DSA-2023-413: Dell Secure Connect Gateway Security Update for Multiple Third-Party Component Vulnerabilities
Samenvatting: Dell Secure Connect Gateway remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
Dit artikel is van toepassing op
Dit artikel is niet van toepassing op
Dit artikel is niet gebonden aan een specifiek product.
Niet alle productversies worden in dit artikel vermeld.
Impact
Critical
Gegevens
| Third-Party Component |
CVEs | More information |
|---|---|---|
| Apache Tomcat | CVE-2021-42340, CVE-2022-29885, CVE-2023-41080, CVE-2023-31122 | See SUSE link below for each CVE https://www.suse.com  |
| Batik-xml | CVE-2022-44729 | See NVD link below for individual scores for each CVE https://nvd.nist.gov |
| Bind | CVE-2023-3341 | See SUSE link below for each CVE https://www.suse.com |
| Curl | CVE-2023-38545, CVE-2023-38546, CVE-2023-38039 | See SUSE link below for each CVE https://www.suse.com |
| Gpg2 | CVE-2018-9234 | See SUSE link below for each CVE https://www.suse.com |
| Kernel | CVE-2022-36402 | See SUSE link below for each CVE https://www.suse.com |
| Libnghttp2 | CVE-2023-35945 | See SUSE link below for each CVE https://www.suse.com |
| Mdadm | CVE-2023-28736 | See SUSE link below for each CVE https://www.suse.com |
| PostgreSQL JDBC driver | CVE-2022-41946 | See NVD link below for individual scores for each CVE https://nvd.nist.gov |
| Python | CVE-2023-40217 | See SUSE link below for each CVE https://www.suse.com |
| Vim | CVE-2023-4733 | See SUSE link below for each CVE https://www.suse.com |
| Vmtools | CVE-2023-20900 | See SUSE link below for each CVE https://www.suse.com |
Getroffen producten en herstel
| CVEs Addressed |
Product | Affected Versions | Updated Version | Link to Update |
|---|---|---|---|---|
| CVE-2018-9234, CVE-2022-36402, CVE-2022-41946, CVE-2021-42340, CVE-2022-29885, CVE-2022-44729, CVE-2023-41080, CVE-2023-3341, CVE-2023-38545, CVE-2023-38546, CVE-2023-38039, CVE-2023-35945, CVE-2023-28736, CVE-2023-40217, CVE-2023-4733, CVE-2023-20900, CVE-2023-31122 | Dell Secure Connect Gateway | Version 5.18.00.20 | Version 5.20.00.10 | https://www.dell.com/support/home/en-us/product-support/product/secure-connect-gateway-ve/drivers |
| CVEs Addressed |
Product | Affected Versions | Updated Version | Link to Update |
|---|---|---|---|---|
| CVE-2018-9234, CVE-2022-36402, CVE-2022-41946, CVE-2021-42340, CVE-2022-29885, CVE-2022-44729, CVE-2023-41080, CVE-2023-3341, CVE-2023-38545, CVE-2023-38546, CVE-2023-38039, CVE-2023-35945, CVE-2023-28736, CVE-2023-40217, CVE-2023-4733, CVE-2023-20900, CVE-2023-31122 | Dell Secure Connect Gateway | Version 5.18.00.20 | Version 5.20.00.10 | https://www.dell.com/support/home/en-us/product-support/product/secure-connect-gateway-ve/drivers |
Tijdelijke oplossingen en risicobeperking
None
Revisiegeschiedenis
| Revision | Date | Description |
|---|---|---|
| 1.0 | 2023-11-08 | Initial Release |
| 2.0 | 2023-11-08 | Added CVE-2023-31122 to Third Party Component Table under Apache Tomcat, Added to Affected Products and Remediation Table |
Verwante informatie
Juridische verklaring van afstand
Getroffen producten
Secure Connect Gateway, Secure Connect GatewayArtikeleigenschappen
Artikelnummer: 000219309
Artikeltype: Dell Security Advisory
Laatst aangepast: 08 nov. 2023
Vind antwoorden op uw vragen via andere Dell gebruikers
Support Services
Controleer of uw apparaat wordt gedekt door Support Services.