DSA-2022-264: Cloud Mobility for Dell Storage Security Update for an Insecure Database Vulnerability
Samenvatting: Cloud Mobility for Dell Storage, versions before and including 1.3.0, contain an authorization bypass vulnerability. A nonauthorized user may potentially exploit this vulnerability, leading to complete data exposure of information stored within the products database. ...
Dit artikel is van toepassing op
Dit artikel is niet van toepassing op
Dit artikel is niet gebonden aan een specifiek product.
Niet alle productversies worden in dit artikel vermeld.
Impact
Medium
Gegevens
| Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-34434 | Cloud Mobility for Dell Storage versions 1.3.0 and earlier contains an Improper Access Control vulnerability within the Postgres database. A threat actor with root level access to either the vApp or containerized versions of Cloud Mobility may potentially exploit this vulnerability, leading to the modification or deletion of tables that are required for many of the core functionalities of Cloud Mobility. Exploitation may lead to the compromise of integrity and availability of the normal functionality of the Cloud Mobility application. | 6.7 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
| Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-34434 | Cloud Mobility for Dell Storage versions 1.3.0 and earlier contains an Improper Access Control vulnerability within the Postgres database. A threat actor with root level access to either the vApp or containerized versions of Cloud Mobility may potentially exploit this vulnerability, leading to the modification or deletion of tables that are required for many of the core functionalities of Cloud Mobility. Exploitation may lead to the compromise of integrity and availability of the normal functionality of the Cloud Mobility application. | 6.7 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Getroffen producten en herstel
| CVEs Addressed | Product | Affected Versions | Updated Version | Link to Update |
| CVE-2022-34434 | Cloud Mobility for Dell Storage | Versions before and including 1.3.0 | 1.3.1 | AWS: https://aws.amazon.com/marketplace/pp/prodview-puxtams7ngwwk#pdp-usage VMware: https://marketplace.cloud.vmware.com/services/details/cloud-mobility-for-dell-emc-storage-1-1-1-1-1?slug=true |
| CVEs Addressed | Product | Affected Versions | Updated Version | Link to Update |
| CVE-2022-34434 | Cloud Mobility for Dell Storage | Versions before and including 1.3.0 | 1.3.1 | AWS: https://aws.amazon.com/marketplace/pp/prodview-puxtams7ngwwk#pdp-usage VMware: https://marketplace.cloud.vmware.com/services/details/cloud-mobility-for-dell-emc-storage-1-1-1-1-1?slug=true |
Tijdelijke oplossingen en risicobeperking
The vulnerability may be avoided by creating a dynamic password that is generated upon database startup and stored securely. Next the trust of all internal connections is removed, requiring connections to use the newly created password to access the database.
Revisiegeschiedenis
| Revision | Date | Description |
| 1.0 | 09-15-2022 | Initial release |
Verwante informatie
Juridische verklaring van afstand
Getroffen producten
Product Security InformationArtikeleigenschappen
Artikelnummer: 000203434
Artikeltype: Dell Security Advisory
Laatst aangepast: 21 nov. 2025
Vind antwoorden op uw vragen via andere Dell gebruikers
Support Services
Controleer of uw apparaat wordt gedekt door Support Services.