DSA-2024-070: Security Update for Dell Avamar, Dell Avamar Virtual Edition Multiple Security Vulnerabilities

Oversigt: Dell Avamar, Dell Avamar Virtual Edition remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Berørte produkter og udbedring

Berørte produkter

Denne artikel gælder for Denne artikel gælder ikke for Denne artikel er ikke knyttet til et bestemt produkt. Det er ikke alle produktversioner, der er identificeret i denne artikel.

Udforsk andre ressourcer

Virkning

Critical

Oplysninger

Third-party Component	CVEs	More Information
Apache Commons BeanUtils	CVE-2019-10086	See NVD link below for individual scores for each CVE. http://nvd.nist.gov/
Apache CXF	CVE-2019-12419	See NVD link below for individual scores for each CVE. http://nvd.nist.gov/
Batik XML utility library	CVE-2018-8013	See NVD link below for individual scores for each CVE. http://nvd.nist.gov/
c3p0:JDBC DataSources/Resource Pools	CVE-2018-20433	See NVD link below for individual scores for each CVE. http://nvd.nist.gov/
Data Mapper for Jackson	CVE-2019-10202	See NVD link below for individual scores for each CVE. http://nvd.nist.gov/
dom4j: flexible XML framework for Java	CVE-2020-10683	See NVD link below for individual scores for each CVE. http://nvd.nist.gov/
jackson-databind	CVE-2019-14893	See NVD link below for individual scores for each CVE. http://nvd.nist.gov/
PostgreSQL JDBC Driver (pgjdbc)	CVE-2022-26520	See NVD link below for individual scores for each CVE. http://nvd.nist.gov/
spring-security-oauth	CVE-2018-1260	See NVD link below for individual scores for each CVE. http://nvd.nist.gov/
SQLite	CVE-2020-11656	See NVD link below for individual scores for each CVE. http://nvd.nist.gov/
thymeleaf-spring5	CVE-2021-43466	See NVD link below for individual scores for each CVE. http://nvd.nist.gov/
XMLBeans	CVE-2021-23926	See NVD link below for individual scores for each CVE. http://nvd.nist.gov/
iText, a JAVA-PDF library	CVE-2017-9096	See NVD link below for individual scores for each CVE. http://nvd.nist.gov/
dom4j: flexible XML framework for Java	CVE-2019-9928	See NVD link below for individual scores for each CVE. http://nvd.nist.gov/
jackson-databind	CVE-2021-46877	See NVD link below for individual scores for each CVE. http://nvd.nist.gov/
Dell BSAFE Crypto-C Micro Edition	CVE-2020-35169, CVE-2013-6078, CVE-2020-29505, CVE-2020-29504, CVE-2019-3728, CVE-2018-11058, CVE-2018-11054, CVE-2015-0536, CVE-2015-0535, CVE-2015-0534, CVE-2015-0533	See NVD link below for individual scores for each CVE. http://nvd.nist.gov/, DSA-2020-286, DSA-2019-079
RabbitMQ	CVE-2019-11281, CVE-2019-11287, CVE-2019-11291	See NVD link below for individual scores for each CVE. http://nvd.nist.gov/

Dell Technologies anbefaler, at alle kunder tager hensyn til både CVSS-basisresultatet og alle relevante tidsmæssige og miljømæssige resultater, som kan have betydning for den potentielle alvorsgrad, der er forbundet med en bestemt sikkerhedsrisiko.

