Article Number: 000213696
DSA-2023-165: Dell CloudIQ Collector Security Update for Missing Encryption of Sensitive Data Vulnerability
Summary: Dell CloudIQ Collector remediation is available for missing encryption of sensitive data vulnerability that could be exploited by malicious users to compromise the affected system.
Article Content
Impact
Medium
Details
| Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2023-28045 | Dell CloudIQ Collector version 1.10.2 contains a missing encryption of sensitive data vulnerability. An attacker with low privileges could potentially exploit this vulnerability, leading to gain access to unauthorized data.. | 6.3 | CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N  |
| Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2023-28045 | Dell CloudIQ Collector version 1.10.2 contains a missing encryption of sensitive data vulnerability. An attacker with low privileges could potentially exploit this vulnerability, leading to gain access to unauthorized data.. | 6.3 | CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N |
Affected Products and Remediation
| Product | Affected Versions | Remediated Versions | Link |
|---|---|---|---|
| Dell CloudIQ Collector | Version 1.10.2 | Version 1.10.17 | https://dl.dell.com/downloads/993N2_CloudIQ-Collector-vApp-1.10.17-Service-Pack.xz |
| Product | Affected Versions | Remediated Versions | Link |
|---|---|---|---|
| Dell CloudIQ Collector | Version 1.10.2 | Version 1.10.17 | https://dl.dell.com/downloads/993N2_CloudIQ-Collector-vApp-1.10.17-Service-Pack.xz |
Revision History
| Revision | Date | Description |
| 1.0 | 2023-05-18 | Initial Release |
| 2.0 | 2023-09-01 | Updated for enhanced presentation with no changes to content. |
Related Information
Legal Information
Article Properties
Affected Product
CloudIQ
Last Published Date
01 Sep 2023
Article Type
Dell Security Advisory