Headline
CVE-2022-45102: DSA-2022-348: Dell Data Protection Central Security Update for Proprietary Code Vulnerability
Dell EMC Data Protection Central, versions 19.1 through 19.7, contains a Host Header Injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary \u2018Host\u2019 header values to poison a web cache or trigger redirections.
Vaikutus
Medium
Tiedot
Proprietary Code CVE
Description
CVSS Base Score
CVSS Vector String
CVE-2022-45102
Dell Data Protection Central versions 19.1 through 19.7 contain a Host Header Injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary ‘Host’ header values to poison a web cache or trigger redirections.
5.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Proprietary Code CVE
Description
CVSS Base Score
CVSS Vector String
CVE-2022-45102
Dell Data Protection Central versions 19.1 through 19.7 contain a Host Header Injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary ‘Host’ header values to poison a web cache or trigger redirections.
5.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.
Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen
Product
Affected Versions
Updated Versions
Link to Update
Dell Data Protection Central
19.1
19.8
To upgrade your Dell Data Protection Central system, see Dell KB article 34881: Data Protection Central: How to Install the Data Protection Central operating system Update for installation instructions.
See the latest ‘Data Protection Central OS Update’ file in https://www.dell.com/support/home/en-us/product-support/product/data-protection-central/drivers.
See the latest ‘Data Protection Central OS Updates Release Notes’ in https://www.dell.com/support/home/en-us/product-support/product/data-protection-central/docs.
19.2
19.8
19.3
19.8
19.4
19.8
19.5
19.8
19.6
19.8
19.7
19.8
PowerProtect DP Series Appliance (Integration Data Protection Appliance)
2.5
2.7.x
To upgrade your PowerProtect DP Series Appliance Dell Data Protection Central component, see Dell KB article 34881: Data Protection Central: How to Install the Data Protection Central operating system Update for installation instructions.
See the latest ‘Data Protection Central OS Update’ file in https://www.dell.com/support/home/en-us/product-support/product/data-protection-central/drivers.
See the latest ‘Data Protection Central OS Updates Release Notes’ in https://www.dell.com/support/home/en-us/product-support/product/data-protection-central/docs.
2.6.x
2.7.x
2.7.x
2.7.x
NOTE: For PowerProtect DP Series Appliance (Integration Data Protection Appliance), the appliance should first be upgraded to any 2.7.x version (version 2.7.2 is preferred) and then the previously mentioned Data Protection Central patch should be applied.
Product
Affected Versions
Updated Versions
Link to Update
Dell Data Protection Central
19.1
19.8
To upgrade your Dell Data Protection Central system, see Dell KB article 34881: Data Protection Central: How to Install the Data Protection Central operating system Update for installation instructions.
See the latest ‘Data Protection Central OS Update’ file in https://www.dell.com/support/home/en-us/product-support/product/data-protection-central/drivers.
See the latest ‘Data Protection Central OS Updates Release Notes’ in https://www.dell.com/support/home/en-us/product-support/product/data-protection-central/docs.
19.2
19.8
19.3
19.8
19.4
19.8
19.5
19.8
19.6
19.8
19.7
19.8
PowerProtect DP Series Appliance (Integration Data Protection Appliance)
2.5
2.7.x
To upgrade your PowerProtect DP Series Appliance Dell Data Protection Central component, see Dell KB article 34881: Data Protection Central: How to Install the Data Protection Central operating system Update for installation instructions.
See the latest ‘Data Protection Central OS Update’ file in https://www.dell.com/support/home/en-us/product-support/product/data-protection-central/drivers.
See the latest ‘Data Protection Central OS Updates Release Notes’ in https://www.dell.com/support/home/en-us/product-support/product/data-protection-central/docs.
2.6.x
2.7.x
2.7.x
2.7.x
NOTE: For PowerProtect DP Series Appliance (Integration Data Protection Appliance), the appliance should first be upgraded to any 2.7.x version (version 2.7.2 is preferred) and then the previously mentioned Data Protection Central patch should be applied.
Versiohistoria
Revision
Date
Description
1.0
2022-12-15
Initial Release
Asiaan liittyvät tiedot
Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide
PowerProtect Data Protection Appliance, Data Protection Central, PowerProtect Data Protection Software
15 jouluk. 2022