DSA-2024-070: Security Update for Dell Avamar, Dell Avamar Virtual Edition Multiple Security Vulnerabilities
Yhteenveto: Dell Avamar, Dell Avamar Virtual Edition remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
Tämä artikkeli koskee tuotetta
Tämä artikkeli ei koske tuotetta
Tämä artikkeli ei liity tiettyyn tuotteeseen.
Tässä artikkelissa ei yksilöidä kaikkia tuoteversioita.
Vaikutus
Critical
Tiedot
| Third-party Component | CVEs | More Information |
|---|---|---|
| Apache Commons BeanUtils | CVE-2019-10086 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/  |
| Apache CXF | CVE-2019-12419 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
| Batik XML utility library | CVE-2018-8013 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
| c3p0:JDBC DataSources/Resource Pools | CVE-2018-20433 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
| Data Mapper for Jackson | CVE-2019-10202 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
| dom4j: flexible XML framework for Java | CVE-2020-10683 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
| jackson-databind | CVE-2019-14893 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
| PostgreSQL JDBC Driver (pgjdbc) | CVE-2022-26520 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
| spring-security-oauth | CVE-2018-1260 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
| SQLite | CVE-2020-11656 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
| thymeleaf-spring5 | CVE-2021-43466 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
| XMLBeans | CVE-2021-23926 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
| iText, a JAVA-PDF library | CVE-2017-9096 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
| dom4j: flexible XML framework for Java | CVE-2019-9928 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
| jackson-databind | CVE-2021-46877 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
| Dell BSAFE Crypto-C Micro Edition | CVE-2020-35169, CVE-2013-6078, CVE-2020-29505, CVE-2020-29504, CVE-2019-3728, CVE-2018-11058, CVE-2018-11054, CVE-2015-0536, CVE-2015-0535, CVE-2015-0534, CVE-2015-0533 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ , DSA-2020-286, DSA-2019-079 |
| RabbitMQ | CVE-2019-11281, CVE-2019-11287, CVE-2019-11291 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
Tuotteet, joihin asia vaikuttaa, ja tilanteen korjaaminen
| CVEs Addressed | Product | Software/Firmware | Affected Versions | Remediated Versions | Link |
|---|---|---|---|---|---|
| CVE-2019-10086, CVE-2019-12419, CVE-2018-8013, CVE-2018-20433, CVE-2019-10202, CVE-2020-10683, CVE-2019-14893, CVE-2022-26520, CVE-2018-1260, CVE-2020-11656, CVE-2021-43466, CVE-2021-23926, CVE-2017-9096, CVE-2019-9928, CVE-2021-46877, CVE-2020-35169, CVE-2013-6078, CVE-2020-29505, CVE-2020-29504, CVE-2019-3728, CVE-2018-11058, CVE-2018-11054, CVE-2015-0536, CVE-2015-0535, CVE-2015-0534, CVE-2015-0533, CVE-2019-11287, CVE-2019-11281, CVE-2019-11291 | Dell Avamar Data Store Gen4T, Gen5A | Dell Avamar Operating System | Version 19.4, 19.7, 19.8 and 19.9 | Version 19.10 or later | AvamarInstallSles-19.10.0-135.avp |
