Details of VAR-202210-1099

ID

VAR-202210-1099

CVE

CVE-2022-34434

TITLE

Dell's Cloud Mobility for Dell EMC Storage Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-018704

DESCRIPTION

Cloud Mobility for Dell Storage versions 1.3.0 and earlier contains an Improper Access Control vulnerability within the Postgres database. A threat actor with root level access to either the vApp or containerized versions of Cloud Mobility may potentially exploit this vulnerability, leading to the modification or deletion of tables that are required for many of the core functionalities of Cloud Mobility. Exploitation may lead to the compromise of integrity and availability of the normal functionality of the Cloud Mobility application. Dell's Cloud Mobility for Dell EMC Storage Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2022-34434 // JVNDB: JVNDB-2022-018704 // VULHUB: VHN-426750

AFFECTED PRODUCTS

vendor:	dell	model:	cloud mobility for dell emc storage	scope:	lt	version:	1.3.1	Trust: 1.0
vendor:	デル	model:	cloud mobility for dell emc storage	scope:	eq	version:	-	Trust: 0.8
vendor:	デル	model:	cloud mobility for dell emc storage	scope:	-	version:	-	Trust: 0.8
vendor:	デル	model:	cloud mobility for dell emc storage	scope:	eq	version:	1.3.1	Trust: 0.8

sources: JVNDB: JVNDB-2022-018704 // NVD: CVE-2022-34434

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-34434
value:	MEDIUM
Trust: 1.0
security_alert@emc.com:	CVE-2022-34434
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-34434
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202210-527
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2022-34434
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.1
Trust: 2.0
NVD:	CVE-2022-34434
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-018704 // CNNVD: CNNVD-202210-527 // NVD: CVE-2022-34434 // NVD: CVE-2022-34434

PROBLEMTYPE DATA

problemtype:	CWE-285	Trust: 1.0
problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8
problemtype:	CWE-863	Trust: 0.1

sources: VULHUB: VHN-426750 // JVNDB: JVNDB-2022-018704 // NVD: CVE-2022-34434

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202210-527

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202210-527

PATCH

title:

Cloud Mobility for Dell EMC Storage Security vulnerabilities

url:

http://123.124.177.30/web/xxk/bdxqById.tag?id=210804

Trust: 0.6

sources: CNNVD: CNNVD-202210-527

EXTERNAL IDS

db:	NVD	id:	CVE-2022-34434	Trust: 3.3
db:	JVNDB	id:	JVNDB-2022-018704	Trust: 0.8
db:	CNNVD	id:	CNNVD-202210-527	Trust: 0.6
db:	VULHUB	id:	VHN-426750	Trust: 0.1

sources: VULHUB: VHN-426750 // JVNDB: JVNDB-2022-018704 // CNNVD: CNNVD-202210-527 // NVD: CVE-2022-34434

REFERENCES

url:	https://www.dell.com/support/kbdoc/en-vc/000203434/dsa-2022-264-cloud-mobility-for-dell-storage-security-update-for-an-insecure-database-vulnerability	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2022-34434	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-34434/	Trust: 0.6

sources: VULHUB: VHN-426750 // JVNDB: JVNDB-2022-018704 // CNNVD: CNNVD-202210-527 // NVD: CVE-2022-34434

SOURCES

db:	VULHUB	id:	VHN-426750
db:	JVNDB	id:	JVNDB-2022-018704
db:	CNNVD	id:	CNNVD-202210-527
db:	NVD	id:	CVE-2022-34434

LAST UPDATE DATE

2024-08-14T14:30:57.103000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-426750	date:	2022-10-14T00:00:00
db:	JVNDB	id:	JVNDB-2022-018704	date:	2023-10-23T02:27:00
db:	CNNVD	id:	CNNVD-202210-527	date:	2023-06-30T00:00:00
db:	NVD	id:	CVE-2022-34434	date:	2023-06-29T15:48:50.800

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-426750	date:	2022-10-11T00:00:00
db:	JVNDB	id:	JVNDB-2022-018704	date:	2023-10-23T00:00:00
db:	CNNVD	id:	CNNVD-202210-527	date:	2022-10-11T00:00:00
db:	NVD	id:	CVE-2022-34434	date:	2022-10-11T17:15:11.430