Ga naar hoofdinhoud
Uitloggen

Welkom bij Dell

Mijn account
  • Snel en eenvoudig bestellen
  • Bestellingen en de verzendstatus bekijken
  • Een lijst met producten maken en openen
  • Beheer uw Dell EMC locaties, producten en contactpersonen op productniveau met Company Administration.
Inloggen Een account maken Inloggen bij Premier Aanmelden voor partnerprogramma
Contact

Uw Dell.com-winkelwagentjes

Artikelnummer: 000203434

DSA-2022-264: Cloud Mobility for Dell Storage Security Update for an Insecure Database Vulnerability

Samenvatting: Cloud Mobility for Dell Storage, versions before and including 1.3.0, contain an authorization bypass vulnerability. A nonauthorized user may potentially exploit this vulnerability, leading to complete data exposure of information stored within the products database. ...

Article content

Impact

Medium

Gegevens

Proprietary Code CVE Description CVSS Base Score CVSS Vector String
CVE-2022-34434 Cloud Mobility for Dell Storage versions 1.3.0 and earlier contains an Improper Access Control vulnerability within the Postgres database. A threat actor with root level access to either the vApp or containerized versions of Cloud Mobility may potentially exploit this vulnerability, leading to the modification or deletion of tables that are required for many of the core functionalities of Cloud Mobility. Exploitation may lead to the compromise of integrity and availability of the normal functionality of the Cloud Mobility application.     6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 
Proprietary Code CVE Description CVSS Base Score CVSS Vector String
CVE-2022-34434 Cloud Mobility for Dell Storage versions 1.3.0 and earlier contains an Improper Access Control vulnerability within the Postgres database. A threat actor with root level access to either the vApp or containerized versions of Cloud Mobility may potentially exploit this vulnerability, leading to the modification or deletion of tables that are required for many of the core functionalities of Cloud Mobility. Exploitation may lead to the compromise of integrity and availability of the normal functionality of the Cloud Mobility application.     6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 
Dell Technologies raadt aan dat alle klanten rekening houden met zowel de basisscore van CVSS als alle relevante tijdelijke en omgevingsscores die gevolgen kunnen hebben voor de mogelijke ernst van de specifieke beveiligingsproblemen.

Getroffen producten en herstel

CVEs Addressed Product Affected Versions Updated Version Link to Update
CVE-2022-34434 Cloud Mobility for Dell Storage Versions before and including 1.3.0 1.3.1 AWS:
https://aws.amazon.com/marketplace/pp/prodview-puxtams7ngwwk#pdp-usage
VMware:
https://marketplace.cloud.vmware.com/services/details/cloud-mobility-for-dell-emc-storage-1-1-1-1-1?slug=true
CVEs Addressed Product Affected Versions Updated Version Link to Update
CVE-2022-34434 Cloud Mobility for Dell Storage Versions before and including 1.3.0 1.3.1 AWS:
https://aws.amazon.com/marketplace/pp/prodview-puxtams7ngwwk#pdp-usage
VMware:
https://marketplace.cloud.vmware.com/services/details/cloud-mobility-for-dell-emc-storage-1-1-1-1-1?slug=true

Tijdelijke oplossingen en beperkingen

The vulnerability may be avoided by creating a dynamic password that is generated upon database startup and stored securely. Next the trust of all internal connections is removed, requiring connections to use the newly created password to access the database.

Revisiegeschiedenis

RevisionDateDescription
1.009-15-2022Initial release 

Verwante informatie

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Juridische informatie

Artikeleigenschappen

Getroffen product

Product Security Information

Datum laatst gepubliceerd

19 sep. 2022

Artikeltype

Dell Security Advisory

Terug naar boven