Berørte produkter og udbedring

CVEs Addressed	Product	Software/Firmware	Affected Versions	Remediated Versions	Link
CVE-2019-10086, CVE-2019-12419, CVE-2018-8013, CVE-2018-20433, CVE-2019-10202, CVE-2020-10683, CVE-2019-14893, CVE-2022-26520, CVE-2018-1260, CVE-2020-11656, CVE-2021-43466, CVE-2021-23926, CVE-2017-9096, CVE-2019-9928, CVE-2021-46877, CVE-2020-35169, CVE-2013-6078, CVE-2020-29505, CVE-2020-29504, CVE-2019-3728, CVE-2018-11058, CVE-2018-11054, CVE-2015-0536, CVE-2015-0535, CVE-2015-0534, CVE-2015-0533, CVE-2019-11287, CVE-2019-11281, CVE-2019-11291	Dell Avamar Data Store Gen4T, Gen5A	Dell Avamar Operating System	Version 19.4, 19.7, 19.8 and 19.9	Version 19.10 or later	AvamarInstallSles-19.10.0-135.avp
CVE-2019-10086, CVE-2019-12419, CVE-2018-8013, CVE-2018-20433, CVE-2019-10202, CVE-2020-10683, CVE-2019-14893, CVE-2022-26520, CVE-2018-1260, CVE-2020-11656, CVE-2021-43466, CVE-2021-23926, CVE-2017-9096, CVE-2019-9928, CVE-2021-46877, CVE-2020-35169, CVE-2013-6078, CVE-2020-29505, CVE-2020-29504, CVE-2019-3728, CVE-2018-11058, CVE-2018-11054, CVE-2015-0536, CVE-2015-0535, CVE-2015-0534, CVE-2015-0533, CVE-2019-11287, CVE-2019-11281, CVE-2019-11291	Avamar 19.10 Virtual Edition for VMware ESXi and vSphere	Dell Avamar Operating System	Version 19.4, 19.7, 19.8 and 19.9	Version 19.10 or later	AVE-19.10.0.135.ovf.7z
CVE-2019-10086, CVE-2019-12419, CVE-2018-8013, CVE-2018-20433, CVE-2019-10202, CVE-2020-10683, CVE-2019-14893, CVE-2022-26520, CVE-2018-1260, CVE-2020-11656, CVE-2021-43466, CVE-2021-23926, CVE-2017-9096, CVE-2019-9928, CVE-2021-46877, CVE-2020-35169, CVE-2013-6078, CVE-2020-29505, CVE-2020-29504, CVE-2019-3728, CVE-2018-11058, CVE-2018-11054, CVE-2015-0536, CVE-2015-0535, CVE-2015-0534, CVE-2015-0533, CVE-2019-11287, CVE-2019-11281, CVE-2019-11291	Avamar 19.10 Virtual Edition for VMware vSphere only	Dell Avamar Operating System	Version 19.4, 19.7, 19.8 and 19.9	Version 19.10 or later	AVE-19.10.0.135.ova
CVE-2019-10086, CVE-2019-12419, CVE-2018-8013, CVE-2018-20433, CVE-2019-10202, CVE-2020-10683, CVE-2019-14893, CVE-2022-26520, CVE-2018-1260, CVE-2020-11656, CVE-2021-43466, CVE-2021-23926, CVE-2017-9096, CVE-2019-9928, CVE-2021-46877, CVE-2020-35169, CVE-2013-6078, CVE-2020-29505, CVE-2020-29504, CVE-2019-3728, CVE-2018-11058, CVE-2018-11054, CVE-2015-0536, CVE-2015-0535, CVE-2015-0534, CVE-2015-0533, CVE-2019-11287, CVE-2019-11281, CVE-2019-11291	Avamar 19.10 Virtual Edition for Hyper-V 2012	Dell Avamar Operating System	Version 19.4, 19.7, 19.8 and 19.9	Version 19.10 or later	AAVE-19.10.0.135-2012.7z
CVE-2019-10086, CVE-2019-12419, CVE-2018-8013, CVE-2018-20433, CVE-2019-10202, CVE-2020-10683, CVE-2019-14893, CVE-2022-26520, CVE-2018-1260, CVE-2020-11656, CVE-2021-43466, CVE-2021-23926, CVE-2017-9096, CVE-2019-9928, CVE-2021-46877, CVE-2020-35169, CVE-2013-6078, CVE-2020-29505, CVE-2020-29504, CVE-2019-3728, CVE-2018-11058, CVE-2018-11054, CVE-2015-0536, CVE-2015-0535, CVE-2015-0534, CVE-2015-0533, CVE-2019-11287, CVE-2019-11281, CVE-2019-11291	Avamar 19.10 Virtual Edition for Hyper-V 2012R2, Hyper-V 2016, and Hyper-V 2019	Dell Avamar Operating System	Version 19.4, 19.7, 19.8 and 19.9	Version 19.10 or later	AAVE-19.10.0.135.7z
CVE-2019-10086, CVE-2019-12419, CVE-2018-8013, CVE-2018-20433, CVE-2019-10202, CVE-2020-10683, CVE-2019-14893, CVE-2022-26520, CVE-2018-1260, CVE-2020-11656, CVE-2021-43466, CVE-2021-23926, CVE-2017-9096, CVE-2019-9928, CVE-2021-46877, CVE-2020-35169, CVE-2013-6078, CVE-2020-29505, CVE-2020-29504, CVE-2019-3728, CVE-2018-11058, CVE-2018-11054, CVE-2015-0536, CVE-2015-0535, CVE-2015-0534, CVE-2015-0533, CVE-2019-11287, CVE-2019-11281, CVE-2019-11291	Avamar 19.10 Virtual Edition for KVM/OpenStack KVM	Dell Avamar Operating System	Version 19.4, 19.7, 19.8 and 19.9	Version 19.10 or later	AVE-19.10.0.135.qcow2.7z

