Dell EMC Unity versions before 5.2.0.0.5.173 , use(es) broken cryptographic algorithm. A remote unauthenticated attacker could potentially exploit this vulnerability by performing MitM attacks and let attackers obtain sensitive information.

**Vaikutus**

Critical

**Tiedot**

Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.

**Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen**

**Products**

**Affected Versions**

**Updated Versions**

**Link to Update**

Dell Unity Operating Environment (OE)

Before 5.2.0.0.5.173

5.2.0.0.5.173

https://www.dell.com/support/home/en-us/product-support/product/unity-all-flash-family/drivers

Dell UnityVSA Operating Environment (OE)

Before 5.2.0.0.5.173

5.2.0.0.5.173

Dell Unity XT Operating Environment (OE)

Before 5.2.0.0.5.173

5.2.0.0.5.173

**Products**

**Affected Versions**

**Updated Versions**

**Link to Update**

Dell Unity Operating Environment (OE)

Before 5.2.0.0.5.173

5.2.0.0.5.173

https://www.dell.com/support/home/en-us/product-support/product/unity-all-flash-family/drivers

Dell UnityVSA Operating Environment (OE)

Before 5.2.0.0.5.173

5.2.0.0.5.173

Dell Unity XT Operating Environment (OE)

Before 5.2.0.0.5.173

5.2.0.0.5.173

**Versiohistoria**

**Revision**

**Date**

**More Informatio**n

 

 

1.0

2022-04-29

Initial Release

 

 

2.0

2023-02-14

Added CVE-2022-22564 to Details Section.

 

 

**Asiaan liittyvät tiedot**

Dell Security Advisories and Notices  
Dell Vulnerability Response Policy  
CVSS Scoring Guide

Dell EMC Unity 300, Dell EMC Unity 300F, Dell EMC Unity 350F, Dell EMC Unity 400, Dell EMC Unity 400F, Dell EMC Unity 450F, Dell EMC Unity 500, Dell EMC Unity 500F, Dell EMC Unity 550F, Dell EMC Unity 600

Product Security Information, Dell EMC Unity 600F, Dell EMC Unity 650F, Dell EMC Unity XT 680, Dell EMC Unity XT 680F, Dell EMC Unity XT 880, Dell EMC Unity XT 880F, Dell EMC UnityVSA (Virtual Storage Appliance)

14 helmik. 2023

CVE-2022-22564: DSA-2022-021: Dell Unity, Dell UnityVSA, and Dell Unity XT Security Update for Multiple Vulnerabilities

**ARLINGTON, Va.****,** **Feb. 14, 2023** **/PRNewswire/ --** ThreatConnect, maker of leading threat intelligence operations (TI Ops) and risk quantification solutions, announced today the company's accelerated growth through 2022 and market leading position heading into 2023.

"With a tumultuous year marked by geopolitical and economic uncertainty that increased pressure on CISOs and their teams to improve security effectiveness and efficiency, ThreatConnect had a tremendous year in both new customer acquisition and product innovation," said Balaji Yelamanchili, CEO of ThreatConnect. "As we enter 2023, we're positioned to continue delivering market leading product innovation that enables our customers and partners to manage efficient TI Ops with quantifiable risk mitigation strategies."

**Customer & Revenue Growth** 

*   Substantial double-digit growth in new logo and expansion business, including some of the world's largest technology, financial services, healthcare, governmental, and cyber security organizations choosing ThreatConnect for their TI Ops and risk quantification initiatives.
*   Expanded risk quantification and TI Ops deployments with three of the top five software companies in the world, 12 global financial services organizations, and 33 other large enterprise customers.
*   Now serving nearly 200 global customers, including five of the top 10 software companies in the world, three of the top five airlines, three of the top five pharmaceutical companies, two of the top five insurance providers, and more than 10 defense and federal agencies.

**Threat Intelligence Operations Innovation**

The company's product and engineering teams delivered a variety of new features that enable cyber threat intelligence (CTI) teams to more efficiently investigate and create intelligence, and work with security operations (SecOps) teams to consume and operationalize threat intelligence.  These new features are designed to deliver better security outcomes in terms of mean time to detect (MTTD) and mean time to resolve (MTTR) potential threats and incidents, and drive efficiencies across teams and tools.

**Specific Innovations:** 

ThreatConnect made many useful product enhancements, including:

*   ThreatConnect's Collective Analytics Layer (CAL™), powered by Big Data and Machine Learning, increased its volume of data by 25% versus prior year to over 176 billion points of data used for scoring potential indicators of compromise (IOCs), providing insights for investigations, and categorizing relationships between indicators, threat actors, malware, and campaigns. By merging anonymized insights from ThreatConnect users with this massive data set creates the ability to have better confidence scoring and enrichment on potential IOCs that very few other players in the market can claim.
*   Natural Language Processing (NLP) capabilities to recognize MITRE ATT&CK® techniques by extracting insights from open source blogs, research, and other sources. This enables customers to get faster insights on relevant threats they are investigating.
*   Highly intuitive graph investigation capability that incorporates the customer's threat intelligence and internal case & investigation data, with insights from CAL's Automated Threat Library, including threat actors, campaigns, and ATT&CK techniques, and a growing number of third-party intelligence and enrichment sources.
*   A new reporting engine that makes it easy to create and disseminate threat intelligence reports with graphs, tables, images, and narrative descriptions.
*   New Enrich Anywhere capability automates the addition of context to indicators of compromise, allowing users to easily identify false positives and pinpoint actionable intelligence.  
*   Streamline the work of the SOC by infusing relevant threat intelligence directly into every step of their case workflow, and allowing for relevant artifacts and findings to be promoted for validation as threat intelligence by the CTI team.
*   Measure the work being done by the team with case and analyst efficiency metrics.
*   Stronger multi-tenant management of clients for MSSP and multi-tiered organizations with the introduction of Super Admin Users who can answer RFI's or work alongside analysts in other organizations without leaving their ThreatConnect instance.

