{"vulnerability": "CVE-2022-3443", "sightings": [{"uuid": "51b41ae7-3a5f-4076-b73d-29d3270f3d41", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34436", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10304", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-34436\n\ud83d\udd25 CVSS Score: 2.7 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: \nDell iDRAC8 version 2.83.83.83 and prior contain an improper input validation vulnerability in Racadm when the firmware lock-down configuration is set. A remote high privileged attacker could exploit this vulnerability to bypass the firmware lock-down configuration and perform a firmware update.\n\n\n\n\n\n\n\ud83d\udccf Published: 2023-01-18T11:15:59.232Z\n\ud83d\udccf Modified: 2025-04-03T18:07:19.547Z\n\ud83d\udd17 References:\n1. https://www.dell.com/support/kbdoc/en-us/000205346/dsa-2022-265-dell-idrac8-and-dell-idrac9-security-update-for-a-racadm-vulnerability", "creation_timestamp": "2025-04-03T18:35:34.000000Z"}, {"uuid": "77a6368f-ee3d-4191-b490-592e580466c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34437", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/15344", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-34437\n\ud83d\udd25 CVSS Score: 6.7 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Dell PowerScale OneFS, versions 8.2.2-9.3.0, contain an OS command injection vulnerability. A privileged local malicious user could potentially exploit this vulnerability, leading to a full system compromise. This impacts compliance mode clusters.\n\ud83d\udccf Published: 2022-10-21T18:05:27.258Z\n\ud83d\udccf Modified: 2025-05-07T15:53:19.722Z\n\ud83d\udd17 References:\n1. https://www.dell.com/support/kbdoc/en-us/000204053/dsa-2022-245-dell-emc-powerscale-onefs-security-update-for-multiple-security-updates", "creation_timestamp": "2025-05-07T16:23:22.000000Z"}, {"uuid": "28f2aeb9-4f9f-48b8-a3e5-1c6f97728e8c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34437", "type": "seen", "source": "https://t.me/cibsecurity/51950", "content": "\u203c CVE-2022-34437 \u203c\n\nDell PowerScale OneFS, versions 8.2.2-9.3.0, contain an OS command injection vulnerability. A privileged local malicious user could potentially exploit this vulnerability, leading to a full system compromise. This impacts compliance mode clusters.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-23T15:47:40.000000Z"}, {"uuid": "07117cbe-6539-4b76-8987-f26e4eacd8b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34432", "type": "seen", "source": "https://t.me/cibsecurity/51132", "content": "\u203c CVE-2022-34432 \u203c\n\nDell Hybrid Client below 1.8 version contains a gedit vulnerability. A guest attacker could potentially exploit this vulnerability, allowing deletion of user and some system files and folders.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-11T20:26:07.000000Z"}, {"uuid": "f0e08d3d-c414-4d47-9d4a-e1d1790a5716", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34430", "type": "seen", "source": "https://t.me/cibsecurity/51130", "content": "\u203c CVE-2022-34430 \u203c\n\nDell Hybrid Client below 1.8 version contains a Zip Bomb Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-11T20:26:04.000000Z"}, {"uuid": "0b0aacac-d3ed-4cb0-ab92-94f027990a58", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34434", "type": "seen", "source": "https://t.me/cibsecurity/51128", "content": "\u203c CVE-2022-34434 \u203c\n\nCloud Mobility for Dell Storage versions 1.3.0 and earlier contains an Improper Access Control vulnerability within the Postgres database. A threat actor with root level access to either the vApp or containerized versions of Cloud Mobility may potentially exploit this vulnerability, leading to the modification or deletion of tables that are required for many of the core functionalities of Cloud Mobility. Exploitation may lead to the compromise of integrity and availability of the normal functionality of the Cloud Mobility application.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-11T20:26:00.000000Z"}, {"uuid": "fc8fd7d3-6bd6-4978-84b2-ebced6c89807", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34431", "type": "seen", "source": "https://t.me/cibsecurity/51126", "content": "\u203c CVE-2022-34431 \u203c\n\nDell Hybrid Client below 1.8 version contains a guest user profile corruption vulnerability. A WMS privilege attacker could potentially exploit this vulnerability, leading to DHC system not being accessible.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-11T20:25:58.000000Z"}, {"uuid": "a4ac41ad-9105-43dd-a724-c337e2221b4c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34439", "type": "seen", "source": "https://t.me/cibsecurity/51948", "content": "\u203c CVE-2022-34439 \u203c\n\nDell PowerScale OneFS, versions 8.2.0.x-9.4.0.x contain allocation of Resources Without Limits or Throttling vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service and performance issue on that node.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-21T22:22:48.000000Z"}, {"uuid": "0304e534-8dea-42d6-8c44-a6659181d61e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34438", "type": "seen", "source": "https://t.me/cibsecurity/51953", "content": "\u203c CVE-2022-34438 \u203c\n\nDell PowerScale OneFS, versions 8.2.x-9.4.0.x, contain a privilege context switching error. A local authenticated malicious user with high privileges could potentially exploit this vulnerability, leading to full system compromise. This impacts compliance mode clusters.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-21T22:22:54.000000Z"}]}