| CVE-2019-10086, CVE-2019-12419, CVE-2018-8013, CVE-2018-20433, CVE-2019-10202, CVE-2020-10683, CVE-2019-14893, CVE-2022-26520, CVE-2018-1260, CVE-2020-11656, CVE-2021-43466, CVE-2021-23926, CVE-2017-9096, CVE-2019-9928, CVE-2021-46877, CVE-2020-35169, CVE-2013-6078, CVE-2020-29505, CVE-2020-29504, CVE-2019-3728, CVE-2018-11058, CVE-2018-11054, CVE-2015-0536, CVE-2015-0535, CVE-2015-0534, CVE-2015-0533, CVE-2019-11287, CVE-2019-11281, CVE-2019-11291 | Avamar 19.10 Virtual Edition for VMware ESXi and vSphere | Dell Avamar Operating System | Version 19.4, 19.7, 19.8 and 19.9 | Version 19.10 or later | AVE-19.10.0.135.ovf.7z |
| CVE-2019-10086, CVE-2019-12419, CVE-2018-8013, CVE-2018-20433, CVE-2019-10202, CVE-2020-10683, CVE-2019-14893, CVE-2022-26520, CVE-2018-1260, CVE-2020-11656, CVE-2021-43466, CVE-2021-23926, CVE-2017-9096, CVE-2019-9928, CVE-2021-46877, CVE-2020-35169, CVE-2013-6078, CVE-2020-29505, CVE-2020-29504, CVE-2019-3728, CVE-2018-11058, CVE-2018-11054, CVE-2015-0536, CVE-2015-0535, CVE-2015-0534, CVE-2015-0533, CVE-2019-11287, CVE-2019-11281, CVE-2019-11291 | Avamar 19.10 Virtual Edition for VMware vSphere only | Dell Avamar Operating System | Version 19.4, 19.7, 19.8 and 19.9 | Version 19.10 or later | AVE-19.10.0.135.ova |
| CVE-2019-10086, CVE-2019-12419, CVE-2018-8013, CVE-2018-20433, CVE-2019-10202, CVE-2020-10683, CVE-2019-14893, CVE-2022-26520, CVE-2018-1260, CVE-2020-11656, CVE-2021-43466, CVE-2021-23926, CVE-2017-9096, CVE-2019-9928, CVE-2021-46877, CVE-2020-35169, CVE-2013-6078, CVE-2020-29505, CVE-2020-29504, CVE-2019-3728, CVE-2018-11058, CVE-2018-11054, CVE-2015-0536, CVE-2015-0535, CVE-2015-0534, CVE-2015-0533, CVE-2019-11287, CVE-2019-11281, CVE-2019-11291 | Avamar 19.10 Virtual Edition for Hyper-V 2012 | Dell Avamar Operating System | Version 19.4, 19.7, 19.8 and 19.9 | Version 19.10 or later | AAVE-19.10.0.135-2012.7z |
| CVE-2019-10086, CVE-2019-12419, CVE-2018-8013, CVE-2018-20433, CVE-2019-10202, CVE-2020-10683, CVE-2019-14893, CVE-2022-26520, CVE-2018-1260, CVE-2020-11656, CVE-2021-43466, CVE-2021-23926, CVE-2017-9096, CVE-2019-9928, CVE-2021-46877, CVE-2020-35169, CVE-2013-6078, CVE-2020-29505, CVE-2020-29504, CVE-2019-3728, CVE-2018-11058, CVE-2018-11054, CVE-2015-0536, CVE-2015-0535, CVE-2015-0534, CVE-2015-0533, CVE-2019-11287, CVE-2019-11281, CVE-2019-11291 | Avamar 19.10 Virtual Edition for Hyper-V 2012R2, Hyper-V 2016, and Hyper-V 2019 | Dell Avamar Operating System | Version 19.4, 19.7, 19.8 and 19.9 | Version 19.10 or later | AAVE-19.10.0.135.7z |
| CVE-2019-10086, CVE-2019-12419, CVE-2018-8013, CVE-2018-20433, CVE-2019-10202, CVE-2020-10683, CVE-2019-14893, CVE-2022-26520, CVE-2018-1260, CVE-2020-11656, CVE-2021-43466, CVE-2021-23926, CVE-2017-9096, CVE-2019-9928, CVE-2021-46877, CVE-2020-35169, CVE-2013-6078, CVE-2020-29505, CVE-2020-29504, CVE-2019-3728, CVE-2018-11058, CVE-2018-11054, CVE-2015-0536, CVE-2015-0535, CVE-2015-0534, CVE-2015-0533, CVE-2019-11287, CVE-2019-11281, CVE-2019-11291 |
