Headline
CVE-2022-24409: DSA-2022-023: Dell BSAFE SSL-J 6.4 Security Update for a Single Covert Timing Channel
Dell BSAFE SSL-J contains remediation for a covert timing channel vulnerability that may be exploited by malicious users to compromise the affected system. Only customers with active BSAFE maintenance contracts can receive details about this vulnerability. Public disclosure of the vulnerability details will be shared at a later date.
Vaikutus
Medium
Tiedot
Proprietary Code CVEs
Description
CVSS Base Score
CVSS Vector String
CVE-2022-24409
Only customers with active BSAFE SSL-J maintenance contracts can receive details about the vulnerabilities. Public disclosure of the vulnerability details will be shared at a later date.
5.9
Restricted to customers.
Proprietary Code CVEs
Description
CVSS Base Score
CVSS Vector String
CVE-2022-24409
Only customers with active BSAFE SSL-J maintenance contracts can receive details about the vulnerabilities. Public disclosure of the vulnerability details will be shared at a later date.
5.9
Restricted to customers.
Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.
Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen
Note: The table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
Note: The table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
Keinoja ongelman kiertämiseen tai lieventämiseen
Contact Dell BSAFE Support at [email protected], or [email protected].
Versiohistoria
Revision
Date
Description
1.0
2022-02-14
Initial Release.
1.1
2022-03-14
Added CVE ID and CVSS score to details.
1.2
2022-04-19
Update to CVSS score.
Asiaan liittyvät tiedot
Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide
19 huhtik. 2022
Related news
Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. While the vulnerability is in Oracle Hyperion Financial Reporting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Financial Reporting. CVSS 3.1 Base Score 8.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L).