DSA-2021-262: Dell EMC Data Protection Central Security Update for Multiple Security Vulnerabilities
Résumé: Dell EMC Data Protection Central and Dell EMC Integrated Data Protection Appliance (PowerProtect DP Series) remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system. ...
Cet article concerne
Cet article ne concerne pas
Cet article n’est associé à aucun produit spécifique.
Toutes les versions du produit ne sont pas identifiées dans cet article.
Impact
High
Détails
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2021-43588 | Dell EMC Data Protection Central version 19.5 contains an Improper Input Validation Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to denial of service. | 4.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
| CVE-2021-36349 | Dell EMC Data Protection Central versions 19.5 and earlier contain a Server Side Request Forgery vulnerability in the DPC DNS client processing. A remote malicious user may potentially exploit this vulnerability, allowing port scanning of external hosts. | 4.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
| Third-party Component | CVEs | More information |
| ntp | CVE-2016-9310 | See NVD (http://nvd.nist.gov/) for individual scores for each CVE |
| Apache CXF | CVE-2021-30468 | |
| CVE-2021-22696 | ||
| CVE-2020-13954 | ||
| OpenSSL | CVE-2021-3712 | |
| Apache HttpClient | CVE-2014-3577 | |
| CVE-2012-5783 | ||
| CVE-2020-13956 | ||
| CVE-2015-5262 | ||
| CVE-2012-6153 | ||
| Spring Framework | CVE-2021-22118 | |
| Cron-utils | CVE-2020-26238 |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2021-43588 | Dell EMC Data Protection Central version 19.5 contains an Improper Input Validation Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to denial of service. | 4.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
| CVE-2021-36349 | Dell EMC Data Protection Central versions 19.5 and earlier contain a Server Side Request Forgery vulnerability in the DPC DNS client processing. A remote malicious user may potentially exploit this vulnerability, allowing port scanning of external hosts. | 4.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
| Third-party Component | CVEs | More information |
| ntp | CVE-2016-9310 | See NVD (http://nvd.nist.gov/) for individual scores for each CVE |
| Apache CXF | CVE-2021-30468 | |
| CVE-2021-22696 | ||
| CVE-2020-13954 | ||
| OpenSSL | CVE-2021-3712 | |
| Apache HttpClient | CVE-2014-3577 | |
| CVE-2012-5783 | ||
| CVE-2020-13956 | ||
| CVE-2015-5262 | ||
| CVE-2012-6153 | ||
| Spring Framework | CVE-2021-22118 | |
| Cron-utils | CVE-2020-26238 |
Produits concernés et mesure corrective
| Product | Affected Versions | Updated Versions | Link to Update |
| Dell EMC Data Protection Central | Versions before 19.6 | 19.6 | Link |
| Dell EMC Integrated Data Protection Appliance (PowerProtect DP Series) |
Versions before 2.7.2 | 2.7.2 |
| Product | Affected Versions | Updated Versions | Link to Update |
| Dell EMC Data Protection Central | Versions before 19.6 | 19.6 | Link |
| Dell EMC Integrated Data Protection Appliance (PowerProtect DP Series) |
Versions before 2.7.2 | 2.7.2 |
Historique des révisions
| Revision | Date | Description |
| 1.0 | 2021/01/10 | Initial Release |
| 1.1 | 2021/01/21 | Corrected CVE Identifier |
| 1.2 | 2022-03-02 | Added Dell EMC Integrated Data Protection Appliance (PowerProtect DP Series) as affected product |
Informations connexes
Mention légale
Produits concernés
Data Protection Central, PowerProtect DP4400, Data Protection Central, PowerProtect DP5300, PowerProtect DP5800, PowerProtect DP8300, PowerProtect DP8800, PowerProtect Data Protection Software, Integrated Data Protection Appliance Family
, PowerProtect Data Protection Hardware, Integrated Data Protection Appliance Software, PowerProtect DD6400, PowerProtect DP5900, PowerProtect DP8400, PowerProtect DP8900, Product Security Information
...
Propriétés de l’article
Numéro d’article: 000195103
Type d’article: Dell Security Advisory
Dernière modification: 02 mars 2022
Trouvez des réponses à vos questions auprès d’autres utilisateurs Dell
Services de support
Vérifiez si votre appareil est couvert par les services de support.