DSA-2024-070: Security Update for Dell Avamar, Dell Avamar Virtual Edition Multiple Security Vulnerabilities

Summary: Dell Avamar, Dell Avamar Virtual Edition remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Affected Products & Remediation

Affected Products

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.

Check out other resources

Impact

Critical

Details

Third-party Component	CVEs	More Information
Apache Commons BeanUtils	CVE-2019-10086	See NVD link below for individual scores for each CVE. http://nvd.nist.gov/
Apache CXF	CVE-2019-12419	See NVD link below for individual scores for each CVE. http://nvd.nist.gov/
Batik XML utility library	CVE-2018-8013	See NVD link below for individual scores for each CVE. http://nvd.nist.gov/
c3p0:JDBC DataSources/Resource Pools	CVE-2018-20433	See NVD link below for individual scores for each CVE. http://nvd.nist.gov/
Data Mapper for Jackson	CVE-2019-10202	See NVD link below for individual scores for each CVE. http://nvd.nist.gov/
dom4j: flexible XML framework for Java	CVE-2020-10683	See NVD link below for individual scores for each CVE. http://nvd.nist.gov/
jackson-databind	CVE-2019-14893	See NVD link below for individual scores for each CVE. http://nvd.nist.gov/
PostgreSQL JDBC Driver (pgjdbc)	CVE-2022-26520	See NVD link below for individual scores for each CVE. http://nvd.nist.gov/
spring-security-oauth	CVE-2018-1260	See NVD link below for individual scores for each CVE. http://nvd.nist.gov/
SQLite	CVE-2020-11656	See NVD link below for individual scores for each CVE. http://nvd.nist.gov/
thymeleaf-spring5	CVE-2021-43466	See NVD link below for individual scores for each CVE. http://nvd.nist.gov/
XMLBeans	CVE-2021-23926	See NVD link below for individual scores for each CVE. http://nvd.nist.gov/
iText, a JAVA-PDF library	CVE-2017-9096	See NVD link below for individual scores for each CVE. http://nvd.nist.gov/
dom4j: flexible XML framework for Java	CVE-2019-9928	See NVD link below for individual scores for each CVE. http://nvd.nist.gov/
jackson-databind	CVE-2021-46877	See NVD link below for individual scores for each CVE. http://nvd.nist.gov/
Dell BSAFE Crypto-C Micro Edition	CVE-2020-35169, CVE-2013-6078, CVE-2020-29505, CVE-2020-29504, CVE-2019-3728, CVE-2018-11058, CVE-2018-11054, CVE-2015-0536, CVE-2015-0535, CVE-2015-0534, CVE-2015-0533	See NVD link below for individual scores for each CVE. http://nvd.nist.gov/, DSA-2020-286, DSA-2019-079
RabbitMQ	CVE-2019-11281, CVE-2019-11287, CVE-2019-11291	See NVD link below for individual scores for each CVE. http://nvd.nist.gov/

