DSA-2021-125: Dell EMC NetWorker Security Update for Multiple Vulnerabilities
Sommaire: Dell EMC NetWorker remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.
Cet article s’applique à
Cet article ne s’applique pas à
Cet article n’est lié à aucun produit spécifique.
Toutes les versions de produits ne sont pas identifiées dans cet article.
Impact
Medium
Détails
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2021-21600 | Dell NetWorker 19.4 or earlier contains an uncontrolled resource consumption flaw in its API service. An authorized API user may potentially exploit this vulnerability using the web and desktop user interfaces, leading to denial of service in the manageability path. | 6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
| Third-Party Component | CVEs | More Information |
| OpenSSL | CVE-2020-1971 | See NVD (http://nvd.nist.gov/) for individual scores for each CVE. |
| Apache Tomcat | CVE-2020-1935 | |
| CVE-2021-24122 |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2021-21600 | Dell NetWorker 19.4 or earlier contains an uncontrolled resource consumption flaw in its API service. An authorized API user may potentially exploit this vulnerability using the web and desktop user interfaces, leading to denial of service in the manageability path. | 6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
| Third-Party Component | CVEs | More Information |
| OpenSSL | CVE-2020-1971 | See NVD (http://nvd.nist.gov/) for individual scores for each CVE. |
| Apache Tomcat | CVE-2020-1935 | |
| CVE-2021-24122 |
Produits touchés et correction
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2021-21600 | Dell EMC NetWorker | 18.x, 19.1.x, 19.2.x 19.3.x, and 19.4.x prior to 19.4.0.4. |
|
https://www.dell.com/support/home/en-in/product-support/product/networker/drivers |
| CVE-2020-1971 | 18.x, 19.1.x, 19.2.x 19.3.x, and 19.4.x. | 19.5.0 and later. | ||
| CVE-2020-1935 | ||||
| CVE-2021-24122 |
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2021-21600 | Dell EMC NetWorker | 18.x, 19.1.x, 19.2.x 19.3.x, and 19.4.x prior to 19.4.0.4. |
|
https://www.dell.com/support/home/en-in/product-support/product/networker/drivers |
| CVE-2020-1971 | 18.x, 19.1.x, 19.2.x 19.3.x, and 19.4.x. | 19.5.0 and later. | ||
| CVE-2020-1935 | ||||
| CVE-2021-24122 |
Historique de révision
| Revision | Date | Description |
| 1.0 | 2021-07-20 | Initial Release |
| 1.1 | 2021-09-02 | Updated "Affected Products and Remediation" Section |
Reconnaissances
CVE-2021-21600: Dell Technologies would like to thank J-M Roth for reporting this issue.
Renseignements connexes
Avis de non-responsabilité
Produits touchés
NetWorker, Product Security InformationPropriétés de l’article
Numéro d’article: 000189694
Type d’article: Dell Security Advisory
Dernière modification: 02 sept. 2021
Obtenez des réponses à vos questions auprès d’autre utilisateurs de Dell
Services de soutien
Vérifiez si votre appareil est couvert par les services de soutien.