DSA-2021-147: Dell EMC Data Protection Search and Dell EMC PowerProtect Data Protection Security Update for Multiple Vulnerabilities

Summary: Dell EMC Data Protection Search and Dell EMC PowerProtect Data Protection remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system. ...

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Impact

High

Details

 
Proprietary Code CVE Description CVSS Base Score CVSS Vector String
CVE-2021-21601 Dell EMC Data Protection Search, versions 19.4 and earlier, and IDPA, versions 2.6.1 and earlier, contain an Information Exposure in Log File Vulnerability in CIS. A local low privileged attacker may potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with the privileges of the compromised account. 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
 
Third-party Component  CVEs More information
OpenSSL CVE-2020-1971 See NVD (http://nvd.nist.gov/) for individual scores for each CVE.
Grub2 CVE-2020-14372
CVE-2020-25632
CVE-2020-25647
CVE-2020-27749
CVE-2020-27779
CVE-2021-20225
CVE-2021-20233
SuSE CVE-2020-28374
CVE-2020-36158
CVE-2020-27825
CVE-2020-0466
CVE-2020-27068
CVE-2020-0465
CVE-2020-0444
CVE-2020-29660
CVE-2020-29661
CVE-2020-27777
CVE-2019-20934
CVE-2020-27786
CVE-2020-4788
CVE-2018-20669
Oracle JRE CVE-2020-14803
CVE-2020-14792
CVE-2020-14781
CVE-2020-14782
CVE-2020-14797
CVE-2020-14779
CVE-2020-14796
CVE-2020-14798
CVE-2020-14803
CVE-2021-2161
CVE-2021-2163		 https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixJAVA

https://www.oracle.com/security-alerts/cpujan2021.html#AppendixJAVA

https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixJAVA

 
Proprietary Code CVE Description CVSS Base Score CVSS Vector String
CVE-2021-21601 Dell EMC Data Protection Search, versions 19.4 and earlier, and IDPA, versions 2.6.1 and earlier, contain an Information Exposure in Log File Vulnerability in CIS. A local low privileged attacker may potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with the privileges of the compromised account. 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
 
Third-party Component  CVEs More information
OpenSSL CVE-2020-1971 See NVD (http://nvd.nist.gov/) for individual scores for each CVE.
Grub2 CVE-2020-14372
CVE-2020-25632
CVE-2020-25647
CVE-2020-27749
CVE-2020-27779
CVE-2021-20225
CVE-2021-20233
SuSE CVE-2020-28374
CVE-2020-36158
CVE-2020-27825
CVE-2020-0466
CVE-2020-27068
CVE-2020-0465
CVE-2020-0444
CVE-2020-29660
CVE-2020-29661
CVE-2020-27777
CVE-2019-20934
CVE-2020-27786
CVE-2020-4788
CVE-2018-20669
Oracle JRE CVE-2020-14803
CVE-2020-14792
CVE-2020-14781
CVE-2020-14782
CVE-2020-14797
CVE-2020-14779
CVE-2020-14796
CVE-2020-14798
CVE-2020-14803
CVE-2021-2161
CVE-2021-2163		 https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixJAVA

https://www.oracle.com/security-alerts/cpujan2021.html#AppendixJAVA

https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixJAVA

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

Product Affected Versions Updated Versions Link to Update
Dell EMC Data Protection Search Versions before 19.5 19.5 https://dl.dell.com/downloads/DL104088_Search-19.5.0-upgrade-package.zip
 
Dell EMC Integrated Data Protection Appliance Versions before 2.7

2.7		 Expected release date August 2021.  
Product Affected Versions Updated Versions Link to Update
Dell EMC Data Protection Search Versions before 19.5 19.5 https://dl.dell.com/downloads/DL104088_Search-19.5.0-upgrade-package.zip
 
Dell EMC Integrated Data Protection Appliance Versions before 2.7

2.7		 Expected release date August 2021.  

Workarounds & Mitigations

None.

Revision History

RevisionDateDescription
1.02021-07-22Initial Release
1.12021-11-03Updated Product Tagging

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Disclaimer

Affected Products

Data Protection Search, PowerProtect Data Protection Software, Integrated Data Protection Appliance Family, PowerProtect Data Protection Hardware, Integrated Data Protection Appliance Software, Product Security Information
Article Properties
Article Number: 000189555
Article Type: Dell Security Advisory
Last Modified: 04 Nov 2021
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.