DSA-2021-262: Dell EMC Data Protection Central Security Update for Multiple Security Vulnerabilities

Resumen: Dell EMC Data Protection Central and Dell EMC Integrated Data Protection Appliance (PowerProtect DP Series) remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system. ...

Este artículo se aplica a Este artículo no se aplica a Este artículo no está vinculado a ningún producto específico. No se identifican todas las versiones del producto en este artículo.
Consulte estos recursos

Impacto

High

Detalles

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2021-43588 Dell EMC Data Protection Central version 19.5 contains an Improper Input Validation Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to denial of service. 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CVE-2021-36349 Dell EMC Data Protection Central versions 19.5 and earlier contain a Server Side Request Forgery vulnerability in the DPC DNS client processing. A remote malicious user may potentially exploit this vulnerability, allowing port scanning of external hosts. 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
 
Third-party Component CVEs More information
ntp CVE-2016-9310 See NVD (http://nvd.nist.gov/) for individual scores for each CVE
Apache CXF CVE-2021-30468
CVE-2021-22696
CVE-2020-13954
OpenSSL CVE-2021-3712
Apache HttpClient CVE-2014-3577
CVE-2012-5783
CVE-2020-13956
CVE-2015-5262
CVE-2012-6153
Spring Framework CVE-2021-22118
Cron-utils CVE-2020-26238
Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2021-43588 Dell EMC Data Protection Central version 19.5 contains an Improper Input Validation Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to denial of service. 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CVE-2021-36349 Dell EMC Data Protection Central versions 19.5 and earlier contain a Server Side Request Forgery vulnerability in the DPC DNS client processing. A remote malicious user may potentially exploit this vulnerability, allowing port scanning of external hosts. 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
 
Third-party Component CVEs More information
ntp CVE-2016-9310 See NVD (http://nvd.nist.gov/) for individual scores for each CVE
Apache CXF CVE-2021-30468
CVE-2021-22696
CVE-2020-13954
OpenSSL CVE-2021-3712
Apache HttpClient CVE-2014-3577
CVE-2012-5783
CVE-2020-13956
CVE-2015-5262
CVE-2012-6153
Spring Framework CVE-2021-22118
Cron-utils CVE-2020-26238
Dell Technologies recomienda que todos los clientes tengan en cuenta tanto la puntuación base como cualquier otra puntuación ambiental y temporal relevante que pueda afectar la posible gravedad asociada con la vulnerabilidad de seguridad en particular.

Corrección y productos afectados

Product Affected Versions Updated Versions Link to Update
Dell EMC Data Protection Central Versions before 19.6 19.6 Link
Dell EMC Integrated Data Protection Appliance (PowerProtect DP Series)
 		 Versions before 2.7.2 2.7.2  
Product Affected Versions Updated Versions Link to Update
Dell EMC Data Protection Central Versions before 19.6 19.6 Link
Dell EMC Integrated Data Protection Appliance (PowerProtect DP Series)
 		 Versions before 2.7.2 2.7.2  

Historial de revisiones

RevisionDateDescription
1.02021/01/10Initial Release
1.12021/01/21Corrected CVE Identifier
1.22022-03-02Added Dell EMC Integrated Data Protection Appliance (PowerProtect DP Series) as affected product

Información relacionada

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Descargo de responsabilidad

Productos afectados

Data Protection Central, PowerProtect DP4400, Data Protection Central, PowerProtect DP5300, PowerProtect DP5800, PowerProtect DP8300, PowerProtect DP8800, PowerProtect Data Protection Software, Integrated Data Protection Appliance Family , PowerProtect Data Protection Hardware, Integrated Data Protection Appliance Software, PowerProtect DD6400, PowerProtect DP5900, PowerProtect DP8400, PowerProtect DP8900, Product Security Information ...
Propiedades del artículo
Número del artículo: 000195103
Tipo de artículo: Dell Security Advisory
Última modificación: 02 mar 2022
Encuentre respuestas a sus preguntas de otros usuarios de Dell
Servicios de soporte
Compruebe si el dispositivo está cubierto por los servicios de soporte.