CVE-2022-34453: DSA-2022-290: Dell XtremIO X2 Security Update for a XMS GUI Vulnerability

Vaikutus

High

Tiedot

Proprietary Code CVE(s)

Description

CVSS Base Score

CVSS Vector String

CVE-2022-34453

Dell XtremIO X2 XMS versions prior to 6-4-1.11 contain an improper access control vulnerability. A remote read only user could potentially exploit this vulnerability to perform add/delete QoS policies which are disabled by default.

7.6

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

Proprietary Code CVE(s)

Description

CVSS Base Score

CVSS Vector String

CVE-2022-34453

Dell XtremIO X2 XMS versions prior to 6-4-1.11 contain an improper access control vulnerability. A remote read only user could potentially exploit this vulnerability to perform add/delete QoS policies which are disabled by default.

7.6

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.

Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen

Product

Affected Version(s)

Updated Version(s)

Link to Update

XtremIO X2

All releases prior to 6.4.1-11

6.4.1-11

Support for XtremIO X2 | Drivers & Downloads | Dell US

Product

Affected Version(s)

Updated Version(s)

Link to Update

XtremIO X2

All releases prior to 6.4.1-11

6.4.1-11

Support for XtremIO X2 | Drivers & Downloads | Dell US

Versiohistoria

Revision

Date

Description

1.0

2022-11-1

Initial Release

1.2

2022-11-14

Corrected “Affected Products and Remediation” section. Updated “Workaround and Mitigations” section.

2.0

2023-7-18

Updated “Proprietary Code” section and “Affected Products and Remediation” section: added Remediated details.

Asiaan liittyvät tiedot

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

26 heinäk. 2023