DSA-2021-262: Dell EMC Data Protection Central Security Update for Multiple Security Vulnerabilities

Oversigt: Dell EMC Data Protection Central and Dell EMC Integrated Data Protection Appliance (PowerProtect DP Series) remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system. ...

Denne artikel gælder for Denne artikel gælder ikke for Denne artikel er ikke knyttet til et bestemt produkt. Det er ikke alle produktversioner, der er identificeret i denne artikel.
Udforsk andre ressourcer

Virkning

High

Oplysninger

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2021-43588 Dell EMC Data Protection Central version 19.5 contains an Improper Input Validation Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to denial of service. 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CVE-2021-36349 Dell EMC Data Protection Central versions 19.5 and earlier contain a Server Side Request Forgery vulnerability in the DPC DNS client processing. A remote malicious user may potentially exploit this vulnerability, allowing port scanning of external hosts. 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
 
Third-party Component CVEs More information
ntp CVE-2016-9310 See NVD (http://nvd.nist.gov/) for individual scores for each CVE
Apache CXF CVE-2021-30468
CVE-2021-22696
CVE-2020-13954
OpenSSL CVE-2021-3712
Apache HttpClient CVE-2014-3577
CVE-2012-5783
CVE-2020-13956
CVE-2015-5262
CVE-2012-6153
Spring Framework CVE-2021-22118
Cron-utils CVE-2020-26238
Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2021-43588 Dell EMC Data Protection Central version 19.5 contains an Improper Input Validation Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to denial of service. 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CVE-2021-36349 Dell EMC Data Protection Central versions 19.5 and earlier contain a Server Side Request Forgery vulnerability in the DPC DNS client processing. A remote malicious user may potentially exploit this vulnerability, allowing port scanning of external hosts. 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
 
Third-party Component CVEs More information
ntp CVE-2016-9310 See NVD (http://nvd.nist.gov/) for individual scores for each CVE
Apache CXF CVE-2021-30468
CVE-2021-22696
CVE-2020-13954
OpenSSL CVE-2021-3712
Apache HttpClient CVE-2014-3577
CVE-2012-5783
CVE-2020-13956
CVE-2015-5262
CVE-2012-6153
Spring Framework CVE-2021-22118
Cron-utils CVE-2020-26238
Dell Technologies anbefaler, at alle kunder tager hensyn til både CVSS-basisresultatet og alle relevante tidsmæssige og miljømæssige resultater, som kan have betydning for den potentielle alvorsgrad, der er forbundet med en bestemt sikkerhedsrisiko.

Berørte produkter og udbedring

Product Affected Versions Updated Versions Link to Update
Dell EMC Data Protection Central Versions before 19.6 19.6 Link
Dell EMC Integrated Data Protection Appliance (PowerProtect DP Series)
 		 Versions before 2.7.2 2.7.2  
Product Affected Versions Updated Versions Link to Update
Dell EMC Data Protection Central Versions before 19.6 19.6 Link
Dell EMC Integrated Data Protection Appliance (PowerProtect DP Series)
 		 Versions before 2.7.2 2.7.2  

Revisionshistorik

RevisionDateDescription
1.02021/01/10Initial Release
1.12021/01/21Corrected CVE Identifier
1.22022-03-02Added Dell EMC Integrated Data Protection Appliance (PowerProtect DP Series) as affected product

Relaterede oplysninger

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Ansvarsfraskrivelse

Berørte produkter

Data Protection Central, PowerProtect DP4400, Data Protection Central, PowerProtect DP5300, PowerProtect DP5800, PowerProtect DP8300, PowerProtect DP8800, PowerProtect Data Protection Software, Integrated Data Protection Appliance Family , PowerProtect Data Protection Hardware, Integrated Data Protection Appliance Software, PowerProtect DD6400, PowerProtect DP5900, PowerProtect DP8400, PowerProtect DP8900, Product Security Information ...
Artikelegenskaber
Artikelnummer: 000195103
Artikeltype: Dell Security Advisory
Senest ændret: 02 mar. 2022
Find svar på dine spørgsmål fra andre Dell-brugere
Supportservices
Kontrollér, om din enhed er dækket af supportservices.