**Risk Quantification Break Out Year**

*   Significant double digit annual sales growth, including new customers in healthcare, finance and manufacturing.
*   Launched technology alliance and go-to-market partnership with SecurityScorecard, resulting in 14 net new customers.
*   New go-to-market partnership with 3 of the top global software vendors.

**Industry recognition**

Winner of multiple industry accolades, including the Global Infosec Awards, Cybersecurity Excellence Award, and the top 100 most Innovative Cybersecurity companies by Expert Insights.

**Experienced Leadership and Board Advisors**

In 2022, the company added seasoned cybersecurity operators to its executive ranks with cybersecurity veterans. Balaji Yelamanchili, previously EVP and General Manager of Symantec's Enterprise Security business, joined the company as Chief Executive Officer.  Burney Barker, a veteran of Forescout, Gigamon, and Dell EMC, joined the company as Chief Revenue Officer.  In the Chief Marketing Officer role, Charles Gold joined the company, bringing more than 25 years of executive experience at category leaders including Sonatype, Virtru, and FireMon.

The company also added an elite group of enterprise cybersecurity leaders as Board Advisors.  This esteemed group includes Colin Anderson, current CISO at Ceridian and former CISO at Safeway and Levi Straus, Myrna Soto former CISO at MGM and Comcast and current Board member at Spirit Airlines and Trinet, and Patrick Joyce, CISO at Medtronic.  They will advise the company's Board and executive team on strategic product and go-to-market matters.

"Enterprises are transforming  their approach to security operations to support their move to the cloud and the digital economy while at the same time addressing a growing threat landscape and emerging threats like ransomware,"  said Yelamanchili.   "Our TI Ops and risk quantification solutions are critical to these initiatives and, given our momentum in 2022 and near term product roadmap, I couldn't be more excited about this coming year."

**About ThreatConnect**

ThreatConnect enables threat intelligence operations, security operations, and cyber risk management teams to work together for more effective, efficient, and collaborative cyber defense and protection. With ThreatConnect, organizations can infuse ML and AI-powered threat intel and cyber risk quantification into their work, allowing them to orchestrate and automate processes to get the necessary insights, and respond faster and more confidently than ever before. More than 200 enterprises and thousands of security operations professionals rely on ThreatConnect every day to protect their organizations' most critical assets.

ThreatConnect Closes 2022 with Accelerated Growth in Threat Intelligence Operations (TI Ops)

A reflected cross-site scripting (XSS) vulnerability exists in System Diagnostics Manager of B&R Automation Runtime versions >=3.00 and <=C4.93 that enables a remote attacker to execute arbitrary JavaScript in the context of the users browser session.

*   Aktuelles
*   Academy
*   Karriere
*   Downloads

*   Über uns
    
    *   Philosophie
    *   Presse
        *   Pressekontakt
    *   Kundenmagazin
    *   E-Mail-Service von B&R
        *   Aktuell
    *   Standorte
    *   Kontakt
    *   Impressum
    *   AGB
        *   International
        *   Italy
        *   Belgium
        *   Sweden
        *   Switzerland
        *   GTC India
    *   Produkt-Lifecycle
    *   Datenschutzmitteilungen
        *   Mitarbeiter
        *   Auftragnehmer
        *   Lieferanten
        *   Kunden
        *   Besucher
        *   Event management
        *   Bewerber
        *   Externe Öffentlichkeitsarbeit
        *   Website, Cookies und Links
    
*   Branchen
    
    *   Additive Fertigung
        *   Technologievorteile
        *   Lifecycle-Management
        *   Automatisierte Nachbearbeitung
        *   Automatisierungspartner
        *   Referenzen
    *   Automobil
        *   Maschinen und Linien
        *   B&R hat die richtige Lösung für...
    *   Batterie
    *   Druck
    *   Energie
        *   BHKW und KWK
        *   Konventionelle Kraftwerke
        *   Solarenergie
        *   Wellen- und Gezeitenkraftwerke
        *   Windenergie
        *   Öl und Gas
    *   Halbleiter / Elektronik
    *   Kunststoff
        *   Automatisierungslösungen für die Kunststoffindustrie
        *   Referenzen
        *   Applikationsberichte
    *   Maritim & Offshore
    *   Medical Device Assembly
    *   Metallverarbeitung
        *   Referenzen
    *   Mobile Automation
    *   Nahrungsmittel & Getränke
        *   Technologielösungen
        *   Prozessoptimierung
        *   Sicherheit & Qualität
        *   Service & Support
    *   Textil
        *   Maschinen und Prozesse
        *   B&R hat die richtige Lösung für...
        *   Referenzen
    *   Umwelt- und Recyclingtechnik
    *   Verpackung
        *   Referenzen
    
*   Technologie
    
    *   Adaptive Manufacturing
        *   Schlüsseltechnologien der adaptiven Fertigung
        *   Adaptive Fertigungslösungen
    *   exOS
        *   Kundenvorteile
        *   Anwendungsbeispiele - exOS in der Praxis
        *   Lösungsportfolio für jeden Anwendungsfall
        *   Integrierte Funktionen
    *   Industrial IoT
        *   IIoT-Lösungen
    *   mapp Technology
    *   OPC UA
        *   OPC UA over TSN
        *   FAQs zu OPC UA over TSN
        *   Geschichte
        *   B&R-Lösungen mit OPC UA
        *   B&R-Lösungen mit OPC UA over TSN
    *   openSAFETY
    *   POWERLINK
    *   reACTION Technology
        *   Programmierung in IEC 61131-3
        *   Anwendungsbeispiele
    *   Redundanz
    *   Sicherheitstechnik
    
