Skip to main content

Security Bulletins

The vulnerabilities reported in this Security Bulletin include vulnerabilities within the Palette VerteX airgap solution and third-party component vulnerabilities, which we have become aware of. These vulnerabilities are discovered via our Bug Bounty program, our security monitoring program, or reported to us by our supply chain.

info

The CVSS Severity is provided by either the third-party service provider, or NIST CVE. We do not provide the criticality score for third-party components. Previous security bulletins are available in the Security Bulletins Archive.

To fix all the vulnerabilities impacting your products, we recommends patching your instances to the latest version regarding any third-party components. For vulnerabilities originating in our products, we will provide mitigations and workarounds where applicable.

Click on the CVE ID to view the full details of the vulnerability.

CVE IDInitial Pub DateModified DateImpacted Product & VersionVulnerability TypeCVSS SeverityStatus
CVE-2023-5242502/04/202406/14/2024Palette 4.4.8Third-party component: vSphere-CSI7.5🔍 Ongoing
CVE-2024-216261/3/242/18/24Palette 4.4.8Third-party component: kube-proxy8.6🔍 Ongoing
CVE-2022-417232/28/2311/25/23Palette 4.4.8Third-party component: CoreDNS7.5🔍 Ongoing
GHSA-m425-mq94-257g10/25/2310/25/23Palette 4.4.8Third-party component: CoreDNS7.5🔍 Ongoing
CVE-2022-44502/8/232/4/24Palette 4.4.8Third-party component: OpenSSL7.5🔍 Ongoing
CVE-2023-4514210/12/232/18/24Palette 4.4.8Third-party component: OpenTelemetry-Go7.5🔍 Ongoing
CVE-2023-04643/22/236/21/24Palette 4.4.8Third-party component: OpenSSL7.5🔍 Ongoing
CVE-2023-3932510/11/234/28/24Palette 4.4.8Third-party component: Go project7.5🔍 Ongoing
CVE-2023-02152/28/236/21/24Palette 4.4.8Third-party component: OpenSSL7.5🔍 Ongoing
CVE-2023-4710811/20/2311/20/23Palette 4.4.8Third-party component: OpenTelemetry-Go7.5🔍 Ongoing
CVE-2023-02862/8/232/4/24Palette 4.4.8Third-party component: OpenSSL7.4🔍 Ongoing
CVE-2020-197112/8/206/21/24Palette 4.4.8Third-party component: Ubuntu5.9🔍 Ongoing
CVE-2021-34493/25/216/21/24Palette 4.4.8Third-party component: Ubuntu5.9🔍 Ongoing
CVE-2021-37118/24/126/21/24Palette 4.4.8Third-party component: Ubuntu9.8🔍 Ongoing
CVE-2022-07783/15/226/21/24Palette 4.4.8Third-party component: Ubuntu7.5🔍 Ongoing
CVE-2021-450791/31/2211/6/23Palette 4.4.8Third-party component: Ubuntu9.1🔍 Ongoing
CVE-2023-552811/14/231/19/24Palette 4.4.8Third-party component: vSphere-CSI8.8🔍 Ongoing
CVE-2023-4448710/10/236/27/24Palette 4.4.8Third-party component: CAPI7.5🔍 Ongoing
CVE-2022-258836/21/2311/6/24Palette 4.4.8Third-party component: CAPI7.5🔍 Ongoing
CVE-2015-88551/23/171/26/12Palette 4.4.8Third-party component: CAPI7.5🔍 Ongoing
PRISMA-2022-02279/12/239/12/23Palette 4.4.8Third-party component: vSphere-CSIN/A🔍 Ongoing