CVEs Addressed	Product	Software/Firmware	Affected Versions	Remediated Versions	Link
CVE-2019-10086, CVE-2019-12419, CVE-2018-8013, CVE-2018-20433, CVE-2019-10202, CVE-2020-10683, CVE-2019-14893, CVE-2022-26520, CVE-2018-1260, CVE-2020-11656, CVE-2021-43466, CVE-2021-23926, CVE-2017-9096, CVE-2019-9928, CVE-2021-46877, CVE-2020-35169, CVE-2013-6078, CVE-2020-29505, CVE-2020-29504, CVE-2019-3728, CVE-2018-11058, CVE-2018-11054, CVE-2015-0536, CVE-2015-0535, CVE-2015-0534, CVE-2015-0533, CVE-2019-11287, CVE-2019-11281, CVE-2019-11291	Dell Avamar Data Store Gen4T, Gen5A	Dell Avamar Operating System	Version 19.4, 19.7, 19.8 and 19.9	Version 19.10 or later	AvamarInstallSles-19.10.0-135.avp
CVE-2019-10086, CVE-2019-12419, CVE-2018-8013, CVE-2018-20433, CVE-2019-10202, CVE-2020-10683, CVE-2019-14893, CVE-2022-26520, CVE-2018-1260, CVE-2020-11656, CVE-2021-43466, CVE-2021-23926, CVE-2017-9096, CVE-2019-9928, CVE-2021-46877, CVE-2020-35169, CVE-2013-6078, CVE-2020-29505, CVE-2020-29504, CVE-2019-3728, CVE-2018-11058, CVE-2018-11054, CVE-2015-0536, CVE-2015-0535, CVE-2015-0534, CVE-2015-0533, CVE-2019-11287, CVE-2019-11281, CVE-2019-11291	Avamar 19.10 Virtual Edition for VMware ESXi and vSphere	Dell Avamar Operating System	Version 19.4, 19.7, 19.8 and 19.9	Version 19.10 or later	AVE-19.10.0.135.ovf.7z
CVE-2019-10086, CVE-2019-12419, CVE-2018-8013, CVE-2018-20433, CVE-2019-10202, CVE-2020-10683, CVE-2019-14893, CVE-2022-26520, CVE-2018-1260, CVE-2020-11656, CVE-2021-43466, CVE-2021-23926, CVE-2017-9096, CVE-2019-9928, CVE-2021-46877, CVE-2020-35169, CVE-2013-6078, CVE-2020-29505, CVE-2020-29504, CVE-2019-3728, CVE-2018-11058, CVE-2018-11054, CVE-2015-0536, CVE-2015-0535, CVE-2015-0534, CVE-2015-0533, CVE-2019-11287, CVE-2019-11281, CVE-2019-11291	Avamar 19.10 Virtual Edition for VMware vSphere only	Dell Avamar Operating System	Version 19.4, 19.7, 19.8 and 19.9	Version 19.10 or later	AVE-19.10.0.135.ova
CVE-2019-10086, CVE-2019-12419, CVE-2018-8013, CVE-2018-20433, CVE-2019-10202, CVE-2020-10683, CVE-2019-14893, CVE-2022-26520, CVE-2018-1260, CVE-2020-11656, CVE-2021-43466, CVE-2021-23926, CVE-2017-9096, CVE-2019-9928, CVE-2021-46877, CVE-2020-35169, CVE-2013-6078, CVE-2020-29505, CVE-2020-29504, CVE-2019-3728, CVE-2018-11058, CVE-2018-11054, CVE-2015-0536, CVE-2015-0535, CVE-2015-0534, CVE-2015-0533, CVE-2019-11287, CVE-2019-11281, CVE-2019-11291	Avamar 19.10 Virtual Edition for Hyper-V 2012	Dell Avamar Operating System	Version 19.4, 19.7, 19.8 and 19.9	Version 19.10 or later	AAVE-19.10.0.135-2012.7z
CVE-2019-10086, CVE-2019-12419, CVE-2018-8013, CVE-2018-20433, CVE-2019-10202, CVE-2020-10683, CVE-2019-14893, CVE-2022-26520, CVE-2018-1260, CVE-2020-11656, CVE-2021-43466, CVE-2021-23926, CVE-2017-9096, CVE-2019-9928, CVE-2021-46877, CVE-2020-35169, CVE-2013-6078, CVE-2020-29505, CVE-2020-29504, CVE-2019-3728, CVE-2018-11058, CVE-2018-11054, CVE-2015-0536, CVE-2015-0535, CVE-2015-0534, CVE-2015-0533, CVE-2019-11287, CVE-2019-11281, CVE-2019-11291	Avamar 19.10 Virtual Edition for Hyper-V 2012R2, Hyper-V 2016, and Hyper-V 2019	Dell Avamar Operating System	Version 19.4, 19.7, 19.8 and 19.9	Version 19.10 or later	AAVE-19.10.0.135.7z
CVE-2019-10086, CVE-2019-12419, CVE-2018-8013, CVE-2018-20433, CVE-2019-10202, CVE-2020-10683, CVE-2019-14893, CVE-2022-26520, CVE-2018-1260, CVE-2020-11656, CVE-2021-43466, CVE-2021-23926, CVE-2017-9096, CVE-2019-9928, CVE-2021-46877, CVE-2020-35169, CVE-2013-6078, CVE-2020-29505, CVE-2020-29504, CVE-2019-3728, CVE-2018-11058, CVE-2018-11054, CVE-2015-0536, CVE-2015-0535, CVE-2015-0534, CVE-2015-0533, CVE-2019-11287, CVE-2019-11281, CVE-2019-11291	Avamar 19.10 Virtual Edition for KVM/OpenStack KVM	Dell Avamar Operating System	Version 19.4, 19.7, 19.8 and 19.9	Version 19.10 or later	AVE-19.10.0.135.qcow2.7z

