DSA-2024-070: Security Update for Dell Avamar, Dell Avamar Virtual Edition Multiple Security Vulnerabilities
Shrnutí: Dell Avamar, Dell Avamar Virtual Edition remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
Tento článek se vztahuje na
Tento článek se nevztahuje na
Tento článek není vázán na žádný konkrétní produkt.
V tomto článku nejsou uvedeny všechny verze produktu.
Vliv
Critical
Podrobnosti
| Third-party Component | CVEs | More Information |
|---|---|---|
| Apache Commons BeanUtils | CVE-2019-10086 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/  |
| Apache CXF | CVE-2019-12419 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
| Batik XML utility library | CVE-2018-8013 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
| c3p0:JDBC DataSources/Resource Pools | CVE-2018-20433 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
| Data Mapper for Jackson | CVE-2019-10202 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
| dom4j: flexible XML framework for Java | CVE-2020-10683 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
| jackson-databind | CVE-2019-14893 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
| PostgreSQL JDBC Driver (pgjdbc) | CVE-2022-26520 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
| spring-security-oauth | CVE-2018-1260 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
| SQLite | CVE-2020-11656 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
| thymeleaf-spring5 | CVE-2021-43466 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
| XMLBeans | CVE-2021-23926 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
| iText, a JAVA-PDF library | CVE-2017-9096 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
| dom4j: flexible XML framework for Java | CVE-2019-9928 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
| jackson-databind | CVE-2021-46877 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
| Dell BSAFE Crypto-C Micro Edition | CVE-2020-35169, CVE-2013-6078, CVE-2020-29505, CVE-2020-29504, CVE-2019-3728, CVE-2018-11058, CVE-2018-11054, CVE-2015-0536, CVE-2015-0535, CVE-2015-0534, CVE-2015-0533 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ , DSA-2020-286, DSA-2019-079 |
| RabbitMQ | CVE-2019-11281, CVE-2019-11287, CVE-2019-11291 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
Dotčené produkty a náprava
| CVEs Addressed | Product | Software/Firmware | Affected Versions | Remediated Versions | Link |
|---|---|---|---|---|---|
| CVE-2019-10086, CVE-2019-12419, CVE-2018-8013, CVE-2018-20433, CVE-2019-10202, CVE-2020-10683, CVE-2019-14893, CVE-2022-26520, CVE-2018-1260, CVE-2020-11656, CVE-2021-43466, CVE-2021-23926, CVE-2017-9096, CVE-2019-9928, CVE-2021-46877, CVE-2020-35169, CVE-2013-6078, CVE-2020-29505, CVE-2020-29504, CVE-2019-3728, CVE-2018-11058, CVE-2018-11054, CVE-2015-0536, CVE-2015-0535, CVE-2015-0534, CVE-2015-0533, CVE-2019-11287, CVE-2019-11281, CVE-2019-11291 | Dell Avamar Data Store Gen4T, Gen5A | Dell Avamar Operating System | Version 19.4, 19.7, 19.8 and 19.9 | Version 19.10 or later | AvamarInstallSles-19.10.0-135.avp |