*   Produkte
    
    *   Industrie PCs
        *   Automation PC 3100
        *   Automation PC 3100 mobile
        *   Automation PC 2200
        *   Automation PC 2100
        *   Automation PC 910
        *   Panel PC 3100 Multitouch
        *   Panel PC 3100 Singletouch
        *   Panel PC 2200 Multitouch
        *   Panel PC 2200 Singletouch
        *   Panel PC 2100 Multitouch
        *   Panel PC 2100 Singletouch
        *   Panel PC 1200
        *   Panel PC 900 Multitouch
        *   Panel PC 900 Singletouch
        *   Panel PC 2200 (AP5000) Tragarm Multitouch
        *   Panel PC 2200 (AP5000) Tragarm Singletouch
        *   Panel PC 2100 (AP5000) Tragarm Multitouch
        *   Panel PC 2100 (AP5000) Tragarm Singletouch
        *   Panel PC Hygienedesign Edelstahl
        *   Panel PC Hygienedesign Edelstahl, Tragarm
        *   Smart Display Link 3
        *   Smart Display Link 4
    *   Visualisieren und Bedienen
        *   Automation Panel 5000 Tragarm Multitouch
        *   Automation Panel 5000 Tragarm Singletouch
        *   Automation Panel Multitouch
        *   Automation Panel Singletouch
        *   Automation Panel Hygienedesign Edelstahl
        *   Automation Panel Hygienedesign Edelstahl, Tragarm
        *   Smart Display Link 3
        *   Smart Display Link 4
        *   Mobile Panel 7200
        *   Mobile Panel 7100
        *   Power Panel T-/C-Series
        *   Tastenmodule
        *   PANELWARE
        *   Panel Designer
    *   Steuerungssysteme
        *   X20 System
        *   X20 System coated
        *   X90 mobile Steuerungssystem
    *   I/O Systeme
        *   X20 System
        *   X20 System coated
        *   X67 System
        *   XV System
    *   Vision Systeme
        *   Kamera
        *   Beleuchtung
        *   Zubehör
        *   Applikationen
    *   Sicherheitstechnik
        *   X20 System
        *   X20 System coated
        *   X67 System
        *   ACOPOS
        *   ACOPOS P3
        *   ACOPOSmulti
        *   ACOPOSremote
        *   ACOPOSmotor
    *   Antriebstechnik
        *   Neuheiten
        *   ACOPOSmicro
        *   ACOPOS
        *   ACOPOS P3
        *   ACOPOSmulti
        *   ACOPOSremote
        *   ACOPOSmotor
        *   ACOPOSmotor Compact
        *   ACOPOSinverter
        *   Servomotoren 8WSA
        *   Getriebemotoren 8WSB
        *   Synchronmotoren 8LVA
        *   Getriebemotoren 8LVB
        *   Synchronmotoren 8LWA
        *   Synchronmotoren 8LS
        *   Synchronmotoren 8LSN
        *   Synchronmotoren 8JSA
        *   Edelstahlservomotoren 8JS
        *   Synchronmotoren 8KS
        *   Torque Motoren 8LT
        *   Schrittmotoren 80MP
        *   Standard Planetengetriebe 8G
        *   Premium Planetengetriebe 8G
        *   Economy Planetengetriebe 8G
    *   Mechatronische Systeme
        *   Neuheiten
        *   ACOPOS 6D
        *   ACOPOStrak
        *   SuperTrak
        *   Tutorials
    *   Robotik
        *   Neuheiten
        *   Roboterportfolio
        *   Integration ohne Kompromisse
        *   mapp Robotics
    *   Mobile Automation
        *   Automation PC 3100 mobile
        *   Power Panel T50 mobile
        *   ISOBUS
    *   Netzwerke und Feldbus Module
    *   Software
        *   Automation Software
        *   mapp Technology
        *   Modellierung und Simulation
        *   Betriebssysteme
        *   Fernwartung
        *   Sonstiges
        *   Utilities / Tools
    *   Prozessleittechnik
        *   APROL APC
        *   APROL ConMon
        *   APROL EnMon
        *   APROL PDA
        *   APROL Hardware
        *   APROL Software
    *   Zubehör
    *   Lern- und Lehrmaterial
        *   ETA Systemfamilie
    
*   Service
    
    *   MyPortal
    *   Supportportal
    *   Material Return Portal
    *   Material Compliance
    *   Engineering Sample Regulations
    *   Software-Registrierung
    *   Remote Access
    *   Persönliche Uploads
    *   Online meeting
    *   Lieferanten
    *   Virtual Marking
    *   Cyber Security
    

*   **International**
*   **Europe**
*   **Asia**
*   **North America**
*   **South America**

*   **deutsch**
*   **english**
*   **español**

*   **Belgium** nederlands français
*   **Česká republika** český
*   **Danmark** dansk
*   **Deutschland** deutsch
*   **España** español
*   **France** français
*   **Italia** italiano
*   **Nederland** nederlands
*   **Österreich** deutsch
*   **Polska** polski
*   **Россия** русский
*   **Sverige** svenska
*   **Switzerland** deutsch français
*   **Türkiye** türkçe
*   **United Kingdom** english

*   **中国** 中文
*   **India** english
*   **日本** 日本語

*   **Canada** english
*   **México** español
*   **USA** english

*   **Brasil** português

*    Home
*   Service
*   Cyber Security

****Kontakt zum B&R Cyber Security Team****

Haben Sie eine Frage zur Cyber-Sicherheit von B&R-Produkten?  
Möchten Sie eine Schwachstelle oder ein Sicherheitsproblem in einem B&R-Produkt melden?  
Bitte senden Sie eine verschlüsselte E-Mail an _cybersecurity@br-automation.com_ unter Verwendung unseres PGP Schlüssels

****Anonymer Kontakt****

Sollte jemand eine Schwachstelle in Verbindung mit einem B&R Produkt entdecken und B&R nicht direkt kontaktieren wollen, empfehlen wir ICS CERT (https://www.kb.cert.org/vuls/report/), jede andere nationale CERT oder eine andere koordinierende Organisation zu kontaktieren.

**Cyber Security Guidelines**

**Cyber Security Advisories and Notices**

**Code Signing Certificates**

B&R Industrial Automation signiert die zur Verfügung gestellten Software-Entwicklungen. Damit kann sichergestellt werden, dass nur Produkte, welche gemäß unserer hohen Qualitäts- und Sicherheitsansprüchen geprüft wurden mit unserem Namen versehen sind. Die unten angeführten Code Signing Zertifikate für von B&R freigegebene Produkte ermöglichen es unseren Kunden, die Integrität und Authentizität der Software Entwicklungen zu verifizieren.