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

CVEs Addressed	Product	Software/Firmware	Affected Versions	Remediated Versions	Link
CVE-2019-10086, CVE-2019-12419, CVE-2018-8013, CVE-2018-20433, CVE-2019-10202, CVE-2020-10683, CVE-2019-14893, CVE-2022-26520, CVE-2018-1260, CVE-2020-11656, CVE-2021-43466, CVE-2021-23926, CVE-2017-9096, CVE-2019-9928, CVE-2021-46877, CVE-2020-35169, CVE-2013-6078, CVE-2020-29505, CVE-2020-29504, CVE-2019-3728, CVE-2018-11058, CVE-2018-11054, CVE-2015-0536, CVE-2015-0535, CVE-2015-0534, CVE-2015-0533, CVE-2019-11287, CVE-2019-11281, CVE-2019-11291	Dell Avamar Data Store Gen4T, Gen5A	Dell Avamar Operating System	Version 19.4, 19.7, 19.8 and 19.9	Version 19.10 or later	AvamarInstallSles-19.10.0-135.avp
CVE-2019-10086, CVE-2019-12419, CVE-2018-8013, CVE-2018-20433, CVE-2019-10202, CVE-2020-10683, CVE-2019-14893, CVE-2022-26520, CVE-2018-1260, CVE-2020-11656, CVE-2021-43466, CVE-2021-23926, CVE-2017-9096, CVE-2019-9928, CVE-2021-46877, CVE-2020-35169, CVE-2013-6078, CVE-2020-29505, CVE-2020-29504, CVE-2019-3728, CVE-2018-11058, CVE-2018-11054, CVE-2015-0536, CVE-2015-0535, CVE-2015-0534, CVE-2015-0533, CVE-2019-11287, CVE-2019-11281, CVE-2019-11291	Avamar 19.10 Virtual Edition for VMware ESXi and vSphere	Dell Avamar Operating System	Version 19.4, 19.7, 19.8 and 19.9	Version 19.10 or later	AVE-19.10.0.135.ovf.7z
CVE-2019-10086, CVE-2019-12419, CVE-2018-8013, CVE-2018-20433, CVE-2019-10202, CVE-2020-10683, CVE-2019-14893, CVE-2022-26520, CVE-2018-1260, CVE-2020-11656, CVE-2021-43466, CVE-2021-23926, CVE-2017-9096, CVE-2019-9928, CVE-2021-46877, CVE-2020-35169, CVE-2013-6078, CVE-2020-29505, CVE-2020-29504, CVE-2019-3728, CVE-2018-11058, CVE-2018-11054, CVE-2015-0536, CVE-2015-0535, CVE-2015-0534, CVE-2015-0533, CVE-2019-11287, CVE-2019-11281, CVE-2019-11291	Avamar 19.10 Virtual Edition for VMware vSphere only	Dell Avamar Operating System	Version 19.4, 19.7, 19.8 and 19.9	Version 19.10 or later	AVE-19.10.0.135.ova
CVE-2019-10086, CVE-2019-12419, CVE-2018-8013, CVE-2018-20433, CVE-2019-10202, CVE-2020-10683, CVE-2019-14893, CVE-2022-26520, CVE-2018-1260, CVE-2020-11656, CVE-2021-43466, CVE-2021-23926, CVE-2017-9096, CVE-2019-9928, CVE-2021-46877, CVE-2020-35169, CVE-2013-6078, CVE-2020-29505, CVE-2020-29504, CVE-2019-3728, CVE-2018-11058, CVE-2018-11054, CVE-2015-0536, CVE-2015-0535, CVE-2015-0534, CVE-2015-0533, CVE-2019-11287, CVE-2019-11281, CVE-2019-11291	Avamar 19.10 Virtual Edition for Hyper-V 2012	Dell Avamar Operating System	Version 19.4, 19.7, 19.8 and 19.9	Version 19.10 or later	AAVE-19.10.0.135-2012.7z
CVE-2019-10086, CVE-2019-12419, CVE-2018-8013, CVE-2018-20433, CVE-2019-10202, CVE-2020-10683, CVE-2019-14893, CVE-2022-26520, CVE-2018-1260, CVE-2020-11656, CVE-2021-43466, CVE-2021-23926, CVE-2017-9096, CVE-2019-9928, CVE-2021-46877, CVE-2020-35169, CVE-2013-6078, CVE-2020-29505, CVE-2020-29504, CVE-2019-3728, CVE-2018-11058, CVE-2018-11054, CVE-2015-0536, CVE-2015-0535, CVE-2015-0534, CVE-2015-0533, CVE-2019-11287, CVE-2019-11281, CVE-2019-11291	Avamar 19.10 Virtual Edition for Hyper-V 2012R2, Hyper-V 2016, and Hyper-V 2019	Dell Avamar Operating System	Version 19.4, 19.7, 19.8 and 19.9	Version 19.10 or later	AAVE-19.10.0.135.7z
CVE-2019-10086, CVE-2019-12419, CVE-2018-8013, CVE-2018-20433, CVE-2019-10202, CVE-2020-10683, CVE-2019-14893, CVE-2022-26520, CVE-2018-1260, CVE-2020-11656, CVE-2021-43466, CVE-2021-23926, CVE-2017-9096, CVE-2019-9928, CVE-2021-46877, CVE-2020-35169, CVE-2013-6078, CVE-2020-29505, CVE-2020-29504, CVE-2019-3728, CVE-2018-11058, CVE-2018-11054, CVE-2015-0536, CVE-2015-0535, CVE-2015-0534, CVE-2015-0533, CVE-2019-11287, CVE-2019-11281, CVE-2019-11291	Avamar 19.10 Virtual Edition for KVM/OpenStack KVM	Dell Avamar Operating System	Version 19.4, 19.7, 19.8 and 19.9	Version 19.10 or later	AVE-19.10.0.135.qcow2.7z