| CVE-2019-10086, CVE-2019-12419, CVE-2018-8013, CVE-2018-20433, CVE-2019-10202, CVE-2020-10683, CVE-2019-14893, CVE-2022-26520, CVE-2018-1260, CVE-2020-11656, CVE-2021-43466, CVE-2021-23926, CVE-2017-9096, CVE-2019-9928, CVE-2021-46877, CVE-2020-35169, CVE-2013-6078, CVE-2020-29505, CVE-2020-29504, CVE-2019-3728, CVE-2018-11058, CVE-2018-11054, CVE-2015-0536, CVE-2015-0535, CVE-2015-0534, CVE-2015-0533, CVE-2019-11287, CVE-2019-11281, CVE-2019-11291 | Avamar 19.10 Virtual Edition for VMware ESXi and vSphere | Dell Avamar Operating System | Version 19.4, 19.7, 19.8 and 19.9 | Version 19.10 or later | AVE-19.10.0.135.ovf.7z |
| CVE-2019-10086, CVE-2019-12419, CVE-2018-8013, CVE-2018-20433, CVE-2019-10202, CVE-2020-10683, CVE-2019-14893, CVE-2022-26520, CVE-2018-1260, CVE-2020-11656, CVE-2021-43466, CVE-2021-23926, CVE-2017-9096, CVE-2019-9928, CVE-2021-46877, CVE-2020-35169, CVE-2013-6078, CVE-2020-29505, CVE-2020-29504, CVE-2019-3728, CVE-2018-11058, CVE-2018-11054, CVE-2015-0536, CVE-2015-0535, CVE-2015-0534, CVE-2015-0533, CVE-2019-11287, CVE-2019-11281, CVE-2019-11291 | Avamar 19.10 Virtual Edition for VMware vSphere only | Dell Avamar Operating System | Version 19.4, 19.7, 19.8 and 19.9 | Version 19.10 or later | AVE-19.10.0.135.ova |
| CVE-2019-10086, CVE-2019-12419, CVE-2018-8013, CVE-2018-20433, CVE-2019-10202, CVE-2020-10683, CVE-2019-14893, CVE-2022-26520, CVE-2018-1260, CVE-2020-11656, CVE-2021-43466, CVE-2021-23926, CVE-2017-9096, CVE-2019-9928, CVE-2021-46877, CVE-2020-35169, CVE-2013-6078, CVE-2020-29505, CVE-2020-29504, CVE-2019-3728, CVE-2018-11058, CVE-2018-11054, CVE-2015-0536, CVE-2015-0535, CVE-2015-0534, CVE-2015-0533, CVE-2019-11287, CVE-2019-11281, CVE-2019-11291 | Avamar 19.10 Virtual Edition for Hyper-V 2012 | Dell Avamar Operating System | Version 19.4, 19.7, 19.8 and 19.9 | Version 19.10 or later | AAVE-19.10.0.135-2012.7z |
| CVE-2019-10086, CVE-2019-12419, CVE-2018-8013, CVE-2018-20433, CVE-2019-10202, CVE-2020-10683, CVE-2019-14893, CVE-2022-26520, CVE-2018-1260, CVE-2020-11656, CVE-2021-43466, CVE-2021-23926, CVE-2017-9096, CVE-2019-9928, CVE-2021-46877, CVE-2020-35169, CVE-2013-6078, CVE-2020-29505, CVE-2020-29504, CVE-2019-3728, CVE-2018-11058, CVE-2018-11054, CVE-2015-0536, CVE-2015-0535, CVE-2015-0534, CVE-2015-0533, CVE-2019-11287, CVE-2019-11281, CVE-2019-11291 | Avamar 19.10 Virtual Edition for Hyper-V 2012R2, Hyper-V 2016, and Hyper-V 2019 | Dell Avamar Operating System | Version 19.4, 19.7, 19.8 and 19.9 | Version 19.10 or later | AAVE-19.10.0.135.7z |
| CVE-2019-10086, CVE-2019-12419, CVE-2018-8013, CVE-2018-20433, CVE-2019-10202, CVE-2020-10683, CVE-2019-14893, CVE-2022-26520, CVE-2018-1260, CVE-2020-11656, CVE-2021-43466, CVE-2021-23926, CVE-2017-9096, CVE-2019-9928, CVE-2021-46877, CVE-2020-35169, CVE-2013-6078, CVE-2020-29505, CVE-2020-29504, CVE-2019-3728, CVE-2018-11058, CVE-2018-11054, CVE-2015-0536, CVE-2015-0535, CVE-2015-0534, CVE-2015-0533, CVE-2019-11287, CVE-2019-11281, CVE-2019-11291 |
