DSA-2022-195: Dell AppSync Security Update for Multiple Vulnerabilities in Embedded Service Enabler Component of AppSync
Summary: Dell AppSync remediation is available for multiple security vulnerabilities in Embedded Service Enabler (ESE) that may be exploited by malicious users to compromise the affected system. ...
This article applies to
This article does not apply to
Impact
High
Details
| Third-party Component |
CVEs | More information |
| curl-7.66.0-4.14 and libexpat1-2.2.5 | CVE-2021-22946 | See NVD (http://nvd.nist.gov/  ) for individual scores for each CVE. |
| CVE-2022-25315 | ||
| OpenSSL 1.0.2za | CVE-2022-0778 |
| Third-party Component |
CVEs | More information |
| curl-7.66.0-4.14 and libexpat1-2.2.5 | CVE-2021-22946 | See NVD (http://nvd.nist.gov/ ) for individual scores for each CVE. |
| CVE-2022-25315 | ||
| OpenSSL 1.0.2za | CVE-2022-0778 |
Affected Products & Remediation
| Product | Affected Versions | Updated Version | Link to Update | |
| Dell AppSync | Versions 4.4.0.0 and 4.4.1.0 | 4.4.1.0_3996_R1 | https://dl.dell.com/downloads/DLD2951_AppSync-patch-4.4.1.0_3996_R1-Software-(HotFix).zip | |
NOTE:
- For AppSync 4.4.0.0, users must upgrade to AppSync 4.4.1.0 and then install above hotfix.
- For AppSync 4.4.1.0, users can directly install this hotfix to fix ESE vulnerability.
| Product | Affected Versions | Updated Version | Link to Update | |
| Dell AppSync | Versions 4.4.0.0 and 4.4.1.0 | 4.4.1.0_3996_R1 | https://dl.dell.com/downloads/DLD2951_AppSync-patch-4.4.1.0_3996_R1-Software-(HotFix).zip | |
NOTE:
- For AppSync 4.4.0.0, users must upgrade to AppSync 4.4.1.0 and then install above hotfix.
- For AppSync 4.4.1.0, users can directly install this hotfix to fix ESE vulnerability.
Revision History
| Revision | Date | Description |
| 1.0 | 2022-07-27 | Initial Release |