Valid from

Valid to

Fingerprint

Keyfile

01.07.2015

05.08.2016

2a2839fe1affb03e619e0e3f33e91ebc4fef3b62

Download file

26.07.2016

27.07.2018

b4d11977baae8827c8ff1d466969fd5f1b91bfe7

Download file

23.05.2018

23.05.2020

748aa0d710e6877921d2b67ceda9f7c4cafaf9ed

Download file

16.10.2018

23.05.2020

934b742c32b34e856370cc0f62251b3c64cc666e

Download file

29.04.2020

23.06.2022

d095488a2b2efb0440714f6b5baaa5e60e0c5604

Download file

15.04.2021

23.06.2022

13dd07b5d864ad8723fc3549e5eb0c01331e5734

Download file

06.05.2021

12.05.2022

58176987f97e357d0643013ca3900b74ecbb7630

Download file

22.10.2021

23.10.2022

48030051866e5e41022e123de6f00345cc5b83bb

Download file

21.10.2022

22.10.2023

8c5d6238f1698dfb1bc6e46576a447d3c2a19c99

Download file

Service

*   MyPortal
*   Supportportal
*   Material Return Portal
*   Material Compliance
*   Engineering Sample Regulations
*   Software-Registrierung
*   Remote Access
*   Persönliche Uploads
*   Online meeting
*   Lieferanten
*   Virtual Marking
*   **Cyber Security**

CVE-2022-4286: Cyber Security | B&R Industrial Automation

Dell Command | Integration Suite for System Center, versions before 6.4.0 contain an arbitrary folder delete vulnerability during uninstallation. A locally authenticated malicious user may potentially exploit this vulnerability leading to arbitrary folder deletion.

**Vaikutus**

Medium

**Tiedot**

**Proprietary Code CVEs**

**Description**

**More Information**

CVE-2023-24572

Dell Command | Integration Suite for System Center, versions before 6.4.0 contain an arbitrary folder delete vulnerability during uninstallation. A locally authenticated malicious user may potentially exploit this vulnerability leading to arbitrary folder deletion.

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 

See NVD (http://nvd.nist.gov/)  for additional details.

**Proprietary Code CVEs**

**Description**

**More Information**

CVE-2023-24572

Dell Command | Integration Suite for System Center, versions before 6.4.0 contain an arbitrary folder delete vulnerability during uninstallation. A locally authenticated malicious user may potentially exploit this vulnerability leading to arbitrary folder deletion.

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 

See NVD (http://nvd.nist.gov/)  for additional details.

Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.

**Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen**

**CVEs Addressed**

**Product**

**Affected Versions**

**Updated Versions**

**Link to Update**

CVE-2023-24572

Dell Command | Integration Suite for System Center

Versions prior to 6.4.0  
 

6.4.0

https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=T9HK2  
 

**CVEs Addressed**

**Product**

**Affected Versions**

**Updated Versions**

**Link to Update**

CVE-2023-24572

Dell Command | Integration Suite for System Center

Versions prior to 6.4.0  
 

6.4.0

https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=T9HK2  
 

**Kiitokset**

**CVE-2023-24573**: Dell Technologies would like to thank ycdxsb for reporting this issue.

**Versiohistoria**

**Revision**

**Date**

**Description**

1.0

2023-02-07

Initial Release

**Asiaan liittyvät tiedot**

Dell Security Advisories and Notices  
Dell Vulnerability Response Policy  
CVSS Scoring Guide

Dell Command | Integration Suite for Microsoft System Center, Product Security Information

08 helmik. 2023

CVE-2023-24572: DSA-2023-032: Dell Command | Integration Suite for System Center Security Update for an Arbitrary Folder Deletion Vulnerability

Dell Command | Intel vPro Out of Band, versions before 4.4.0, contain an arbitrary folder delete vulnerability during uninstallation. A locally authenticated malicious user may potentially exploit this vulnerability leading to arbitrary folder deletion.

**Vaikutus**

Medium

**Tiedot**

Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.

**Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen**

**CVEs Addressed**

**Product**

**Affected Versions**

**Updated Versions**

**Link to Update**

CVE-2023-23697

Dell Command | Intel vPro Out of Band

Versions before 4.4.0

4.4.0

https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=08WTH

**CVEs Addressed**

**Product**

**Affected Versions**

**Updated Versions**

**Link to Update**

CVE-2023-23697

Dell Command | Intel vPro Out of Band

Versions before 4.4.0

4.4.0

https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=08WTH

**Kiitokset**

**CVE-2023-23697**: Dell Technologies would like to thank ycdxsb for reporting this issue.

**Versiohistoria**

**Revision**

**Date**

**Description**

1.0

2023-02-07

Initial Release

**Asiaan liittyvät tiedot**

Dell Security Advisories and Notices  
Dell Vulnerability Response Policy  
CVSS Scoring Guide

08 helmik. 2023

CVE-2023-23697: DSA-2023-030: Dell Command | Intel vPro Out of Band Security Update for an Arbitrary Folder Deletion Vulnerability

Wyse Management Suite 3.8 and below contain an improper access control vulnerability. A authenticated malicious admin user can edit general client policy for which the user is not authorized.

**Vaikutus**

High

**Tiedot**

**Proprietary Code CVEs**

**Description**

**CVSS Base Score**

**CVSS Vector String**

CVE-2022-46754

Wyse Management Suite 3.8 and earlier contain an improper access control vulnerability. An authenticated malicious admin user may potentially access certain pro license features for which this admin is not authorized in order to configure user controlled external entities.

8.7

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

CVE-2022-46755

Wyse Management Suite 3.8 and below contain an improper access control vulnerability. A authenticated malicious end user can edit general client policy for which the user is not authorized.

4.9

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVE-2022-46677

Wyse Management Suite 3.8 and earlier contain an improper access control vulnerability. An authenticated malicious admin user may potentially create a subgroup under a group for which the admin is not authorized.

