DSA-2021-262: Dell EMC Data Protection Central Security Update for Multiple Security Vulnerabilities

Résumé: Dell EMC Data Protection Central and Dell EMC Integrated Data Protection Appliance (PowerProtect DP Series) remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system. ...

Cet article concerne Cet article ne concerne pas Cet article n’est associé à aucun produit spécifique. Toutes les versions du produit ne sont pas identifiées dans cet article.
Consulter d’autres ressources

Impact

High

Détails

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2021-43588 Dell EMC Data Protection Central version 19.5 contains an Improper Input Validation Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to denial of service. 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CVE-2021-36349 Dell EMC Data Protection Central versions 19.5 and earlier contain a Server Side Request Forgery vulnerability in the DPC DNS client processing. A remote malicious user may potentially exploit this vulnerability, allowing port scanning of external hosts. 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
 
Third-party Component CVEs More information
ntp CVE-2016-9310 See NVD (http://nvd.nist.gov/) for individual scores for each CVE
Apache CXF CVE-2021-30468
CVE-2021-22696
CVE-2020-13954
OpenSSL CVE-2021-3712
Apache HttpClient CVE-2014-3577
CVE-2012-5783
CVE-2020-13956
CVE-2015-5262
CVE-2012-6153
Spring Framework CVE-2021-22118
Cron-utils CVE-2020-26238
Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2021-43588 Dell EMC Data Protection Central version 19.5 contains an Improper Input Validation Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to denial of service. 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CVE-2021-36349 Dell EMC Data Protection Central versions 19.5 and earlier contain a Server Side Request Forgery vulnerability in the DPC DNS client processing. A remote malicious user may potentially exploit this vulnerability, allowing port scanning of external hosts. 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
 
Third-party Component CVEs More information
ntp CVE-2016-9310 See NVD (http://nvd.nist.gov/) for individual scores for each CVE
Apache CXF CVE-2021-30468
CVE-2021-22696
CVE-2020-13954
OpenSSL CVE-2021-3712
Apache HttpClient CVE-2014-3577
CVE-2012-5783
CVE-2020-13956
CVE-2015-5262
CVE-2012-6153
Spring Framework CVE-2021-22118
Cron-utils CVE-2020-26238
Dell Technologies recommande à tous les clients de prendre en compte à la fois le score de base CVSS et les scores temporels et environnementaux pertinents qui peuvent avoir un impact sur la gravité potentielle associée à une faille de sécurité donnée.

Produits concernés et mesure corrective

Product Affected Versions Updated Versions Link to Update
Dell EMC Data Protection Central Versions before 19.6 19.6 Link
Dell EMC Integrated Data Protection Appliance (PowerProtect DP Series)
 		 Versions before 2.7.2 2.7.2  
Product Affected Versions Updated Versions Link to Update
Dell EMC Data Protection Central Versions before 19.6 19.6 Link
Dell EMC Integrated Data Protection Appliance (PowerProtect DP Series)
 		 Versions before 2.7.2 2.7.2  

Historique des révisions

RevisionDateDescription
1.02021/01/10Initial Release
1.12021/01/21Corrected CVE Identifier
1.22022-03-02Added Dell EMC Integrated Data Protection Appliance (PowerProtect DP Series) as affected product

Informations connexes

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Mention légale

Produits concernés

Data Protection Central, PowerProtect DP4400, Data Protection Central, PowerProtect DP5300, PowerProtect DP5800, PowerProtect DP8300, PowerProtect DP8800, PowerProtect Data Protection Software, Integrated Data Protection Appliance Family , PowerProtect Data Protection Hardware, Integrated Data Protection Appliance Software, PowerProtect DD6400, PowerProtect DP5900, PowerProtect DP8400, PowerProtect DP8900, Product Security Information ...
Propriétés de l’article
Numéro d’article: 000195103
Type d’article: Dell Security Advisory
Dernière modification: 02 mars 2022
Trouvez des réponses à vos questions auprès d’autres utilisateurs Dell
Services de support
Vérifiez si votre appareil est couvert par les services de support.