DSA-2025-071: Security update for Dell Avamar for Multiple Component Vulnerabilities.
Zusammenfassung: Dell Avamar remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
Dieser Artikel gilt für
Dieser Artikel gilt nicht für
Dieser Artikel ist nicht an ein bestimmtes Produkt gebunden.
In diesem Artikel werden nicht alle Produktversionen aufgeführt.
Auswirkungen
Critical
Details
|
Third-party Component |
CVEs |
More Information |
|
The FreeType Project |
CVE-2022-27404, CVE-2017-10672 |
See NVD link below for individual scores for each CVE. |
|
Dozer |
CVE-2014-9515 |
|
|
OpenSSH |
CVE-2023-38408 |
|
|
Curl |
CVE-2018-0500, CVE-2018-14618, CVE-2018-16839, CVE-2018-16842, CVE-2019-3822, CVE-2019-5481 |
See NVD link below for individual scores for each CVE. |
|
jackson-databind |
CVE-2019-14379, CVE-2019-14540, CVE-2019-16335, CVE-2019-16942, CVE-2019-16943, CVE-2019-17267, CVE-2019-17531, CVE-2019-20330, CVE-2020-8840, CVE-2020-9547, CVE-2020-9548, CVE-2020-10672, CVE-2020-10968, CVE-2020-10969, CVE-2020-11111, CVE-2020-11112, CVE-2020-11113, CVE-2020-11619, CVE-2020-11620, CVE-2020-14061, CVE-2020-14062, CVE-2020-14060, CVE-2020-14195, CVE-2020-25649 |
See NVD link below for individual scores for each CVE. |
|
POCO C++ Libraries |
CVE-2023-52389, CVE-2017-1000472 |
See NVD link below for individual scores for each CVE. |
|
mailx |
CVE-2014-7844 |
|
|
OpenSSL |
CVE-2011-4109 |
|
|
file |
CVE-2019-18218 |
|
|
TestNG |
CVE-2022-4065 |
|
|
Linux Kernel |
CVE-2017-1000112 |
|
|
Cyrus SASL |
CVE-2019-19906, CVE-2022-24407, CVE-2013-4122 |
See NVD link below for individual scores for each CVE. |
|
libffi |
CVE-2017-1000376 |
|
|
Gstreamer |
CVE-2021-3497, CVE-2021-3498, CVE-2022-1924, CVE-2022-1920, CVE-2022-1921, CVE-2022-1925, CVE-2022-2122, CVE-2021-3522, CVE-2006-4339, CVE-2022-1922, CVE-2022-1923 |
See NVD link below for individual scores for each CVE. |
|
e2fsprogs |
CVE-2019-5188 |
|
|
elfutils |
CVE-2018-18520 |
|
|
JBIG-KIT lossless image compression library 2 |
CVE-2013-6369 |
|
|
Jetty: Java based HTTP/1.x, HTTP/2, Servlet, WebSocket Server |
CVE-2021-34429 |
|
|
libpng |
CVE-2019-7317 |
|
|
LibYAML |
CVE-2014-9130 |
|
|
mutt |
CVE-2022-1328 |
|
|
OpenSC |
CVE-2018-16391 |
|
|
libgcrypt |
CVE-2018-0495 |
|
|
pypi/setuptools |
CVE-2022-40897 |
|
|
RPM |
CVE-2021-35939 |
|
|
util-linux |
CVE-2022-0563 |
|
|
Apache James MIME4J |
CVE-2022-45787 |
|
|
Network Time Protocol project (NTP) |
CVE-2023-26555 |
|
|
Readline |
CVE-2014-2524 |
|
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
|
CVE-2025-21117 |
Dell Avamar, version 19.4 or later, contains an access token reuse vulnerability in the AUI. A low privileged local attacker could potentially exploit this vulnerability, leading to fully impersonating the user. |
6.6 |
|
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
|
CVE-2025-21117 |
Dell Avamar, version 19.4 or later, contains an access token reuse vulnerability in the AUI. A low privileged local attacker could potentially exploit this vulnerability, leading to fully impersonating the user. |
6.6 |
Betroffene Produkte und Korrektur
|
Product |
Software/Firmware |
Affected Versions |
Remediated Versions |
Link |
|
Dell Avamar Data Store Gen5A, Gen4T |
Dell Avamar operating system |
Versions 19.4, 19.7,19.8,19.9,19.10 and 19.10 SP1 |
Version 19.12 or later |
https://dl.dell.com/downloads/TCM61_Avamar-19.12-for-Server-and-AVE-Upgrades.avp |
|
Avamar Virtual Edition for VMware ESXi and vSphere |
Dell Avamar operating system |
Versions 19.4, 19.7,19.8,19.9,19.10 and 19.10 SP1 |
Version 19.12 or later |
https://dl.dell.com/downloads/1GK63_Avamar-19.12-Virtual-Edition-for-VMware-ESXi-and-vSphere.7z |
|
Avamar Virtual Edition for VMware vSphere only |
Dell Avamar operating system |
Versions 19.4, 19.7,19.8,19.9,19.10 and 19.10 SP1 |
