DSA-2021-262: Dell EMC Data Protection Central Security Update for Multiple Security Vulnerabilities
Сводка: Dell EMC Data Protection Central and Dell EMC Integrated Data Protection Appliance (PowerProtect DP Series) remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system. ...
Данная статья применяется к
Данная статья не применяется к
Эта статья не привязана к какому-либо конкретному продукту.
В этой статье указаны не все версии продуктов.
Влияние
High
Подробные сведения
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2021-43588 | Dell EMC Data Protection Central version 19.5 contains an Improper Input Validation Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to denial of service. | 4.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
| CVE-2021-36349 | Dell EMC Data Protection Central versions 19.5 and earlier contain a Server Side Request Forgery vulnerability in the DPC DNS client processing. A remote malicious user may potentially exploit this vulnerability, allowing port scanning of external hosts. | 4.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
| Third-party Component | CVEs | More information |
| ntp | CVE-2016-9310 | See NVD (http://nvd.nist.gov/) for individual scores for each CVE |
| Apache CXF | CVE-2021-30468 | |
| CVE-2021-22696 | ||
| CVE-2020-13954 | ||
| OpenSSL | CVE-2021-3712 | |
| Apache HttpClient | CVE-2014-3577 | |
| CVE-2012-5783 | ||
| CVE-2020-13956 | ||
| CVE-2015-5262 | ||
| CVE-2012-6153 | ||
| Spring Framework | CVE-2021-22118 | |
| Cron-utils | CVE-2020-26238 |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2021-43588 | Dell EMC Data Protection Central version 19.5 contains an Improper Input Validation Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to denial of service. | 4.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
| CVE-2021-36349 | Dell EMC Data Protection Central versions 19.5 and earlier contain a Server Side Request Forgery vulnerability in the DPC DNS client processing. A remote malicious user may potentially exploit this vulnerability, allowing port scanning of external hosts. | 4.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
| Third-party Component | CVEs | More information |
| ntp | CVE-2016-9310 | See NVD (http://nvd.nist.gov/) for individual scores for each CVE |
| Apache CXF | CVE-2021-30468 | |
| CVE-2021-22696 | ||
| CVE-2020-13954 | ||
| OpenSSL | CVE-2021-3712 | |
| Apache HttpClient | CVE-2014-3577 | |
| CVE-2012-5783 | ||
| CVE-2020-13956 | ||
| CVE-2015-5262 | ||
| CVE-2012-6153 | ||
| Spring Framework | CVE-2021-22118 | |
| Cron-utils | CVE-2020-26238 |
Затронутые продукты и исправление
| Product | Affected Versions | Updated Versions | Link to Update |
| Dell EMC Data Protection Central | Versions before 19.6 | 19.6 | Link |
| Dell EMC Integrated Data Protection Appliance (PowerProtect DP Series) |
Versions before 2.7.2 | 2.7.2 |
| Product | Affected Versions | Updated Versions | Link to Update |
| Dell EMC Data Protection Central | Versions before 19.6 | 19.6 | Link |
| Dell EMC Integrated Data Protection Appliance (PowerProtect DP Series) |
Versions before 2.7.2 | 2.7.2 |
История изменений
| Revision | Date | Description |
| 1.0 | 2021/01/10 | Initial Release |
| 1.1 | 2021/01/21 | Corrected CVE Identifier |
| 1.2 | 2022-03-02 | Added Dell EMC Integrated Data Protection Appliance (PowerProtect DP Series) as affected product |
Связанная информация
Правовая оговорка
Затронутые продукты
Data Protection Central, PowerProtect DP4400, Data Protection Central, PowerProtect DP5300, PowerProtect DP5800, PowerProtect DP8300, PowerProtect DP8800, PowerProtect Data Protection Software, Integrated Data Protection Appliance Family
, PowerProtect Data Protection Hardware, Integrated Data Protection Appliance Software, PowerProtect DD6400, PowerProtect DP5900, PowerProtect DP8400, PowerProtect DP8900, Product Security Information
...
Свойства статьи
Номер статьи: 000195103
Тип статьи: Dell Security Advisory
Последнее изменение: 02 Mar 2022
Получите ответы на свои вопросы от других пользователей Dell
Услуги технической поддержки
Проверьте, распространяются ли на ваше устройство услуги технической поддержки.