
2024-12-18 |
Updated Advisory by adding CVE-2024-21829, CVE-2024-21781, CVE-2024-23984, CVE-2024-24968, CVE-2024-21853 under Third-Party Component Table |
関連情報
法的免責事項
対象製品
Dell Data Lakehouse, Product Security Information文書のプロパティ
文書番号: 000240535
文書の種類: Dell Security Advisory
最終更新: 09 9月 2025
質問に対する他のDellユーザーからの回答を見つける
サポート サービス
お使いのデバイスがサポート サービスの対象かどうかを確認してください。