CVEs Addressed	Product	Software/Firmware	Affected Versions	Remediated Versions	Link
CVE-2019-10086, CVE-2019-12419, CVE-2018-8013, CVE-2018-20433, CVE-2019-10202, CVE-2020-10683, CVE-2019-14893, CVE-2022-26520, CVE-2018-1260, CVE-2020-11656, CVE-2021-43466, CVE-2021-23926, CVE-2017-9096, CVE-2019-9928, CVE-2021-46877, CVE-2020-35169, CVE-2013-6078, CVE-2020-29505, CVE-2020-29504, CVE-2019-3728, CVE-2018-11058, CVE-2018-11054, CVE-2015-0536, CVE-2015-0535, CVE-2015-0534, CVE-2015-0533, CVE-2019-11287, CVE-2019-11281, CVE-2019-11291	Dell Avamar Data Store Gen4T, Gen5A	Dell Avamar Operating System	Version 19.4, 19.7, 19.8 and 19.9	Version 19.10 or later	AvamarInstallSles-19.10.0-135.avp
CVE-2019-10086, CVE-2019-12419, CVE-2018-8013, CVE-2018-20433, CVE-2019-10202, CVE-2020-10683, CVE-2019-14893, CVE-2022-26520, CVE-2018-1260, CVE-2020-11656, CVE-2021-43466, CVE-2021-23926, CVE-2017-9096, CVE-2019-9928, CVE-2021-46877, CVE-2020-35169, CVE-2013-6078, CVE-2020-29505, CVE-2020-29504, CVE-2019-3728, CVE-2018-11058, CVE-2018-11054, CVE-2015-0536, CVE-2015-0535, CVE-2015-0534, CVE-2015-0533, CVE-2019-11287, CVE-2019-11281, CVE-2019-11291	Avamar 19.10 Virtual Edition for VMware ESXi and vSphere	Dell Avamar Operating System	Version 19.4, 19.7, 19.8 and 19.9	Version 19.10 or later	AVE-19.10.0.135.ovf.7z
CVE-2019-10086, CVE-2019-12419, CVE-2018-8013, CVE-2018-20433, CVE-2019-10202, CVE-2020-10683, CVE-2019-14893, CVE-2022-26520, CVE-2018-1260, CVE-2020-11656, CVE-2021-43466, CVE-2021-23926, CVE-2017-9096, CVE-2019-9928, CVE-2021-46877, CVE-2020-35169, CVE-2013-6078, CVE-2020-29505, CVE-2020-29504, CVE-2019-3728, CVE-2018-11058, CVE-2018-11054, CVE-2015-0536, CVE-2015-0535, CVE-2015-0534, CVE-2015-0533, CVE-2019-11287, CVE-2019-11281, CVE-2019-11291	Avamar 19.10 Virtual Edition for VMware vSphere only	Dell Avamar Operating System	Version 19.4, 19.7, 19.8 and 19.9	Version 19.10 or later	AVE-19.10.0.135.ova
CVE-2019-10086, CVE-2019-12419, CVE-2018-8013, CVE-2018-20433, CVE-2019-10202, CVE-2020-10683, CVE-2019-14893, CVE-2022-26520, CVE-2018-1260, CVE-2020-11656, CVE-2021-43466, CVE-2021-23926, CVE-2017-9096, CVE-2019-9928, CVE-2021-46877, CVE-2020-35169, CVE-2013-6078, CVE-2020-29505, CVE-2020-29504, CVE-2019-3728, CVE-2018-11058, CVE-2018-11054, CVE-2015-0536, CVE-2015-0535, CVE-2015-0534, CVE-2015-0533, CVE-2019-11287, CVE-2019-11281, CVE-2019-11291	Avamar 19.10 Virtual Edition for Hyper-V 2012	Dell Avamar Operating System	Version 19.4, 19.7, 19.8 and 19.9	Version 19.10 or later	AAVE-19.10.0.135-2012.7z
CVE-2019-10086, CVE-2019-12419, CVE-2018-8013, CVE-2018-20433, CVE-2019-10202, CVE-2020-10683, CVE-2019-14893, CVE-2022-26520, CVE-2018-1260, CVE-2020-11656, CVE-2021-43466, CVE-2021-23926, CVE-2017-9096, CVE-2019-9928, CVE-2021-46877, CVE-2020-35169, CVE-2013-6078, CVE-2020-29505, CVE-2020-29504, CVE-2019-3728, CVE-2018-11058, CVE-2018-11054, CVE-2015-0536, CVE-2015-0535, CVE-2015-0534, CVE-2015-0533, CVE-2019-11287, CVE-2019-11281, CVE-2019-11291	Avamar 19.10 Virtual Edition for Hyper-V 2012R2, Hyper-V 2016, and Hyper-V 2019	Dell Avamar Operating System	Version 19.4, 19.7, 19.8 and 19.9	Version 19.10 or later	AAVE-19.10.0.135.7z
CVE-2019-10086, CVE-2019-12419, CVE-2018-8013, CVE-2018-20433, CVE-2019-10202, CVE-2020-10683, CVE-2019-14893, CVE-2022-26520, CVE-2018-1260, CVE-2020-11656, CVE-2021-43466, CVE-2021-23926, CVE-2017-9096, CVE-2019-9928, CVE-2021-46877, CVE-2020-35169, CVE-2013-6078, CVE-2020-29505, CVE-2020-29504, CVE-2019-3728, CVE-2018-11058, CVE-2018-11054, CVE-2015-0536, CVE-2015-0535, CVE-2015-0534, CVE-2015-0533, CVE-2019-11287, CVE-2019-11281, CVE-2019-11291	Avamar 19.10 Virtual Edition for KVM/OpenStack KVM	Dell Avamar Operating System	Version 19.4, 19.7, 19.8 and 19.9	Version 19.10 or later	AVE-19.10.0.135.qcow2.7z