NOTE: The Integrated Data Protection Appliance product team has confirmed impact and are preparing a remedy. Dell will update this Security Advisory once we have a remedy in place.

The Affected Products and Remediation table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.

Dell recommends that you always upgrade to the latest release/version for your product.
Customers who want to remediate the security vulnerabilities are advised to upgrade to the latest version of Dell Avamar and Dell Avamar Virtual Edition - 19.10.
The existing instances of Dell Avamar, from 19.4,19.7,19.8 and 19.9 can be upgraded to Dell Avamar version 19.10 via the below upgrade packages.
- Dell Avamar Data Store Gen4T/Gen5A - AvamarUpgrade-19.10.0-135.avp
- Dell Avamar Virtual Edition - AvamarUpgrade-19.10.0-135.avp (VMware ESXi and vSphere, VMware vSphere, Hyper-V 2012, Hyper-V 2012R2, Hyper-V 2016, and Hyper-V 2019, KVM/OpenStack KVM)

Revisionshistorik

Revision	Date	Description
1.0	2024-02-02	Initial Release
2.0	2024-02-14	Updated for enhanced format presentation with no change to content
3.0	2024-02-15	Updated to include Integrated Data Protection Appliance details

Relaterede oplysninger

Ansvarsfraskrivelse

Berørte produkter

Avamar, Avamar, Avamar Data Store, Avamar Data Store Gen4T, Avamar Data Store Gen5A, Avamar Server, Avamar Virtual Edition, Integrated Data Protection Appliance Family, Integrated Data Protection Appliance Software, Product Security Information

Artikelnummer: 000221770

Artikeltype: Dell Security Advisory

Senest ændret: 09 sep. 2025

Kontrollér, om din enhed er dækket af supportservices.

DSA-2024-070: Security Update for Dell Avamar, Dell Avamar Virtual Edition Multiple Security Vulnerabilities

Oversigt: Dell Avamar, Dell Avamar Virtual Edition remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Virkning

Oplysninger

Berørte produkter og udbedring

Revisionshistorik

Lignende oplysninger

Ansvarsfraskrivelse

Berørte produkter

Virkning

Oplysninger

Berørte produkter og udbedring

Revisionshistorik

Relaterede oplysninger

Ansvarsfraskrivelse

Berørte produkter

Artikelegenskaber

Find svar på dine spørgsmål fra andre Dell-brugere

Supportservices

Artikelegenskaber

Find svar på dine spørgsmål fra andre Dell-brugere

Supportservices

DSA-2024-070: Security Update for Dell Avamar, Dell Avamar Virtual Edition Multiple Security Vulnerabilities

Oversigt: Dell Avamar, Dell Avamar Virtual Edition remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Detaljeret artikel

Virkning

Oplysninger

Berørte produkter og udbedring

Revisionshistorik

Lignende oplysninger

Ansvarsfraskrivelse

Berørte produkter

Virkning

Oplysninger

Berørte produkter og udbedring

Revisionshistorik

Relaterede oplysninger

Ansvarsfraskrivelse

Berørte produkter

Artikelegenskaber

Find svar på dine spørgsmål fra andre Dell-brugere

Supportservices

Artikelegenskaber

Find svar på dine spørgsmål fra andre Dell-brugere

Supportservices