Version 19.12 or later |
https://dl.dell.com/downloads/KF9JJ_Avamar-19.12-Virtual-Edition-for-VMware-vSphere-only.ova |
|
Avamar Virtual Edition for Hyper-V 2012 |
Dell Avamar operating system |
Versions 19.4, 19.7,19.8,19.9,19.10 and 19.10 SP1 |
Version 19.12 or later |
https://dl.dell.com/downloads/5X67J_Avamar-19.12-Virtual-Edition-for-Hyper-V-2012.7z |
|
Avamar Virtual Edition for Hyper-V 2012R2, Hyper-V 2016, and Hyper-V 2019 |
Dell Avamar operating system |
Versions 19.4, 19.7,19.8,19.9,19.10 and 19.10 SP1 |
Version 19.12 or later |
|
|
Avamar Virtual Edition for KVM/Open Stack KVM |
Dell Avamar operating system |
Versions 19.4, 19.7,19.8,19.9,19.10 and 19.10 SP1 |
Version 19.12 or later |
https://dl.dell.com/downloads/0CJC4_Avamar-19.12-Virtual-Edition-for-KVM-OpenStack-KVM.7z |
|
Product |
Software/Firmware |
Affected Versions |
Remediated Versions |
Link |
|
Dell Avamar Data Store Gen5A, Gen4T |
Dell Avamar operating system |
Versions 19.4, 19.7,19.8,19.9,19.10 and 19.10 SP1 |
Version 19.12 or later |
https://dl.dell.com/downloads/TCM61_Avamar-19.12-for-Server-and-AVE-Upgrades.avp |
|
Avamar Virtual Edition for VMware ESXi and vSphere |
Dell Avamar operating system |
Versions 19.4, 19.7,19.8,19.9,19.10 and 19.10 SP1 |
Version 19.12 or later |
https://dl.dell.com/downloads/1GK63_Avamar-19.12-Virtual-Edition-for-VMware-ESXi-and-vSphere.7z |
|
Avamar Virtual Edition for VMware vSphere only |
Dell Avamar operating system |
Versions 19.4, 19.7,19.8,19.9,19.10 and 19.10 SP1 |
Version 19.12 or later |
https://dl.dell.com/downloads/KF9JJ_Avamar-19.12-Virtual-Edition-for-VMware-vSphere-only.ova |
|
Avamar Virtual Edition for Hyper-V 2012 |
Dell Avamar operating system |
Versions 19.4, 19.7,19.8,19.9,19.10 and 19.10 SP1 |
Version 19.12 or later |
https://dl.dell.com/downloads/5X67J_Avamar-19.12-Virtual-Edition-for-Hyper-V-2012.7z |
|
Avamar Virtual Edition for Hyper-V 2012R2, Hyper-V 2016, and Hyper-V 2019 |
Dell Avamar operating system |
Versions 19.4, 19.7,19.8,19.9,19.10 and 19.10 SP1 |
Version 19.12 or later |
|
|
Avamar Virtual Edition for KVM/Open Stack KVM |
Dell Avamar operating system |
Versions 19.4, 19.7,19.8,19.9,19.10 and 19.10 SP1 |
Version 19.12 or later |
https://dl.dell.com/downloads/0CJC4_Avamar-19.12-Virtual-Edition-for-KVM-OpenStack-KVM.7z |
- The CVEs remedied by this security update are listed. The list not only have the new CVEs remedied by this update, but all the past CVEs included in this cumulative update. Due to dependencies on the above fixes, it cannot be backported.
- The OS Rollup 2024 R3 CVE is included in the 19.12 release. For further information on the OS Rollup 2024 R3 see. DSA-2024-433
- Dell recommends that you always upgrade to the latest release/version for your product.
- To schedule platform security patch installation, or to upgrade your server, contact Dell Customer Support at https://www.dell.com/support/home/product-support/product/avamar/drivers
- CVE-2014-9515 corresponding to Dozer Third Party Component is also remediated as a part of Version 19.10 SP1 corresponding to DSA-2024-280
Revisionsverlauf
|
Revision |
Date |
Description |
|
1.0 |
2025-02-05 |
Initial Release |
Zugehörige Informationen
Rechtlicher Hinweis
Betroffene Produkte
Avamar, Avamar Client, Avamar Client for VMware, Avamar Client for Windows, Avamar Data Store, Avamar Data Store Gen4T, Avamar Data Store Gen5A, Avamar Desktop/Laptop Option, Avamar Plug-in for Hyper-V VSS, Avamar Plug-in for NDMP, Avamar Server
, Avamar Virtual Edition
...
Artikeleigenschaften
Artikelnummer: 000281275
Artikeltyp: Dell Security Advisory
Zuletzt geändert: 09 Sept. 2025
Antworten auf Ihre Fragen erhalten Sie von anderen Dell NutzerInnen
Support Services
Prüfen Sie, ob Ihr Gerät durch Support Services abgedeckt ist.