DSA-2021-262: Dell EMC Data Protection Central Security Update for Multiple Security Vulnerabilities
Summary: Dell EMC Data Protection Central and Dell EMC Integrated Data Protection Appliance (PowerProtect DP Series) remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system. ...
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Impact
High
Details
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2021-43588 | Dell EMC Data Protection Central version 19.5 contains an Improper Input Validation Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to denial of service. | 4.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
| CVE-2021-36349 | Dell EMC Data Protection Central versions 19.5 and earlier contain a Server Side Request Forgery vulnerability in the DPC DNS client processing. A remote malicious user may potentially exploit this vulnerability, allowing port scanning of external hosts. | 4.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
| Third-party Component | CVEs | More information |
| ntp | CVE-2016-9310 | See NVD (http://nvd.nist.gov/) for individual scores for each CVE |
| Apache CXF | CVE-2021-30468 | |
| CVE-2021-22696 | ||
| CVE-2020-13954 | ||
| OpenSSL | CVE-2021-3712 | |
| Apache HttpClient | CVE-2014-3577 | |
| CVE-2012-5783 | ||
| CVE-2020-13956 | ||
| CVE-2015-5262 | ||
| CVE-2012-6153 | ||
| Spring Framework | CVE-2021-22118 | |
| Cron-utils | CVE-2020-26238 |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2021-43588 | Dell EMC Data Protection Central version 19.5 contains an Improper Input Validation Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to denial of service. | 4.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
| CVE-2021-36349 | Dell EMC Data Protection Central versions 19.5 and earlier contain a Server Side Request Forgery vulnerability in the DPC DNS client processing. A remote malicious user may potentially exploit this vulnerability, allowing port scanning of external hosts. | 4.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
| Third-party Component | CVEs | More information |
| ntp | CVE-2016-9310 | See NVD (http://nvd.nist.gov/) for individual scores for each CVE |
| Apache CXF | CVE-2021-30468 | |
| CVE-2021-22696 | ||
| CVE-2020-13954 | ||
| OpenSSL | CVE-2021-3712 | |
| Apache HttpClient | CVE-2014-3577 | |
| CVE-2012-5783 | ||
| CVE-2020-13956 | ||
| CVE-2015-5262 | ||
| CVE-2012-6153 | ||
| Spring Framework | CVE-2021-22118 | |
| Cron-utils | CVE-2020-26238 |
Affected Products & Remediation
| Product | Affected Versions | Updated Versions | Link to Update |
| Dell EMC Data Protection Central | Versions before 19.6 | 19.6 | Link |
| Dell EMC Integrated Data Protection Appliance (PowerProtect DP Series) |
Versions before 2.7.2 | 2.7.2 |
| Product | Affected Versions | Updated Versions | Link to Update |
| Dell EMC Data Protection Central | Versions before 19.6 | 19.6 | Link |
| Dell EMC Integrated Data Protection Appliance (PowerProtect DP Series) |
Versions before 2.7.2 | 2.7.2 |
Revision History
| Revision | Date | Description |
| 1.0 | 2021/01/10 | Initial Release |
| 1.1 | 2021/01/21 | Corrected CVE Identifier |
| 1.2 | 2022-03-02 | Added Dell EMC Integrated Data Protection Appliance (PowerProtect DP Series) as affected product |
Related Information
Legal Disclaimer
Affected Products
Data Protection Central, PowerProtect DP4400, Data Protection Central, PowerProtect DP5300, PowerProtect DP5800, PowerProtect DP8300, PowerProtect DP8800, PowerProtect Data Protection Software, Integrated Data Protection Appliance Family
, PowerProtect Data Protection Hardware, Integrated Data Protection Appliance Software, PowerProtect DD6400, PowerProtect DP5900, PowerProtect DP8400, PowerProtect DP8900, Product Security Information
...
Article Properties
Article Number: 000195103
Article Type: Dell Security Advisory
Last Modified: 02 Mar 2022
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.