NOTE: The Integrated Data Protection Appliance product team has confirmed impact and are preparing a remedy. Dell will update this Security Advisory once we have a remedy in place.

The Affected Products and Remediation table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.

Dell recommends that you always upgrade to the latest release/version for your product.
Customers who want to remediate the security vulnerabilities are advised to upgrade to the latest version of Dell Avamar and Dell Avamar Virtual Edition - 19.10.
The existing instances of Dell Avamar, from 19.4,19.7,19.8 and 19.9 can be upgraded to Dell Avamar version 19.10 via the below upgrade packages.
- Dell Avamar Data Store Gen4T/Gen5A - AvamarUpgrade-19.10.0-135.avp
- Dell Avamar Virtual Edition - AvamarUpgrade-19.10.0-135.avp (VMware ESXi and vSphere, VMware vSphere, Hyper-V 2012, Hyper-V 2012R2, Hyper-V 2016, and Hyper-V 2019, KVM/OpenStack KVM)

Revision History

Revision	Date	Description
1.0	2024-02-02	Initial Release
2.0	2024-02-14	Updated for enhanced format presentation with no change to content
3.0	2024-02-15	Updated to include Integrated Data Protection Appliance details

Related Information

Legal Disclaimer

Affected Products

Avamar, Avamar, Avamar Data Store, Avamar Data Store Gen4T, Avamar Data Store Gen5A, Avamar Server, Avamar Virtual Edition, Integrated Data Protection Appliance Family, Integrated Data Protection Appliance Software, Product Security Information

Article Number: 000221770

Article Type: Dell Security Advisory

Last Modified: 09 Sept 2025

Check if your device is covered by Support Services.

DSA-2024-070: Security Update for Dell Avamar, Dell Avamar Virtual Edition Multiple Security Vulnerabilities

Summary: Dell Avamar, Dell Avamar Virtual Edition remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Impact

Details

Affected Products & Remediation

Revision History

Related Info

Legal Disclaimer

Affected Products

Impact

Details

Affected Products & Remediation

Revision History

Related Information

Legal Disclaimer

Affected Products

Article Properties

Find answers to your questions from other Dell users

Support Services

Article Properties

Find answers to your questions from other Dell users

Support Services

DSA-2024-070: Security Update for Dell Avamar, Dell Avamar Virtual Edition Multiple Security Vulnerabilities

Summary: Dell Avamar, Dell Avamar Virtual Edition remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Detailed Article

Impact

Details

Affected Products & Remediation

Revision History

Related Info

Legal Disclaimer

Affected Products

Impact

Details

Affected Products & Remediation

Revision History

Related Information

Legal Disclaimer

Affected Products

Article Properties

Find answers to your questions from other Dell users

Support Services

Article Properties

Find answers to your questions from other Dell users

Support Services