DSA-2021-125: Dell EMC NetWorker Security Update for Multiple Vulnerabilities

Sommaire: Dell EMC NetWorker remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

Cet article s’applique à Cet article ne s’applique pas à Cet article n’est lié à aucun produit spécifique. Toutes les versions de produits ne sont pas identifiées dans cet article.
Consulter d’autres ressources

Impact

Medium

Détails

 
Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2021-21600 Dell NetWorker 19.4 or earlier contains an uncontrolled resource consumption flaw in its API service. An authorized API user may potentially exploit this vulnerability using the web and desktop user interfaces, leading to denial of service in the manageability path. 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
 
Third-Party Component CVEs More Information
OpenSSL CVE-2020-1971 See NVD (http://nvd.nist.gov/) for individual scores for each CVE.
Apache Tomcat CVE-2020-1935
CVE-2021-24122

 
Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2021-21600 Dell NetWorker 19.4 or earlier contains an uncontrolled resource consumption flaw in its API service. An authorized API user may potentially exploit this vulnerability using the web and desktop user interfaces, leading to denial of service in the manageability path. 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
 
Third-Party Component CVEs More Information
OpenSSL CVE-2020-1971 See NVD (http://nvd.nist.gov/) for individual scores for each CVE.
Apache Tomcat CVE-2020-1935
CVE-2021-24122

Dell Technologies recommande à tous ses clients de tenir compte à la fois du score de base CVSS et de tous les scores temporels et environnementaux pertinents qui pourraient avoir une incidence sur la gravité potentielle associée à une vulnérabilité de sécurité particulière.

Produits touchés et correction

CVEs Addressed Product Affected Versions Updated Versions Link to Update
CVE-2021-21600 Dell EMC NetWorker 18.x, 19.1.x, 19.2.x 19.3.x, and 19.4.x prior to 19.4.0.4.
  • 19.4.0.4
  • 19.5.0 and later.
 https://www.dell.com/support/home/en-in/product-support/product/networker/drivers
CVE-2020-1971 18.x, 19.1.x, 19.2.x 19.3.x, and 19.4.x.  19.5.0 and later.
CVE-2020-1935
CVE-2021-24122
CVEs Addressed Product Affected Versions Updated Versions Link to Update
CVE-2021-21600 Dell EMC NetWorker 18.x, 19.1.x, 19.2.x 19.3.x, and 19.4.x prior to 19.4.0.4.
  • 19.4.0.4
  • 19.5.0 and later.
 https://www.dell.com/support/home/en-in/product-support/product/networker/drivers
CVE-2020-1971 18.x, 19.1.x, 19.2.x 19.3.x, and 19.4.x.  19.5.0 and later.
CVE-2020-1935
CVE-2021-24122

Historique de révision

RevisionDateDescription
1.02021-07-20Initial Release
1.12021-09-02Updated "Affected Products and Remediation" Section

Reconnaissances

CVE-2021-21600: Dell Technologies would like to thank J-M Roth for reporting this issue.

Renseignements connexes

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Avis de non-responsabilité

Produits touchés

NetWorker, Product Security Information
Propriétés de l’article
Numéro d’article: 000189694
Type d’article: Dell Security Advisory
Dernière modification: 02 sept. 2021
Obtenez des réponses à vos questions auprès d’autre utilisateurs de Dell
Services de soutien
Vérifiez si votre appareil est couvert par les services de soutien.