Avamar 19.10 Virtual Edition for KVM/OpenStack KVM | Dell Avamar Operating System | Version 19.4, 19.7, 19.8 and 19.9 | Version 19.10 or later | AVE-19.10.0.135.qcow2.7z |
| CVEs Addressed | Product | Software/Firmware | Affected Versions | Remediated Versions | Link |
|---|---|---|---|---|---|
| CVE-2019-10086, CVE-2019-12419, CVE-2018-8013, CVE-2018-20433, CVE-2019-10202, CVE-2020-10683, CVE-2019-14893, CVE-2022-26520, CVE-2018-1260, CVE-2020-11656, CVE-2021-43466, CVE-2021-23926, CVE-2017-9096, CVE-2019-9928, CVE-2021-46877, CVE-2020-35169, CVE-2013-6078, CVE-2020-29505, CVE-2020-29504, CVE-2019-3728, CVE-2018-11058, CVE-2018-11054, CVE-2015-0536, CVE-2015-0535, CVE-2015-0534, CVE-2015-0533, CVE-2019-11287, CVE-2019-11281, CVE-2019-11291 | Dell Avamar Data Store Gen4T, Gen5A | Dell Avamar Operating System | Version 19.4, 19.7, 19.8 and 19.9 | Version 19.10 or later | AvamarInstallSles-19.10.0-135.avp |
| CVE-2019-10086, CVE-2019-12419, CVE-2018-8013, CVE-2018-20433, CVE-2019-10202, CVE-2020-10683, CVE-2019-14893, CVE-2022-26520, CVE-2018-1260, CVE-2020-11656, CVE-2021-43466, CVE-2021-23926, CVE-2017-9096, CVE-2019-9928, CVE-2021-46877, CVE-2020-35169, CVE-2013-6078, CVE-2020-29505, CVE-2020-29504, CVE-2019-3728, CVE-2018-11058, CVE-2018-11054, CVE-2015-0536, CVE-2015-0535, CVE-2015-0534, CVE-2015-0533, CVE-2019-11287, CVE-2019-11281, CVE-2019-11291 | Avamar 19.10 Virtual Edition for VMware ESXi and vSphere | Dell Avamar Operating System | Version 19.4, 19.7, 19.8 and 19.9 | Version 19.10 or later | AVE-19.10.0.135.ovf.7z |
| CVE-2019-10086, CVE-2019-12419, CVE-2018-8013, CVE-2018-20433, CVE-2019-10202, CVE-2020-10683, CVE-2019-14893, CVE-2022-26520, CVE-2018-1260, CVE-2020-11656, CVE-2021-43466, CVE-2021-23926, CVE-2017-9096, CVE-2019-9928, CVE-2021-46877, CVE-2020-35169, CVE-2013-6078, CVE-2020-29505, CVE-2020-29504, CVE-2019-3728, CVE-2018-11058, CVE-2018-11054, CVE-2015-0536, CVE-2015-0535, CVE-2015-0534, CVE-2015-0533, CVE-2019-11287, CVE-2019-11281, CVE-2019-11291 | Avamar 19.10 Virtual Edition for VMware vSphere only | Dell Avamar Operating System | Version 19.4, 19.7, 19.8 and 19.9 | Version 19.10 or later | AVE-19.10.0.135.ova |
| CVE-2019-10086, CVE-2019-12419, CVE-2018-8013, CVE-2018-20433, CVE-2019-10202, CVE-2020-10683, CVE-2019-14893, CVE-2022-26520, CVE-2018-1260, CVE-2020-11656, CVE-2021-43466, CVE-2021-23926, CVE-2017-9096, CVE-2019-9928, CVE-2021-46877, CVE-2020-35169, CVE-2013-6078, CVE-2020-29505, CVE-2020-29504, CVE-2019-3728, CVE-2018-11058, CVE-2018-11054, CVE-2015-0536, CVE-2015-0535, CVE-2015-0534, CVE-2015-0533, CVE-2019-11287, CVE-2019-11281, CVE-2019-11291 | Avamar 19.10 Virtual Edition for Hyper-V 2012 | Dell Avamar Operating System | Version 19.4, 19.7, 19.8 and 19.9 | Version 19.10 or later | AAVE-19.10.0.135-2012.7z |
