CVE-2022-34381

Description

Dell BSAFE SSL-J version 7.0 and all versions prior to 6.5, and Dell BSAFE Crypto-J versions prior to 6.2.6.1 contain an unmaintained third-party component vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to the compromise of the impacted system. This is a Critical vulnerability and Dell recommends customers to upgrade at the earliest opportunity.

CVSS v3.1 Score

9.1

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Weakness Type (CWE)

CWE-1329 CWE-1329

Affected Products

Vendor	Product	Versions
dell	bsafe_ssl-j	< 6.5
dell	bsafe_ssl-j	All
dell	bsafe_crypto-j	< 6.2.6.1

References

Advisories & Patches

https://www.dell.com/support/kbdoc/en-us/000203278/dsa-2022-208-dell-bsafe-ssl-j-6-5-and-7-1-and-dell-bsafe-crypto-j-6-2-6-1-and-7-0-security-vulnerability https://www.dell.com/support/kbdoc/en-us/000203278/dsa-2022-208-dell-bsafe-ssl-j-6-5-and-7-1-and-dell-bsafe-crypto-j-6-2-6-1-and-7-0-security-vulnerability

Frequently Asked Questions

What is CVE-2022-34381? +

Dell BSAFE SSL-J version 7.0 and all versions prior to 6.5, and Dell BSAFE Crypto-J versions prior to 6.2.6.1 contain an unmaintained third-party component vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to the compromise of the impacted system. This is a Critical vulnerability and Dell recommends customers to upgrade at the earliest opportunity. It has a CVSS v3.1 base score of 9.1 (CRITICAL).

How severe is CVE-2022-34381? +

CVE-2022-34381 has a CVSS v3.1 score of 9.1 out of 10, rated CRITICAL. This is a critical vulnerability that should be patched immediately.

What products are affected by CVE-2022-34381? +

CVE-2022-34381 affects products from dell, specifically: bsafe_crypto-j, bsafe_ssl-j. Check the affected products table above for specific version ranges.

How do I check if I'm vulnerable to CVE-2022-34381? +

You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2026-41097 6.7

Reliance on a component that is not updateable in Windows Secure Boot allows an authorized attacker to bypass a security …

CVE-2024-37143 10.0

Dell PowerFlex appliance versions prior to IC 46.381.00 and IC 46.376.00, Dell PowerFlex rack versions prior to RCM 3.8.1.0 (for …

CVE-2026-40636 9.8

Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains a use of hard-coded credentials vulnerability. …

CVE-2025-36594 9.8

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2024 release …

CVE-2025-43995 9.8

Dell Storage Center - Dell Storage Manager, version(s) 20.1.21, contain(s) an Improper Authentication vulnerability. An unauthenticated attacker with remote access …

CVE-2023-32462 9.8

Dell OS10 Networking Switches running 10.5.2.x and above contain an OS command injection vulnerability when using remote user authentication. A …