4.9

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVE-2022-46678

Wyse Management Suite 3.8 and earlier contain an improper access control vulnerability. An authenticated malicious admin user may potentially edit general client policy for which the user is not authorized.

4.9

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVE-2022-46676

Wyse Management Suite 3.8 and earlier contain an improper access control vulnerability. A malicious admin user may potentially disable or delete users under administration and unassigned admins for which the group admin is not authorized.

4.9

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVE-2022-46675

Wyse Management Suite Repository 3.8 and earlier contain an information disclosure vulnerability in error pages with which an attacker may potentially discover the internal structure of the application and its components and use this information for further vulnerability research.

5.3

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

 

**Third-party Component**

**CVEs**

**More information**

Swagger-UI (DOMPurify)

CVE-2020-26870

See NVD (http://nvd.nist.gov/) for individual scores for each CVE.

OpenJDK

CVE-2022-34169

Gson

CVE-2022-25647

**Proprietary Code CVEs**

**Description**

**CVSS Base Score**

**CVSS Vector String**

CVE-2022-46754

Wyse Management Suite 3.8 and earlier contain an improper access control vulnerability. An authenticated malicious admin user may potentially access certain pro license features for which this admin is not authorized in order to configure user controlled external entities.

8.7

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

CVE-2022-46755

Wyse Management Suite 3.8 and below contain an improper access control vulnerability. A authenticated malicious end user can edit general client policy for which the user is not authorized.

4.9

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVE-2022-46677

Wyse Management Suite 3.8 and earlier contain an improper access control vulnerability. An authenticated malicious admin user may potentially create a subgroup under a group for which the admin is not authorized.

4.9

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVE-2022-46678

Wyse Management Suite 3.8 and earlier contain an improper access control vulnerability. An authenticated malicious admin user may potentially edit general client policy for which the user is not authorized.

4.9

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVE-2022-46676

Wyse Management Suite 3.8 and earlier contain an improper access control vulnerability. A malicious admin user may potentially disable or delete users under administration and unassigned admins for which the group admin is not authorized.

4.9

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVE-2022-46675

Wyse Management Suite Repository 3.8 and earlier contain an information disclosure vulnerability in error pages with which an attacker may potentially discover the internal structure of the application and its components and use this information for further vulnerability research.

5.3

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

 

**Third-party Component**

**CVEs**

**More information**

Swagger-UI (DOMPurify)

CVE-2020-26870

See NVD (http://nvd.nist.gov/) for individual scores for each CVE.

OpenJDK

CVE-2022-34169

Gson

CVE-2022-25647

Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.

**Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen**

**Product**

**Affected Versions**

**Updated Versions**

**Link to Update**

Dell Wyse Management Suite

3.8 and earlier

4.0

Dell Wyse Management Suite

Dell Wyse Management Suite Repository

3.8 and earlier

4.0

Dell Wyse Management Suite Repository

**Product**

**Affected Versions**

**Updated Versions**

**Link to Update**

Dell Wyse Management Suite

3.8 and earlier

4.0

Dell Wyse Management Suite

Dell Wyse Management Suite Repository

3.8 and earlier

4.0

Dell Wyse Management Suite Repository

**Kiitokset**

Dell Technologies would like to thank Marius Gabriel Mihai for reporting CVE-2020-26870.

**Versiohistoria**

**Revision**

**Date**

**Description**

1.0

2022-12-19

Initial Release

**Asiaan liittyvät tiedot**

Dell Security Advisories and Notices  
Dell Vulnerability Response Policy  
CVSS Scoring Guide

03 tammik. 2023

CVE-2022-46755: DSA-2022-329: Dell Wyse Management Suite Security Update for Multiple Vulnerabilities

Dell System Update, version 2.0.0 and earlier, contains an Improper Certificate Validation in data parser module. A local attacker with high privileges could potentially exploit this vulnerability, leading to credential theft and/or denial of service.

**Vaikutus**

Medium

**Tiedot**

**Proprietary Code CVE**

**Description**

**CVSS Base Score**

**CVSS Vector String**

CVE-2022-34404

Dell System Update, version 2.0.0 and earlier, contains an Improper Certificate Validation in data parser module. A local attacker with high privileges could potentially exploit this vulnerability, leading to credential theft and/or denial of service.

6.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

**Proprietary Code CVE**

**Description**

**CVSS Base Score**

**CVSS Vector String**

CVE-2022-34404

Dell System Update, version 2.0.0 and earlier, contains an Improper Certificate Validation in data parser module. A local attacker with high privileges could potentially exploit this vulnerability, leading to credential theft and/or denial of service.

6.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.

**Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen**

**CVE(s) Addressed**

**Product**

**Affected Version(s)**

**Updated Version(s)**

**Link to Update**

CVE-2022-34404

DSU  
 

Versions prior to 2.0.1.0  
 

2.0.1.0

https://www.dell.com/support/home/drivers/driversdetails?driverid=8d3x6

**CVE(s) Addressed**

**Product**

**Affected Version(s)**

**Updated Version(s)**

**Link to Update**

CVE-2022-34404

DSU  
 

Versions prior to 2.0.1.0  
 

2.0.1.0

https://www.dell.com/support/home/drivers/driversdetails?driverid=8d3x6

**Keinoja ongelman kiertämiseen tai lieventämiseen**

None.

**Versiohistoria**

**Revision**

**Date**

**Description**

1.0

2022-09-26

Initial Release

**Asiaan liittyvät tiedot**

Dell Security Advisories and Notices  
Dell Vulnerability Response Policy  
CVSS Scoring Guide

Dell System Update v1.3, Dell System update v1.3.1, Dell System Update v1.1, Dell System Update v1.2, Product Security Information, Dell System update v1.4.0

26 syysk. 2022

CVE-2022-34404: DSA-2022-254: Dell System Update (DSU) Security Update for a Self-Signed Certificate Vulnerability

PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* contains a Stored Cross-site Scripting Vulnerability. An authenticated admin user could potentially exploit this vulnerability, to hijack user sessions or trick a victim application user into unknowingly send arbitrary requests to the server.

