CVE-2022-34381

2024-02-0215:30:23

CWE-1329

dell

www.cve.org

dell

bsafe

ssl-j

crypto-j

vulnerability

third-party component

unauthenticated remote attacker

compromise

upgrade

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

9.6 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

56.5%

JSON

Dell BSAFE SSL-J version 7.0 and all versions prior to 6.5, and Dell BSAFE Crypto-J versions prior to 6.2.6.1 contain an unmaintained third-party component vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to the compromise of the impacted system. This is a Critical vulnerability and Dell recommends customers to upgrade at the earliest opportunity.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Dell BSAFE Crypto-J",
    "vendor": "Dell",
    "versions": [
      {
        "lessThan": "6.2.6.1",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Dell BSAFE SSL-J",
    "vendor": "Dell",
    "versions": [
      {
        "status": "affected",
        "version": "7.0"
      },
      {
        "lessThan": "6.5",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]