DSA-2021-125: Dell EMC NetWorker Security Update for Multiple Vulnerabilities
Summary: Dell EMC NetWorker remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.
Αυτό το άρθρο ισχύει για
Αυτό το άρθρο δεν ισχύει για
Αυτό το άρθρο δεν συνδέεται με κάποιο συγκεκριμένο προϊόν.
Δεν προσδιορίζονται όλες οι εκδόσεις προϊόντων σε αυτό το άρθρο.
Impact
Medium
Details
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2021-21600 | Dell NetWorker 19.4 or earlier contains an uncontrolled resource consumption flaw in its API service. An authorized API user may potentially exploit this vulnerability using the web and desktop user interfaces, leading to denial of service in the manageability path. | 6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
| Third-Party Component | CVEs | More Information |
| OpenSSL | CVE-2020-1971 | See NVD (http://nvd.nist.gov/) for individual scores for each CVE. |
| Apache Tomcat | CVE-2020-1935 | |
| CVE-2021-24122 |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2021-21600 | Dell NetWorker 19.4 or earlier contains an uncontrolled resource consumption flaw in its API service. An authorized API user may potentially exploit this vulnerability using the web and desktop user interfaces, leading to denial of service in the manageability path. | 6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
| Third-Party Component | CVEs | More Information |
| OpenSSL | CVE-2020-1971 | See NVD (http://nvd.nist.gov/) for individual scores for each CVE. |
| Apache Tomcat | CVE-2020-1935 | |
| CVE-2021-24122 |
Επηρεαζόμενα προϊόντα και αποκατάσταση
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2021-21600 | Dell EMC NetWorker | 18.x, 19.1.x, 19.2.x 19.3.x, and 19.4.x prior to 19.4.0.4. |
|
https://www.dell.com/support/home/en-in/product-support/product/networker/drivers |
| CVE-2020-1971 | 18.x, 19.1.x, 19.2.x 19.3.x, and 19.4.x. | 19.5.0 and later. | ||
| CVE-2020-1935 | ||||
| CVE-2021-24122 |
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2021-21600 | Dell EMC NetWorker | 18.x, 19.1.x, 19.2.x 19.3.x, and 19.4.x prior to 19.4.0.4. |
|
https://www.dell.com/support/home/en-in/product-support/product/networker/drivers |
| CVE-2020-1971 | 18.x, 19.1.x, 19.2.x 19.3.x, and 19.4.x. | 19.5.0 and later. | ||
| CVE-2020-1935 | ||||
| CVE-2021-24122 |
Revision History
| Revision | Date | Description |
| 1.0 | 2021-07-20 | Initial Release |
| 1.1 | 2021-09-02 | Updated "Affected Products and Remediation" Section |
Acknowledgements
CVE-2021-21600: Dell Technologies would like to thank J-M Roth for reporting this issue.
Related Information
Νομική αποποίηση ευθύνης
Επηρεαζόμενα προϊόντα
NetWorker, Product Security InformationΙδιότητες άρθρου
Article Number: 000189694
Article Type: Dell Security Advisory
Τελευταία τροποποίηση: 02 Σεπ 2021
Βρείτε απαντήσεις στις ερωτήσεις σας από άλλους χρήστες της Dell
Υπηρεσίες υποστήριξης
Ελέγξτε αν η συσκευή σας καλύπτεται από τις Υπηρεσίες υποστήριξης.