Dell BSAFE SSL-J/Crypto-J CVE-2022-34381 Unmaintained 3rdParty Component (7.0, 6.2.6.1)
CVE-2022-34381 Published on February 2, 2024
Dell BSAFE SSL-J version 7.0 and all versions prior to 6.5, and Dell BSAFE Crypto-J versions prior to 6.2.6.1 contain an unmaintained third-party component vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to the compromise of the impacted system. This is a Critical vulnerability and Dell recommends customers to upgrade at the earliest opportunity.
Vulnerability Analysis
CVE-2022-34381 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality and integrity, and no impact on availability.
Weakness Type
Reliance on Component That is Not Updateable
The product contains a component that cannot be updated or patched in order to remove vulnerabilities or significant bugs.
Products Associated with CVE-2022-34381
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2022-34381 are published in these products:
Affected Versions
Dell BSAFE Crypto-J:- Before 6.2.6.1 is affected.
- Version 7.0 is affected.
- Before 6.5 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.