DSA-2021-147: Dell EMC Data Protection Search and Dell EMC PowerProtect Data Protection Security Update for Multiple Vulnerabilities
Zusammenfassung: Dell EMC Data Protection Search and Dell EMC PowerProtect Data Protection remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system. ...
Dieser Artikel gilt für
Dieser Artikel gilt nicht für
Dieser Artikel ist nicht an ein bestimmtes Produkt gebunden.
In diesem Artikel werden nicht alle Produktversionen aufgeführt.
Auswirkungen
High
Details
| Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
| CVE-2021-21601 | Dell EMC Data Protection Search, versions 19.4 and earlier, and IDPA, versions 2.6.1 and earlier, contain an Information Exposure in Log File Vulnerability in CIS. A local low privileged attacker may potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with the privileges of the compromised account. | 8.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
| Third-party Component | CVEs | More information |
| OpenSSL | CVE-2020-1971 | See NVD (http://nvd.nist.gov/) for individual scores for each CVE. |
| Grub2 | CVE-2020-14372 CVE-2020-25632 CVE-2020-25647 CVE-2020-27749 CVE-2020-27779 CVE-2021-20225 CVE-2021-20233 |
|
| SuSE | CVE-2020-28374 CVE-2020-36158 CVE-2020-27825 CVE-2020-0466 CVE-2020-27068 CVE-2020-0465 CVE-2020-0444 CVE-2020-29660 CVE-2020-29661 CVE-2020-27777 CVE-2019-20934 CVE-2020-27786 CVE-2020-4788 CVE-2018-20669 |
|
| Oracle JRE | CVE-2020-14803 CVE-2020-14792 CVE-2020-14781 CVE-2020-14782 CVE-2020-14797 CVE-2020-14779 CVE-2020-14796 CVE-2020-14798 CVE-2020-14803 CVE-2021-2161 CVE-2021-2163 |
https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixJAVA https://www.oracle.com/security-alerts/cpujan2021.html#AppendixJAVA https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixJAVA |
| Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
| CVE-2021-21601 | Dell EMC Data Protection Search, versions 19.4 and earlier, and IDPA, versions 2.6.1 and earlier, contain an Information Exposure in Log File Vulnerability in CIS. A local low privileged attacker may potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with the privileges of the compromised account. | 8.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
| Third-party Component | CVEs | More information |
| OpenSSL | CVE-2020-1971 | See NVD (http://nvd.nist.gov/) for individual scores for each CVE. |
| Grub2 | CVE-2020-14372 CVE-2020-25632 CVE-2020-25647 CVE-2020-27749 CVE-2020-27779 CVE-2021-20225 CVE-2021-20233 |
|
| SuSE | CVE-2020-28374 CVE-2020-36158 CVE-2020-27825 CVE-2020-0466 CVE-2020-27068 CVE-2020-0465 CVE-2020-0444 CVE-2020-29660 CVE-2020-29661 CVE-2020-27777 CVE-2019-20934 CVE-2020-27786 CVE-2020-4788 CVE-2018-20669 |
|
| Oracle JRE | CVE-2020-14803 CVE-2020-14792 CVE-2020-14781 CVE-2020-14782 CVE-2020-14797 CVE-2020-14779 CVE-2020-14796 CVE-2020-14798 CVE-2020-14803 CVE-2021-2161 CVE-2021-2163 |
https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixJAVA https://www.oracle.com/security-alerts/cpujan2021.html#AppendixJAVA https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixJAVA |
Betroffene Produkte und Korrektur
| Product | Affected Versions | Updated Versions | Link to Update | ||
| Dell EMC Data Protection Search | Versions before 19.5 | 19.5 | https://dl.dell.com/downloads/DL104088_Search-19.5.0-upgrade-package.zip |
||
| Dell EMC Integrated Data Protection Appliance | Versions before 2.7 | 2.7 |
Expected release date August 2021. | ||
| Product | Affected Versions | Updated Versions | Link to Update | ||
| Dell EMC Data Protection Search | Versions before 19.5 | 19.5 | https://dl.dell.com/downloads/DL104088_Search-19.5.0-upgrade-package.zip |
||
| Dell EMC Integrated Data Protection Appliance | Versions before 2.7 | 2.7 |
Expected release date August 2021. | ||
Workarounds und Korrekturmaßnahmen
None.
Revisionsverlauf
| Revision | Date | Description |
| 1.0 | 2021-07-22 | Initial Release |
| 1.1 | 2021-11-03 | Updated Product Tagging |
Zugehörige Informationen
Rechtlicher Hinweis
Betroffene Produkte
Data Protection Search, PowerProtect Data Protection Software, Integrated Data Protection Appliance Family, PowerProtect Data Protection Hardware, Integrated Data Protection Appliance Software, Product Security InformationArtikeleigenschaften
Artikelnummer: 000189555
Artikeltyp: Dell Security Advisory
Zuletzt geändert: 04 Nov. 2021
Antworten auf Ihre Fragen erhalten Sie von anderen Dell NutzerInnen
Support Services
Prüfen Sie, ob Ihr Gerät durch Support Services abgedeckt ist.