**Vaikutus**

High

**Tiedot**

**Proprietary Code CVEs**

**Description**

**CVSS Base Score**

**CVSS Vector String**

CVE-2022-34446

PowerPath Management Appliance with versions 3.3 and 3.2\* contains Authorization Bypass vulnerability. An authenticated remote user with limited privileges (such as, of role Monitoring) may potentially exploit this issue and gain access to sensitive information and modify the configuration.

8.8

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-34447

PowerPath Management Appliance with versions 3.3, 3.2\*, 3.1, and 3.0\* contains operating system Command Injection vulnerability. An authenticated remote attacker with administrative privileges may potentially exploit the issue and perform commands on the system as the root user.

7.2

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2022-34448

PowerPath Management Appliance with versions 3.3, 3.2\*, 3.1, and 3.0\* contains a Cross-site Request Forgery vulnerability. An unauthenticated nonprivileged user may potentially exploit the issue and perform any privileged state-changing actions. 

8.8

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2022-34449

PowerPath Management Appliance with versions 3.3 and 3.2\* contains a hard-coded Cryptographic Keys vulnerability. Authenticated admin users may potentially exploit the issue that leads to view and modifying sensitive information that is stored in the application.

6.0

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

CVE-2022-34450

PowerPath Management Appliance with version 3.3 contains Privilege Escalation vulnerability. An authenticated admin user may potentially exploit this issue and gain unrestricted control/code execution on the system as root.

6.7

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2022-34451

PowerPath Management Appliance with versions 3.3, 3.2\*, 3.1, and 3.0\* contains a Stored Cross-site Scripting Vulnerability. An authenticated admin user may potentially exploit this vulnerability to hijack user sessions or trick a victim application user into unknowingly send arbitrary requests to the server.

4.8  
 

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N  
 

CVE-2022-34452

PowerPath Management Appliance with versions 3.3, 3.2\*, 3.1, and 3.0\* contains sensitive information disclosure vulnerability. An Authenticated admin user may potentially be able to exploit the issue and view sensitive information that is stored in the logs.

2.7

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

  

**Proprietary Code CVEs**

**Description**

**CVSS Base Score**

**CVSS Vector String**

CVE-2022-34446

PowerPath Management Appliance with versions 3.3 and 3.2\* contains Authorization Bypass vulnerability. An authenticated remote user with limited privileges (such as, of role Monitoring) may potentially exploit this issue and gain access to sensitive information and modify the configuration.

8.8

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-34447

PowerPath Management Appliance with versions 3.3, 3.2\*, 3.1, and 3.0\* contains operating system Command Injection vulnerability. An authenticated remote attacker with administrative privileges may potentially exploit the issue and perform commands on the system as the root user.

7.2

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2022-34448

PowerPath Management Appliance with versions 3.3, 3.2\*, 3.1, and 3.0\* contains a Cross-site Request Forgery vulnerability. An unauthenticated nonprivileged user may potentially exploit the issue and perform any privileged state-changing actions. 

8.8

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2022-34449

PowerPath Management Appliance with versions 3.3 and 3.2\* contains a hard-coded Cryptographic Keys vulnerability. Authenticated admin users may potentially exploit the issue that leads to view and modifying sensitive information that is stored in the application.

6.0

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

CVE-2022-34450

PowerPath Management Appliance with version 3.3 contains Privilege Escalation vulnerability. An authenticated admin user may potentially exploit this issue and gain unrestricted control/code execution on the system as root.

6.7

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2022-34451

PowerPath Management Appliance with versions 3.3, 3.2\*, 3.1, and 3.0\* contains a Stored Cross-site Scripting Vulnerability. An authenticated admin user may potentially exploit this vulnerability to hijack user sessions or trick a victim application user into unknowingly send arbitrary requests to the server.

4.8  
 

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N  
 

CVE-2022-34452

PowerPath Management Appliance with versions 3.3, 3.2\*, 3.1, and 3.0\* contains sensitive information disclosure vulnerability. An Authenticated admin user may potentially be able to exploit the issue and view sensitive information that is stored in the logs.

2.7

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

  

Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.

**Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen**

**CVEs Addressed** 

**Product**

**Affected Versions**

**Updated Versions**

**Link to Update**

CVE-2022-34447

PowerPath Management Appliance

3.3, 3.2\*, 3.1 & 3.0\*

3.4

https://www.dell.com/support/home/en-us/product-support/product/powerpath-management-appliance/drivers

CVE-2022-34448

CVE-2022-34451

CVE-2022-34452

CVE-2022-34446

PowerPath Management Appliance

3.3 & 3.2\*

3.4

https://www.dell.com/support/home/en-us/product-support/product/powerpath-management-appliance/drivers

CVE-2022-34449

CVE-2022-34450

PowerPath Management Appliance

   3.3

  3.4

https://www.dell.com/support/home/en-us/product-support/product/powerpath-management-appliance/drivers  
 

**CVEs Addressed** 

**Product**

**Affected Versions**

**Updated Versions**

**Link to Update**

CVE-2022-34447

PowerPath Management Appliance

3.3, 3.2\*, 3.1 & 3.0\*

3.4

https://www.dell.com/support/home/en-us/product-support/product/powerpath-management-appliance/drivers

CVE-2022-34448

CVE-2022-34451

CVE-2022-34452

CVE-2022-34446

PowerPath Management Appliance

3.3 & 3.2\*

3.4

https://www.dell.com/support/home/en-us/product-support/product/powerpath-management-appliance/drivers

CVE-2022-34449

CVE-2022-34450

PowerPath Management Appliance

   3.3

  3.4

https://www.dell.com/support/home/en-us/product-support/product/powerpath-management-appliance/drivers  
 

**Versiohistoria**

Revision

Date

Description

1.0

2022-11-15

Initial Release

**Asiaan liittyvät tiedot**

Dell Security Advisories and Notices  
Dell Vulnerability Response Policy  
CVSS Scoring Guide

15 marrask. 2022

CVE-2022-34451: DSA-2022-283: PowerPath Management Appliance Security Update for Multiple Security Vulnerabilities

Dell BSAFE SSL-J when used in debug mode can reveal unnecessary information. An attacker could potentially exploit this vulnerability and have access to private information.

