Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
Sign In Create an Account Dell Financial Services Premier Sign In Partner Program Sign In
Contact Us

Your Dell.com Carts

Some article numbers may have changed. If this isn't what you're looking for, try searching all articles. Search articles

DSA-2022-021: Dell Unity, Dell UnityVSA, and Dell Unity XT Security Update for Multiple Vulnerabilities

Summary: Dell Unity, Dell UnityVSA, and Dell Unity XT remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Impact

Critical

Details

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2022-29084 Dell Unity, Dell UnityVSA, and Dell Unity XT versions before 5.2.0.0.5.173 do not restrict excessive authentication attempts in Unisphere UI. A remote unauthenticated attacker may potentially exploit this vulnerability to brute-force passwords and gain access to the system as the victim. Account takeover is possible if weak passwords are used by users. 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-29085 Dell Unity, Dell UnityVSA, and Dell Unity XT versions before 5.2.0.0.5.173 contain a plain-text password storage vulnerability when certain off-array tools are run on the system. The credentials of a user with high privileges are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user. 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-22564 Dell Unity versions before 5.2.0.0.5.173 use broken cryptographic algorithms. A remote unauthenticated attacker could potentially exploit this vulnerability by performing MitM attacks and let attackers obtain sensitive information. 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
 
Third-party Component CVEs More Information
Aide CVE-2021-45417 See NVD (http://nvd.nist.gov/ This hyperlink is taking you to a website outside of Dell Technologies.) for individual scores for each CVE.
 
Apache2 CVE-2021-33193
CVE-2021-34798
CVE-2021-36160
CVE-2021-39275
CVE-2021-40438
CVE-2022-22719
CVE-2022-22720
CVE-2022-22721
CVE-2022-23943
Apache-tomcat CVE-2021-25122
CVE-2021-25329
CVE-2021-30639
CVE-2021-30640
CVE-2021-33037
CVE-2021-41079
CVE-2021-42340
Avahi CVE-2021-3468
cyrus-sasl CVE-2022-24407
Dell BSAFE™ Micro Edition Suite CVE-2020-5359 See Dell KB article 181098: DSA-2020-114: Dell BSAFE Micro Edition Suite Multiple Security Vulnerabilities for individual scores for each CVE
CVE-2020-5360
Docker, containerd, runc CVE-2021-30465 See NVD (http://nvd.nist.gov/ This hyperlink is taking you to a website outside of Dell Technologies.) for individual scores for each CVE.
CVE-2021-32760
CVE-2021-41089
CVE-2021-41091
CVE-2021-41092
CVE-2021-41103
Expat CVE-2021-45960
CVE-2021-46143
CVE-2022-22822
CVE-2022-22823
CVE-2022-22824
CVE-2022-22825
CVE-2022-22826
CVE-2022-22827
CVE-2022-23852
CVE-2022-23990
CVE-2022-25235
CVE-2022-25236
CVE-2022-25313
CVE-2022-25314
CVE-2022-25315
Glibc CVE-2021-33574
CVE-2021-35942
json-c CVE-2020-12762
Kernel CVE-2021-40490
Libesmtp CVE-2019-19977
net-snmp CVE-2018-18065
CVE-2020-15862
OpenSSL (Unisphere UI) CVE-2022-0778
p11-kit CVE-2020-29361
Polkit CVE-2021-4034
python3 CVE-2021-3426
CVE-2021-3733
CVE-2021-3737
sqlite3 CVE-2015-3414
CVE-2015-3415
CVE-2019-19244
CVE-2019-19317
CVE-2019-19603
CVE-2019-19645
CVE-2019-19646
CVE-2019-19880
CVE-2019-19923
CVE-2019-19924
CVE-2019-19925
CVE-2019-19926
CVE-2019-19959
CVE-2019-20218
CVE-2020-13434
CVE-2020-13435
CVE-2020-13630
CVE-2020-13631
CVE-2020-13632
CVE-2020-15358
CVE-2020-9327
Tcpdump CVE-2018-16301
tiff CVE-2017-17095
CVE-2019-17546
CVE-2020-19131
CVE-2020-35521
CVE-2020-35522
CVE-2020-35523
CVE-2020-35524
CVE-2022-22844
ucode-intel CVE-2020-24489
CVE-2020-24511
CVE-2020-24512
CVE-2020-24513
CVE-2021-0127
CVE-2021-0145
CVE-2021-0146
CVE-2021-33120
Vim CVE-2021-3778
CVE-2021-3796
CVE-2021-3872
CVE-2021-3927
CVE-2021-3928
CVE-2021-3984
CVE-2021-4019
CVE-2021-4193
CVE-2021-46059
CVE-2022-0319
CVE-2022-0351
CVE-2022-0361
CVE-2022-0413
xerces-s CVE-2018-1311
Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2022-29084 Dell Unity, Dell UnityVSA, and Dell Unity XT versions before 5.2.0.0.5.173 do not restrict excessive authentication attempts in Unisphere UI. A remote unauthenticated attacker may potentially exploit this vulnerability to brute-force passwords and gain access to the system as the victim. Account takeover is possible if weak passwords are used by users. 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-29085 Dell Unity, Dell UnityVSA, and Dell Unity XT versions before 5.2.0.0.5.173 contain a plain-text password storage vulnerability when certain off-array tools are run on the system. The credentials of a user with high privileges are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user. 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-22564 Dell Unity versions before 5.2.0.0.5.173 use broken cryptographic algorithms. A remote unauthenticated attacker could potentially exploit this vulnerability by performing MitM attacks and let attackers obtain sensitive information. 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
 
Third-party Component CVEs More Information
Aide CVE-2021-45417 See NVD (http://nvd.nist.gov/ This hyperlink is taking you to a website outside of Dell Technologies.) for individual scores for each CVE.
 
