CVE-2022-34381Reliance on Component That is Not Updateable in Dell Bsafe Crypto-j

CWE-1329Reliance on Component That is Not Updateable7 documents4 sources
Severity
9.8CRITICALNVD
CNA9.1
EPSS
0.6%
top 29.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Dell Bsafe Crypto-jDell Bsafe Ssl-jDell Bsafe Crypto-j+1 more
Timeline
PublishedFeb 2
Latest updateApr 15

Description

Dell BSAFE SSL-J version 7.0 and all versions prior to 6.5, and Dell BSAFE Crypto-J versions prior to 6.2.6.1 contain an unmaintained third-party component vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to the compromise of the impacted system. This is a Critical vulnerability and Dell recommends customers to upgrade at the earliest opportunity.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

NVDdell/bsafe_crypto-j< 6.2.6.1
CVEListV5dell/dell_bsafe_crypto-j< 6.2.6.1
NVDdell/bsafe_ssl-j< 6.5+1
CVEListV5dell/dell_bsafe_ssl-j< 6.5+1

🔴Vulnerability Details

2
CVEList
CVE-2022-34381: Dell BSAFE SSL-J version 72024-02-02
GHSA
GHSA-fp29-pg6r-vvr7: Dell BSAFE SSL-J version 72024-02-02

📋Vendor Advisories

4
Oracle
Oracle Oracle Retail Applications Risk Matrix: Core (BSAFE Crypto-J) — CVE-2022-343812025-04-15
Oracle
Oracle Oracle Enterprise Manager Risk Matrix: Agent Next Gen (BSAFE Crypto-J) — CVE-2022-343812024-10-15
Oracle
Oracle Oracle Communications Applications Risk Matrix: Platform (BSAFE Crypto-J) — CVE-2022-343812024-07-15
Oracle
Oracle Oracle Communications Applications Risk Matrix: Platform (BSAFE Crypto-J) — CVE-2022-343812024-04-15
CVE-2022-34381 — Dell Bsafe Crypto-j vulnerability | cvebase