**Vaikutus**

Medium

**Tiedot**

Only customers with active BSAFE maintenance contracts can receive details about the vulnerabilities. Public disclosure of the vulnerability details will be shared later.

Only customers with active BSAFE maintenance contracts can receive details about the vulnerabilities. Public disclosure of the vulnerability details will be shared later.

Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.

**Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen**

**Affected Products:**  
Dell BSAFE SSL-J version 7.0 and all versions before 6.5.

**Remediation:**  
The following releases address this vulnerability:  
Dell BSAFE SSL-J 6.5 and Dell BSAFE SSL-J 7.1

Dell Technologies recommends all customers upgrade at the earliest opportunity.

**Affected Products:**  
Dell BSAFE SSL-J version 7.0 and all versions before 6.5.

**Remediation:**  
The following releases address this vulnerability:  
Dell BSAFE SSL-J 6.5 and Dell BSAFE SSL-J 7.1

Dell Technologies recommends all customers upgrade at the earliest opportunity.

**Versiohistoria**

**Revision**

**Date**

**Description**

1.0

2022-09-12

Initial Release

**Asiaan liittyvät tiedot**

Dell Security Advisories and Notices  
Dell Vulnerability Response Policy  
CVSS Scoring Guide

12 syysk. 2022

CVE-2022-34364: DSA-2022-188: Dell BSAFE SSL-J 6.5 and 7.1 Security Vulnerability

Dell SupportAssist for Home PCs (version 3.11.2 and prior) contain Overly Permissive Cross-domain Whitelist vulnerability. An authenticated non-admin user could potentially exploit the issue and obtain sensitive information.

**Vaikutus**

High

**Tiedot**

**Proprietary Code CVEs** 

**Description** 

**CVSS Base Score** 

**CVSS Vector String**  

CVE-2022-34384

SupportAssist Client Consumer (version 3.11.1 and prior), SupportAssist Client Commercial (version 3.2 and prior), Dell Command | Update, Dell Update, and Alienware Update versions before 4.5 contain a Local Privilege Escalation Vulnerability in the Advanced Driver Restore component. A local malicious user may potentially exploit this vulnerability, leading to privilege escalation.

7.8

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-34385

SupportAssist for Home PCs (version 3.11.4 and prior) and  SupportAssist for Business PCs (version 3.2.0 and prior) contain cryptographic weakness vulnerability. An authenticated non-admin user could potentially exploit the issue and obtain sensitive information.

5.5

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVE-2022-34386

SupportAssist for Home PCs (version 3.11.4 and prior) and  SupportAssist for Business PCs (version 3.2.0 and prior) contain cryptographic weakness vulnerability. An authenticated non-admin user could potentially exploit the issue and obtain sensitive information.

5.5

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVE-2022-34387

Dell SupportAssist for Home PCs (version 3.11.4 and prior) and  SupportAssist for Business PCs (version 3.2.0 and prior) contain a privilege escalation vulnerability. A local authenticated malicious user could potentially exploit this vulnerability to elevate privileges and gain total control of the system.

6.4

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2022-34388

Dell SupportAssist for Home PCs (version 3.11.4 and prior) and  SupportAssist for Business PCs (version 3.2.0 and prior) contain information disclosure vulnerability. A local malicious user with low privileges could exploit this vulnerability to view and modify sensitive information in the database of the affected application.

7.1

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CVE-2022-34366

SupportAssist for Home PCs (version 3.11.2 and prior) contain Overly Permissive Cross-domain Whitelist vulnerability. An authenticated non-admin user could potentially exploit the issue and obtain sensitive information

6.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CVE-2022-34389

Dell SupportAssist contains a rate limit bypass issues in screenmeet API third party component. An unauthenticated attacker could potentially exploit this vulnerability and impersonate a legitimate dell customer to a dell support technician.

3.7

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

CVE-2022-34392

SupportAssist for Home PCs (versions 3.11.4 and prior) contain an insufficient session expiration Vulnerability. An authenticated non-admin user can be able to obtain the refresh token and that leads to reuse the access token and fetch sensitive information.

5.5

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

**Proprietary Code CVEs** 

**Description** 

**CVSS Base Score** 

**CVSS Vector String**  

CVE-2022-34384

SupportAssist Client Consumer (version 3.11.1 and prior), SupportAssist Client Commercial (version 3.2 and prior), Dell Command | Update, Dell Update, and Alienware Update versions before 4.5 contain a Local Privilege Escalation Vulnerability in the Advanced Driver Restore component. A local malicious user may potentially exploit this vulnerability, leading to privilege escalation.

7.8

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-34385

SupportAssist for Home PCs (version 3.11.4 and prior) and  SupportAssist for Business PCs (version 3.2.0 and prior) contain cryptographic weakness vulnerability. An authenticated non-admin user could potentially exploit the issue and obtain sensitive information.

5.5

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVE-2022-34386

SupportAssist for Home PCs (version 3.11.4 and prior) and  SupportAssist for Business PCs (version 3.2.0 and prior) contain cryptographic weakness vulnerability. An authenticated non-admin user could potentially exploit the issue and obtain sensitive information.

5.5

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVE-2022-34387

Dell SupportAssist for Home PCs (version 3.11.4 and prior) and  SupportAssist for Business PCs (version 3.2.0 and prior) contain a privilege escalation vulnerability. A local authenticated malicious user could potentially exploit this vulnerability to elevate privileges and gain total control of the system.

6.4

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2022-34388

Dell SupportAssist for Home PCs (version 3.11.4 and prior) and  SupportAssist for Business PCs (version 3.2.0 and prior) contain information disclosure vulnerability. A local malicious user with low privileges could exploit this vulnerability to view and modify sensitive information in the database of the affected application.

