CVE-2022-34442

CVSS V2 None CVSS V3 None

Description

Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain LDAP user privileges.

Overview

CVE ID
CVE-2022-34442

Assigner
security_alert@emc.com

Vulnerability Status
Analyzed

Published Version
2023-01-18T07:15:09

Last Modified Date
2023-01-25T19:34:09

Weakness Enumerations

CWE	URL
CWE-798	http://cwe.mitre.org/data/definitions/798.html
CWE-321	http://cwe.mitre.org/data/definitions/321.html

CPE Configuration (Product)

CPE	Vulnerable	Operator	Version Start	Version End
cpe:2.3:a:dell:emc_secure_connect_gateway_policy_manager::::::::	1	OR	5.10.00.00	5.14.00.00

References

Reference URL	Reference Tags
https://www.dell.com/support/kbdoc/en-us/000204995/dsa-2022-273-dell-secure-connect-gateway-policy-manager-security-update-for-multiple-proprietary-code-vulnerabilities

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2022-34442
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34442

History

Created	Old Value	New Value	Data Type	Notes
2023-01-18 08:13:59				Added to TrackCVE
2023-01-18 08:13:59			Weakness Enumeration	new
2023-01-18 14:15:43		2023-01-18T13:54:48	CVE Modified Date	updated
2023-01-18 14:15:43	Received	Awaiting Analysis	Vulnerability Status	updated
2023-01-25 14:13:21	Awaiting Analysis	Undergoing Analysis	Vulnerability Status	updated
2023-01-25 20:13:46		2023-01-25T19:34:09	CVE Modified Date	updated
2023-01-25 20:13:46	Undergoing Analysis	Analyzed	Vulnerability Status	updated
2023-01-25 20:13:50			Weakness Enumeration	update
2023-01-25 20:13:52			CPE Information	updated