DSA-2021-147: Dell EMC Data Protection Search and Dell EMC PowerProtect Data Protection Security Update for Multiple Vulnerabilities
Résumé: Dell EMC Data Protection Search and Dell EMC PowerProtect Data Protection remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system. ...
Cet article concerne
Cet article ne concerne pas
Cet article n’est associé à aucun produit spécifique.
Toutes les versions du produit ne sont pas identifiées dans cet article.
Impact
High
Détails
| Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
| CVE-2021-21601 | Dell EMC Data Protection Search, versions 19.4 and earlier, and IDPA, versions 2.6.1 and earlier, contain an Information Exposure in Log File Vulnerability in CIS. A local low privileged attacker may potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with the privileges of the compromised account. | 8.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
| Third-party Component | CVEs | More information |
| OpenSSL | CVE-2020-1971 | See NVD (http://nvd.nist.gov/) for individual scores for each CVE. |
| Grub2 | CVE-2020-14372 CVE-2020-25632 CVE-2020-25647 CVE-2020-27749 CVE-2020-27779 CVE-2021-20225 CVE-2021-20233 |
|
| SuSE | CVE-2020-28374 CVE-2020-36158 CVE-2020-27825 CVE-2020-0466 CVE-2020-27068 CVE-2020-0465 CVE-2020-0444 CVE-2020-29660 CVE-2020-29661 CVE-2020-27777 CVE-2019-20934 CVE-2020-27786 CVE-2020-4788 CVE-2018-20669 |
|
| Oracle JRE | CVE-2020-14803 CVE-2020-14792 CVE-2020-14781 CVE-2020-14782 CVE-2020-14797 CVE-2020-14779 CVE-2020-14796 CVE-2020-14798 CVE-2020-14803 CVE-2021-2161 CVE-2021-2163 |
https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixJAVA https://www.oracle.com/security-alerts/cpujan2021.html#AppendixJAVA https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixJAVA |
| Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
| CVE-2021-21601 | Dell EMC Data Protection Search, versions 19.4 and earlier, and IDPA, versions 2.6.1 and earlier, contain an Information Exposure in Log File Vulnerability in CIS. A local low privileged attacker may potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with the privileges of the compromised account. | 8.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
| Third-party Component | CVEs | More information |
| OpenSSL | CVE-2020-1971 | See NVD (http://nvd.nist.gov/) for individual scores for each CVE. |
| Grub2 | CVE-2020-14372 CVE-2020-25632 CVE-2020-25647 CVE-2020-27749 CVE-2020-27779 CVE-2021-20225 CVE-2021-20233 |
|
| SuSE | CVE-2020-28374 CVE-2020-36158 CVE-2020-27825 CVE-2020-0466 CVE-2020-27068 CVE-2020-0465 CVE-2020-0444 CVE-2020-29660 CVE-2020-29661 CVE-2020-27777 CVE-2019-20934 CVE-2020-27786 CVE-2020-4788 CVE-2018-20669 |
|
| Oracle JRE | CVE-2020-14803 CVE-2020-14792 CVE-2020-14781 CVE-2020-14782 CVE-2020-14797 CVE-2020-14779 CVE-2020-14796 CVE-2020-14798 CVE-2020-14803 CVE-2021-2161 CVE-2021-2163 |
https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixJAVA https://www.oracle.com/security-alerts/cpujan2021.html#AppendixJAVA https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixJAVA |
Produits concernés et mesure corrective
| Product | Affected Versions | Updated Versions | Link to Update | ||
| Dell EMC Data Protection Search | Versions before 19.5 | 19.5 | https://dl.dell.com/downloads/DL104088_Search-19.5.0-upgrade-package.zip |
||
| Dell EMC Integrated Data Protection Appliance | Versions before 2.7 | 2.7 |
Expected release date August 2021. | ||
| Product | Affected Versions | Updated Versions | Link to Update | ||
| Dell EMC Data Protection Search | Versions before 19.5 | 19.5 | https://dl.dell.com/downloads/DL104088_Search-19.5.0-upgrade-package.zip |
||
| Dell EMC Integrated Data Protection Appliance | Versions before 2.7 | 2.7 |
Expected release date August 2021. | ||
Solutions de contournement et mesures d’atténuation
None.
Historique des révisions
| Revision | Date | Description |
| 1.0 | 2021-07-22 | Initial Release |
| 1.1 | 2021-11-03 | Updated Product Tagging |
Informations connexes
Mention légale
Produits concernés
Data Protection Search, PowerProtect Data Protection Software, Integrated Data Protection Appliance Family, PowerProtect Data Protection Hardware, Integrated Data Protection Appliance Software, Product Security InformationPropriétés de l’article
Numéro d’article: 000189555
Type d’article: Dell Security Advisory
Dernière modification: 04 Nov 2021
Trouvez des réponses à vos questions auprès d’autres utilisateurs Dell
Services de support
Vérifiez si votre appareil est couvert par les services de support.