Apache2 CVE-2021-33193
CVE-2021-34798
CVE-2021-36160
CVE-2021-39275
CVE-2021-40438
CVE-2022-22719
CVE-2022-22720
CVE-2022-22721
CVE-2022-23943
Apache-tomcat CVE-2021-25122
CVE-2021-25329
CVE-2021-30639
CVE-2021-30640
CVE-2021-33037
CVE-2021-41079
CVE-2021-42340
Avahi CVE-2021-3468
cyrus-sasl CVE-2022-24407
Dell BSAFE™ Micro Edition Suite CVE-2020-5359 See Dell KB article 181098: DSA-2020-114: Dell BSAFE Micro Edition Suite Multiple Security Vulnerabilities for individual scores for each CVE
CVE-2020-5360
Docker, containerd, runc CVE-2021-30465 See NVD (http://nvd.nist.gov/ This hyperlink is taking you to a website outside of Dell Technologies.) for individual scores for each CVE.
CVE-2021-32760
CVE-2021-41089
CVE-2021-41091
CVE-2021-41092
CVE-2021-41103
Expat CVE-2021-45960
CVE-2021-46143
CVE-2022-22822
CVE-2022-22823
CVE-2022-22824
CVE-2022-22825
CVE-2022-22826
CVE-2022-22827
CVE-2022-23852
CVE-2022-23990
CVE-2022-25235
CVE-2022-25236
CVE-2022-25313
CVE-2022-25314
CVE-2022-25315
Glibc CVE-2021-33574
CVE-2021-35942
json-c CVE-2020-12762
Kernel CVE-2021-40490
Libesmtp CVE-2019-19977
net-snmp CVE-2018-18065
CVE-2020-15862
OpenSSL (Unisphere UI) CVE-2022-0778
p11-kit CVE-2020-29361
Polkit CVE-2021-4034
python3 CVE-2021-3426
CVE-2021-3733
CVE-2021-3737
sqlite3 CVE-2015-3414
CVE-2015-3415
CVE-2019-19244
CVE-2019-19317
CVE-2019-19603
CVE-2019-19645
CVE-2019-19646
CVE-2019-19880
CVE-2019-19923
CVE-2019-19924
CVE-2019-19925
CVE-2019-19926
CVE-2019-19959
CVE-2019-20218
CVE-2020-13434
CVE-2020-13435
CVE-2020-13630
CVE-2020-13631
CVE-2020-13632
CVE-2020-15358
CVE-2020-9327
Tcpdump CVE-2018-16301
tiff CVE-2017-17095
CVE-2019-17546
CVE-2020-19131
CVE-2020-35521
CVE-2020-35522
CVE-2020-35523
CVE-2020-35524
CVE-2022-22844
ucode-intel CVE-2020-24489
CVE-2020-24511
CVE-2020-24512
CVE-2020-24513
CVE-2021-0127
CVE-2021-0145
CVE-2021-0146
CVE-2021-33120
Vim CVE-2021-3778
CVE-2021-3796
CVE-2021-3872
CVE-2021-3927
CVE-2021-3928
CVE-2021-3984
CVE-2021-4019
CVE-2021-4193
CVE-2021-46059
CVE-2022-0319
CVE-2022-0351
CVE-2022-0361
CVE-2022-0413
xerces-s CVE-2018-1311
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

Products Affected Versions Updated Versions Link to Update
Dell Unity Operating Environment (OE) Before 5.2.0.0.5.173 5.2.0.0.5.173 https://www.dell.com/support/home/en-us/product-support/product/unity-all-flash-family/drivers
Dell UnityVSA Operating Environment (OE) Before 5.2.0.0.5.173 5.2.0.0.5.173
Dell Unity XT Operating Environment (OE) Before 5.2.0.0.5.173 5.2.0.0.5.173
Products Affected Versions Updated Versions Link to Update
Dell Unity Operating Environment (OE) Before 5.2.0.0.5.173 5.2.0.0.5.173 https://www.dell.com/support/home/en-us/product-support/product/unity-all-flash-family/drivers
Dell UnityVSA Operating Environment (OE) Before 5.2.0.0.5.173 5.2.0.0.5.173
Dell Unity XT Operating Environment (OE) Before 5.2.0.0.5.173 5.2.0.0.5.173

Revision History

RevisionDateMore Information  
1.02022-04-29Initial Release  
2.02023-02-14Added CVE-2022-22564 to Details Section.  

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Disclaimer

Affected Products

Dell Unity 300, Dell EMC Unity 300F, Dell EMC Unity 350F, Dell EMC Unity 400, Dell EMC Unity 400F, Dell EMC Unity 450F, Dell EMC Unity 500, Dell EMC Unity 500F, Dell EMC Unity 550F, Dell EMC Unity 600

Products

Product Security Information, Dell EMC Unity 600F, Dell EMC Unity 650F, Dell EMC Unity XT 680, Dell EMC Unity XT 680F, Dell EMC Unity XT 880, Dell EMC Unity XT 880F
Article Properties
Article Number: 000199050
Article Type: Dell Security Advisory
Last Modified: 14 Feb 2023
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.