DSA-2023-150: Dell CloudLink Security Update for multiple third-party component vulnerabilities
Samenvatting: Dell CloudLink remediation is available for multiple third-party component vulnerabilities that could be exploited by malicious users to compromise the affected system.
Dit artikel is van toepassing op
Dit artikel is niet van toepassing op
Dit artikel is niet gebonden aan een specifiek product.
Niet alle productversies worden in dit artikel vermeld.
Impact
Critical
Gegevens
| Third-party Component | CVEs | More Information |
| Spring Security 4.2.3 | CVE-2021-22112, CVE-2020-5408 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/  |
| spring-security-oauth 2.0.3 | CVE-2018-1260, CVE-2016-4977, CVE-2018-15758, CVE-2019-3778 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| Jetty: Java based HTTP/1.x, HTTP/2, Servlet, WebSocket Server 9.2.10.v20150310 | CVE-2017-7657, CVE-2017-9735, CVE-2017-7656, CVE-2019-10241, CVE-2020-27216 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| Hibernate ORM 4.3.11 | CVE-2020-25638, CVE-2019-14900 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| Apache MINA Core API 2.0.16 | CVE-2021-41973 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| Apache HttpClient 4.4 | CVE-2020-13956 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| Netty Project 4.1.65 | CVE-2021-43797 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| dom4j: flexible XML framework for Java 1.6.1 | CVE-2020-10683, CVE-2018-1000632 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| jackson-databind 2.6.7 | CVE-2017-17485 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| Jackson dataformats 2.6.7 | CVE-2020-28491 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| Bouncy Castle 1.58 | CVE-2018-1000613, CVE-2018-1000180, CVE-2017-13098 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| Data Mapper for Jackson 1.9.9 | CVE-2019-10172 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| OWASP AntiSamy 1.6.3 | CVE-2021-35043 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
Getroffen producten en herstel
| Product | Affected Versions | Remediated Versions | Link |
|---|---|---|---|
| Dell CloudLink | Versions prior to 8.0 | Version 8.0 | CloudLink Downloads |
| Product | Affected Versions | Remediated Versions | Link |
|---|---|---|---|
| Dell CloudLink | Versions prior to 8.0 | Version 8.0 | CloudLink Downloads |
Revisiegeschiedenis
| Revision | Date | Description |
|---|---|---|
| 1.0 | 2023-04-26 | Initial Release |
| 2.0 | 2023-09-01 | Updated for enhanced presentation with no changes to content. |
Verwante informatie
Juridische verklaring van afstand
Getroffen producten
CloudLink SecureVM, CloudLinkArtikeleigenschappen
Artikelnummer: 000212820
Artikeltype: Dell Security Advisory
Laatst aangepast: 01 sep. 2023
Vind antwoorden op uw vragen via andere Dell gebruikers
Support Services
Controleer of uw apparaat wordt gedekt door Support Services.