CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38482
https://notcve.org/view.php?id=CVE-2024-38482
CloudLink, versions 7.1.x and 8.x, contain an Improper check or handling of Exceptional Conditions Vulnerability in Cluster Component. A highly privileged malicious user with remote access could potentially exploit this vulnerability, leading to execute unauthorized actions and retrieve sensitive information from the database. CloudLink, versiones 7.1.x y 8.x, contienen una vulnerabilidad de verificación o manejo incorrecto de las condiciones excepcionales en el componente del clúster. Un usuario malintencionado con privilegios elevados y acceso remoto podría explotar esta vulnerabilidad, lo que llevaría a ejecutar acciones no autorizadas y recuperar información confidencial de la base de datos. • https://www.dell.com/support/kbdoc/en-us/000227493/dsa-2024-343-security-update-for-dell-cloudlink-vulnerability • CWE-703: Improper Check or Handling of Exceptional Conditions •
CVSS: 3.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37137
https://notcve.org/view.php?id=CVE-2024-37137
Dell Key Trust Platform, v3.0.6 and prior, contains Use of a Cryptographic Primitive with a Risky Implementation vulnerability. A local privileged attacker could potentially exploit this vulnerability, leading to privileged information disclosure. • https://www.dell.com/support/kbdoc/en-us/000226476/dsa-2024-294-security-update-for-dell-cloudlink-vulnerability • CWE-1240: Use of a Cryptographic Primitive with a Risky Implementation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28076
https://notcve.org/view.php?id=CVE-2023-28076
CloudLink 7.1.2 and all prior versions contain a broken or risky cryptographic algorithm vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability leading to some information disclosure. • https://www.dell.com/support/kbdoc/en-us/000212095/dsa-2023-121-dell-cloudlink-security-update-for-aes-gcm-ciphers-vulnerability • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-34380
https://notcve.org/view.php?id=CVE-2022-34380
Dell CloudLink 7.1.3 and all earlier versions contain an Authentication Bypass Using an Alternate Path or Channel Vulnerability. A high privileged local attacker may potentially exploit this vulnerability leading to authentication bypass and access the CloudLink system console. This is critical severity vulnerability as it allows attacker to take control of the system. Dell CloudLink versiones 7.1.3 y todas las versiones anteriores contienen una vulnerabilidad de omisión de la autenticación mediante una ruta o canal alternativo. Un atacante local con altos privilegios puede explotar potencialmente esta vulnerabilidad conllevando a una omisión de la autenticación y el acceso a la consola del sistema CloudLink. • https://www.dell.com/support/kbdoc/en-us/000202058/dsa-2022-210-dell-emc-cloudlink-security-update-for-multiple-security-vulnerabilities • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-34379
https://notcve.org/view.php?id=CVE-2022-34379
Dell EMC CloudLink 7.1.2 and all prior versions contain an Authentication Bypass Vulnerability. A remote attacker, with the knowledge of the active directory usernames, could potentially exploit this vulnerability to gain unauthorized access to the system. Dell EMC CloudLink versiones 7.1.2 y todas las versiones anteriores contienen una vulnerabilidad de omisión de autenticación. Un atacante remoto, con el conocimiento de los nombres de usuario del directorio activo, podría explotar esta vulnerabilidad para conseguir acceso no autorizado al sistema • https://www.dell.com/support/kbdoc/en-us/000202057/dsa-2022-207-dell-emc-cloudlink-security-update-for-an-ad-users-login-without-password-vulnerability • CWE-287: Improper Authentication •