Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-22229

Dell Unity, versions prior to 5.4, contain a vulnerability whereby log messages can be spoofed by an authenticated attacker. An attacker could exploit this vulnerability to forge log entries, create false alarms, and inject malicious content into logs that compromise logs integrity. A malicious attacker could also prevent the product from logging information while malicious actions are performed or implicate an arbitrary user for malicious activities.

Published

2024-01-24T17:15:08.410

Last Modified

2024-11-21T08:55:50.810

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 3.1 (LOW)

Weaknesses

Type: Secondary
CWE-117
Type: Primary
CWE-116

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	dell	unity_operating_environment	5.3.0.0.5.120	Yes
Application	dell	unity_xt_operating_environment	5.3.0.0.5.120	Yes
Application	dell	unityvsa_operating_environment	5.3.0.0.5.120	Yes

References

https://www.dell.com/support/kbdoc/en-us/000213152/dsa-2023-141-dell-unity-unity-vsa-and-unity-xt-security-update-for-multiple-vulnerabilities Vendor Advisory ([email protected])
https://www.dell.com/support/kbdoc/en-us/000213152/dsa-2023-141-dell-unity-unity-vsa-and-unity-xt-security-update-for-multiple-vulnerabilities Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)