CVE-2022-34434

EPSS 0.05%
Published 11.10.2022 17:15:11
Last modified 21.11.2024 07:09:33
Source security_alert@emc.com
Teams watchlist Login
Open Login

Cloud Mobility for Dell Storage versions 1.3.0 and earlier contains an Improper Access Control vulnerability within the Postgres database. A threat actor with root level access to either the vApp or containerized versions of Cloud Mobility may potentially exploit this vulnerability, leading to the modification or deletion of tables that are required for many of the core functionalities of Cloud Mobility. Exploitation may lead to the compromise of integrity and availability of the normal functionality of the Cloud Mobility application.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Dell ≫ Cloud Mobility For Dell Emc Storage Version < 1.3.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.05%	0.164

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.7	0.8	5.9	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
security_alert@emc.com	6.7	0.8	5.9	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-285 Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

https://www.dell.com/support/kbdoc/en-vc/000203434/dsa-2022-264-cloud-mobility-for-dell-storage-security-update-for-an-insecure-database-vulnerability

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-34434

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-34434

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-34434

EUVD