| CVE-2019-10086, CVE-2019-12419, CVE-2018-8013, CVE-2018-20433, CVE-2019-10202, CVE-2020-10683, CVE-2019-14893, CVE-2022-26520, CVE-2018-1260, CVE-2020-11656, CVE-2021-43466, CVE-2021-23926, CVE-2017-9096, CVE-2019-9928, CVE-2021-46877, CVE-2020-35169, CVE-2013-6078, CVE-2020-29505, CVE-2020-29504, CVE-2019-3728, CVE-2018-11058, CVE-2018-11054, CVE-2015-0536, CVE-2015-0535, CVE-2015-0534, CVE-2015-0533, CVE-2019-11287, CVE-2019-11281, CVE-2019-11291 | Avamar 19.10 Virtual Edition for Hyper-V 2012R2, Hyper-V 2016, and Hyper-V 2019 | Dell Avamar Operating System | Version 19.4, 19.7, 19.8 and 19.9 | Version 19.10 or later | AAVE-19.10.0.135.7z |
| CVE-2019-10086, CVE-2019-12419, CVE-2018-8013, CVE-2018-20433, CVE-2019-10202, CVE-2020-10683, CVE-2019-14893, CVE-2022-26520, CVE-2018-1260, CVE-2020-11656, CVE-2021-43466, CVE-2021-23926, CVE-2017-9096, CVE-2019-9928, CVE-2021-46877, CVE-2020-35169, CVE-2013-6078, CVE-2020-29505, CVE-2020-29504, CVE-2019-3728, CVE-2018-11058, CVE-2018-11054, CVE-2015-0536, CVE-2015-0535, CVE-2015-0534, CVE-2015-0533, CVE-2019-11287, CVE-2019-11281, CVE-2019-11291 |
Avamar 19.10 Virtual Edition for KVM/OpenStack KVM | Dell Avamar Operating System | Version 19.4, 19.7, 19.8 and 19.9 | Version 19.10 or later | AVE-19.10.0.135.qcow2.7z |
NOTE: The Integrated Data Protection Appliance product team has confirmed impact and are preparing a remedy. Dell will update this Security Advisory once we have a remedy in place.
The Affected Products and Remediation table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
- Dell recommends that you always upgrade to the latest release/version for your product.
- Customers who want to remediate the security vulnerabilities are advised to upgrade to the latest version of Dell Avamar and Dell Avamar Virtual Edition - 19.10.
- The existing instances of Dell Avamar, from 19.4,19.7,19.8 and 19.9 can be upgraded to Dell Avamar version 19.10 via the below upgrade packages.
- Dell Avamar Data Store Gen4T/Gen5A - AvamarUpgrade-19.10.0-135.avp
- Dell Avamar Virtual Edition - AvamarUpgrade-19.10.0-135.avp (VMware ESXi and vSphere, VMware vSphere, Hyper-V 2012, Hyper-V 2012R2, Hyper-V 2016, and Hyper-V 2019, KVM/OpenStack KVM)
Versiohistoria
| Revision | Date | Description |
|---|---|---|
| 1.0 | 2024-02-02 | Initial Release |
| 2.0 | 2024-02-14 | Updated for enhanced format presentation with no change to content |
| 3.0 | 2024-02-15 | Updated to include Integrated Data Protection Appliance details |
Asiaan liittyvät tiedot
Vastuuvapauslauseke
Tuotteet, joihin vaikutus kohdistuu
Avamar, Avamar, Avamar Data Store, Avamar Data Store Gen4T, Avamar Data Store Gen5A, Avamar Server, Avamar Virtual Edition, Integrated Data Protection Appliance Family, Integrated Data Protection Appliance Software, Product Security InformationArtikkelin ominaisuudet
Artikkelin numero: 000221770
Artikkelin tyyppi: Dell Security Advisory
Viimeksi muutettu: 09 syysk. 2025
Etsi vastauksia kysymyksiisi muilta Dell-käyttäjiltä
Tukipalvelut
Tarkista, kuuluuko laitteesi tukipalveluiden piiriin.