Avamar 19.10 Virtual Edition for KVM/OpenStack KVM | Dell Avamar Operating System | Version 19.4, 19.7, 19.8 and 19.9 | Version 19.10 or later | AVE-19.10.0.135.qcow2.7z |
| CVEs Addressed | Product | Software/Firmware | Affected Versions | Remediated Versions | Link |
|---|---|---|---|---|---|
| CVE-2019-10086, CVE-2019-12419, CVE-2018-8013, CVE-2018-20433, CVE-2019-10202, CVE-2020-10683, CVE-2019-14893, CVE-2022-26520, CVE-2018-1260, CVE-2020-11656, CVE-2021-43466, CVE-2021-23926, CVE-2017-9096, CVE-2019-9928, CVE-2021-46877, CVE-2020-35169, CVE-2013-6078, CVE-2020-29505, CVE-2020-29504, CVE-2019-3728, CVE-2018-11058, CVE-2018-11054, CVE-2015-0536, CVE-2015-0535, CVE-2015-0534, CVE-2015-0533, CVE-2019-11287, CVE-2019-11281, CVE-2019-11291 | Dell Avamar Data Store Gen4T, Gen5A | Dell Avamar Operating System | Version 19.4, 19.7, 19.8 and 19.9 | Version 19.10 or later | AvamarInstallSles-19.10.0-135.avp |
| CVE-2019-10086, CVE-2019-12419, CVE-2018-8013, CVE-2018-20433, CVE-2019-10202, CVE-2020-10683, CVE-2019-14893, CVE-2022-26520, CVE-2018-1260, CVE-2020-11656, CVE-2021-43466, CVE-2021-23926, CVE-2017-9096, CVE-2019-9928, CVE-2021-46877, CVE-2020-35169, CVE-2013-6078, CVE-2020-29505, CVE-2020-29504, CVE-2019-3728, CVE-2018-11058, CVE-2018-11054, CVE-2015-0536, CVE-2015-0535, CVE-2015-0534, CVE-2015-0533, CVE-2019-11287, CVE-2019-11281, CVE-2019-11291 | Avamar 19.10 Virtual Edition for VMware ESXi and vSphere | Dell Avamar Operating System | Version 19.4, 19.7, 19.8 and 19.9 | Version 19.10 or later | AVE-19.10.0.135.ovf.7z |
| CVE-2019-10086, CVE-2019-12419, CVE-2018-8013, CVE-2018-20433, CVE-2019-10202, CVE-2020-10683, CVE-2019-14893, CVE-2022-26520, CVE-2018-1260, CVE-2020-11656, CVE-2021-43466, CVE-2021-23926, CVE-2017-9096, CVE-2019-9928, CVE-2021-46877, CVE-2020-35169, CVE-2013-6078, CVE-2020-29505, CVE-2020-29504, CVE-2019-3728, CVE-2018-11058, CVE-2018-11054, CVE-2015-0536, CVE-2015-0535, CVE-2015-0534, CVE-2015-0533, CVE-2019-11287, CVE-2019-11281, CVE-2019-11291 | Avamar 19.10 Virtual Edition for VMware vSphere only | Dell Avamar Operating System | Version 19.4, 19.7, 19.8 and 19.9 | Version 19.10 or later | AVE-19.10.0.135.ova |
| CVE-2019-10086, CVE-2019-12419, CVE-2018-8013, CVE-2018-20433, CVE-2019-10202, CVE-2020-10683, CVE-2019-14893, CVE-2022-26520, CVE-2018-1260, CVE-2020-11656, CVE-2021-43466, CVE-2021-23926, CVE-2017-9096, CVE-2019-9928, CVE-2021-46877, CVE-2020-35169, CVE-2013-6078, CVE-2020-29505, CVE-2020-29504, CVE-2019-3728, CVE-2018-11058, CVE-2018-11054, CVE-2015-0536, CVE-2015-0535, CVE-2015-0534, CVE-2015-0533, CVE-2019-11287, CVE-2019-11281, CVE-2019-11291 | Avamar 19.10 Virtual Edition for Hyper-V 2012 | Dell Avamar Operating System | Version 19.4, 19.7, 19.8 and 19.9 | Version 19.10 or later | AAVE-19.10.0.135-2012.7z |