7.1

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CVE-2022-34366

SupportAssist for Home PCs (version 3.11.2 and prior) contain Overly Permissive Cross-domain Whitelist vulnerability. An authenticated non-admin user could potentially exploit the issue and obtain sensitive information

6.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CVE-2022-34389

Dell SupportAssist contains a rate limit bypass issues in screenmeet API third party component. An unauthenticated attacker could potentially exploit this vulnerability and impersonate a legitimate dell customer to a dell support technician.

3.7

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

CVE-2022-34392

SupportAssist for Home PCs (versions 3.11.4 and prior) contain an insufficient session expiration Vulnerability. An authenticated non-admin user can be able to obtain the refresh token and that leads to reuse the access token and fetch sensitive information.

5.5

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.

**Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen**

**CVEs Addressed**   

**Product** 

**Affected Versions** 

**Updated Versions** 

**Link to Update** 

CVE-2022-34384

Dell SupportAssist for Home PCs 

Version 3.11.2 and earlier  

3.12.3

SupportAssist for Home PCs:  
There are 2 ways in which the customer can get the latest component which has the fix.    
1\. Manual steps: (Recommended)    
a. Launch SupportAssist UI     
b. Go to the About Page of SupportAssist UI    
c. Click on “Check for Latest Updates”  

   2. If Auto-update settings are enabled on the Settings page, then SupportAssist for Home PCs will automatically get upgraded to the latest available version which has the fix.

*   Auto-update setting can be verified by going to Settings Page, Privacy option.

Links:  
SupportAssist for Home PCs   
Release Notes and User Guide

SupportAssist for Business PCs:  
TechDirect Link for Admins  
Release Notes and User Guide

Dell SupportAssist for Business PCs

Version 3.2.0 and earlier  

3.3.0

CVE-2022-34385

Dell SupportAssist for Home PCs 

Version 3.11.4 and earlier  

3.12.3

Dell SupportAssist for Business PCs

Version 3.2.0 and earlier  

3.3.0

CVE-2022-34386

Dell SupportAssist for Home PCs 

Version 3.11.4 and earlier  

3.12.3

Dell SupportAssist for Business PCs

Version 3.2.0 and earlier  

3.3.0

CVE-2022-34387

Dell SupportAssist for Home PCs 

Version 3.11.4 and earlier  

3.12.3

Dell SupportAssist for Business PCs

Version 3.2.0 and earlier  

3.3.0

CVE-2022-34388

Dell SupportAssist for Home PCs 

Version 3.11.4 and earlier  

3.12.3

Dell SupportAssist for Business PCs

Version 3.2.0 and earlier  

3.3.0

CVE-2022-34366

Dell SupportAssist for Home PCs 

Version 3.11.4 and earlier  

3.12.3

CVE-2022-34389

Dell SupportAssist for Home PCs 

Version 3.11.2 and earlier  

3.12.3

Dell SupportAssist for Business PCs

Version 3.2.0 and earlier  

3.3.0

CVE-2022-34392

Dell SupportAssist for Home PCs

Version 3.11.4 and earlier

3.12.3

**CVEs Addressed**   

**Product** 

**Affected Versions** 

**Updated Versions** 

**Link to Update** 

CVE-2022-34384

Dell SupportAssist for Home PCs 

Version 3.11.2 and earlier  

3.12.3

SupportAssist for Home PCs:  
There are 2 ways in which the customer can get the latest component which has the fix.    
1\. Manual steps: (Recommended)    
a. Launch SupportAssist UI     
b. Go to the About Page of SupportAssist UI    
c. Click on “Check for Latest Updates”  

   2. If Auto-update settings are enabled on the Settings page, then SupportAssist for Home PCs will automatically get upgraded to the latest available version which has the fix.

*   Auto-update setting can be verified by going to Settings Page, Privacy option.

Links:  
SupportAssist for Home PCs   
Release Notes and User Guide

SupportAssist for Business PCs:  
TechDirect Link for Admins  
Release Notes and User Guide

Dell SupportAssist for Business PCs

Version 3.2.0 and earlier  

3.3.0

CVE-2022-34385

Dell SupportAssist for Home PCs 

Version 3.11.4 and earlier  

3.12.3

Dell SupportAssist for Business PCs

Version 3.2.0 and earlier  

3.3.0

CVE-2022-34386

Dell SupportAssist for Home PCs 

Version 3.11.4 and earlier  

3.12.3

Dell SupportAssist for Business PCs

Version 3.2.0 and earlier  

3.3.0

CVE-2022-34387

Dell SupportAssist for Home PCs 

Version 3.11.4 and earlier  

3.12.3

Dell SupportAssist for Business PCs

Version 3.2.0 and earlier  

3.3.0

CVE-2022-34388

Dell SupportAssist for Home PCs 

Version 3.11.4 and earlier  

3.12.3

Dell SupportAssist for Business PCs

Version 3.2.0 and earlier  

3.3.0

CVE-2022-34366

Dell SupportAssist for Home PCs 

Version 3.11.4 and earlier  

3.12.3

CVE-2022-34389

Dell SupportAssist for Home PCs 

Version 3.11.2 and earlier  

3.12.3

Dell SupportAssist for Business PCs

Version 3.2.0 and earlier  

3.3.0

CVE-2022-34392

Dell SupportAssist for Home PCs

Version 3.11.4 and earlier

3.12.3

**Keinoja ongelman kiertämiseen tai lieventämiseen**

None.

**Kiitokset**

Dell would like to thank Gad Abuhatzeira from SOPHTIX Security and Nave ben Naim for reporting CVE-2022-34389.  
 

**Versiohistoria**

 **Revision** 

 **Date** 

 **Description** 

 1.0 

 2022-10-11

 Initial Release

 2.0

 2022-10-12 

 Update to “Affected Products and Remediation” 

**Asiaan liittyvät tiedot**

Dell Security Advisories and Notices  
Dell Vulnerability Response Policy  
CVSS Scoring Guide

SupportAssist, SupportAssist for Home PCs, Product Security Information, SupportAssist for Business PCs

12 lokak. 2022

Tag

#dell