Lucene search

[email protected]CVE-2022-34364

HistoryFeb 10, 2023 - 8:15 p.m.

CVE-2022-34364

2023-02-1020:15:52

CWE-1295

CWE-668

[email protected]

web.nvd.nist.gov

cve-2022-34364

dell

bsafe

ssl-j

vulnerability

debug mode

4.4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

5.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Dell BSAFE SSL-J, versions before 6.5 and version 7.0 contain a debug message revealing unnecessary information vulnerability. This may lead to disclosing sensitive information to a locally privileged user.

Affected configurations

NVD

Node

dellbsafe_ssl-jRange<6.5

dellbsafe_ssl-jMatch7.0

CPENameOperatorVersion
dell:bsafe_ssl-jdell bsafe ssl-jlt6.5
dell:bsafe_ssl-jdell bsafe ssl-jeq7.0

CPE	Name	Operator	Version
dell:bsafe_ssl-j	dell bsafe ssl-j	lt	6.5
dell:bsafe_ssl-j	dell bsafe ssl-j	eq	7.0

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "BSAFE SSL-J",
    "vendor": "Dell",
    "versions": [
      {
        "lessThan": "6.5",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "7.0"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000203275/dsa-2022-188-dell-bsafe-ssl-j-6-5-and-7-1-security-vulnerability

4.4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

5.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVE-2022-34364

prion1 cvelist1 nvd1 oracle1