| CVE-2019-10086, CVE-2019-12419, CVE-2018-8013, CVE-2018-20433, CVE-2019-10202, CVE-2020-10683, CVE-2019-14893, CVE-2022-26520, CVE-2018-1260, CVE-2020-11656, CVE-2021-43466, CVE-2021-23926, CVE-2017-9096, CVE-2019-9928, CVE-2021-46877, CVE-2020-35169, CVE-2013-6078, CVE-2020-29505, CVE-2020-29504, CVE-2019-3728, CVE-2018-11058, CVE-2018-11054, CVE-2015-0536, CVE-2015-0535, CVE-2015-0534, CVE-2015-0533, CVE-2019-11287, CVE-2019-11281, CVE-2019-11291 | Avamar 19.10 Virtual Edition for Hyper-V 2012R2, Hyper-V 2016, and Hyper-V 2019 | Dell Avamar Operating System | Version 19.4, 19.7, 19.8 and 19.9 | Version 19.10 or later | AAVE-19.10.0.135.7z |
| CVE-2019-10086, CVE-2019-12419, CVE-2018-8013, CVE-2018-20433, CVE-2019-10202, CVE-2020-10683, CVE-2019-14893, CVE-2022-26520, CVE-2018-1260, CVE-2020-11656, CVE-2021-43466, CVE-2021-23926, CVE-2017-9096, CVE-2019-9928, CVE-2021-46877, CVE-2020-35169, CVE-2013-6078, CVE-2020-29505, CVE-2020-29504, CVE-2019-3728, CVE-2018-11058, CVE-2018-11054, CVE-2015-0536, CVE-2015-0535, CVE-2015-0534, CVE-2015-0533, CVE-2019-11287, CVE-2019-11281, CVE-2019-11291 |
Avamar 19.10 Virtual Edition for KVM/OpenStack KVM | Dell Avamar Operating System | Version 19.4, 19.7, 19.8 and 19.9 | Version 19.10 or later | AVE-19.10.0.135.qcow2.7z |
NOTE: The Integrated Data Protection Appliance product team has confirmed impact and are preparing a remedy. Dell will update this Security Advisory once we have a remedy in place.
The Affected Products and Remediation table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
- Dell recommends that you always upgrade to the latest release/version for your product.
- Customers who want to remediate the security vulnerabilities are advised to upgrade to the latest version of Dell Avamar and Dell Avamar Virtual Edition - 19.10.
- The existing instances of Dell Avamar, from 19.4,19.7,19.8 and 19.9 can be upgraded to Dell Avamar version 19.10 via the below upgrade packages.
- Dell Avamar Data Store Gen4T/Gen5A - AvamarUpgrade-19.10.0-135.avp
- Dell Avamar Virtual Edition - AvamarUpgrade-19.10.0-135.avp (VMware ESXi and vSphere, VMware vSphere, Hyper-V 2012, Hyper-V 2012R2, Hyper-V 2016, and Hyper-V 2019, KVM/OpenStack KVM)
Historie změn
| Revision | Date | Description |
|---|---|---|
| 1.0 | 2024-02-02 | Initial Release |
| 2.0 | 2024-02-14 | Updated for enhanced format presentation with no change to content |
| 3.0 | 2024-02-15 | Updated to include Integrated Data Protection Appliance details |
Související informace
Právní upozornění
Dotčené produkty
Avamar, Avamar, Avamar Data Store, Avamar Data Store Gen4T, Avamar Data Store Gen5A, Avamar Server, Avamar Virtual Edition, Integrated Data Protection Appliance Family, Integrated Data Protection Appliance Software, Product Security InformationVlastnosti článku
Číslo článku: 000221770
Typ článku: Dell Security Advisory
Poslední úprava: 09 zář 2025
Najděte odpovědi na své otázky od ostatních uživatelů společnosti Dell
Služby podpory
Zkontrolujte, zda se na vaše zařízení vztahují služby podpory.