DSA-2025-075: Security Update for Dell Data Protection Advisor for Multiple Vulnerabilities

Zusammenfassung: Dell Data Protection Advisor remediation is available for multiple vulnerabilities that could be exploited by malicious users to compromise the affected system.

Dieser Artikel gilt für Dieser Artikel gilt nicht für Dieser Artikel ist nicht an ein bestimmtes Produkt gebunden. In diesem Artikel werden nicht alle Produktversionen aufgeführt.
Andere Ressourcen ansehen

Auswirkungen

Critical

Details

Third-party Component CVEs More Information
Apache Avro CVE-2021-43045, CVE-2023-39410 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
Apache commons collections CVE-2015-7501 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
Apache commons compress CVE-2023-42503, CVE-2024-25710, CVE-2024-26308 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
Apache Mina SSHD Common support utilities CVE-2022-45047 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
Apache Mina SSHD Core CVE-2021-30129, CVE-2023-35887, CVE-2023-48795 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
Apache Tomcat CVE-2021-24122, CVE-2021-30640, CVE-2021-33037, CVE-2022-34305, CVE-2020-9484, CVE-2020-17527, CVE-2021-25122, CVE-2021-25329, CVE-2021-30639,CVE-2021-41079, CVE-2022-23181, CVE-2022-29885, CVE-2022-25762, CVE-2022-42252, CVE-2023-46589, CVE-2021-43980, CVE-2023-28708, CVE-2023-41080, CVE-2023-42795, CVE-2023-45648, CVE-2024-21733 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
Apache Velocity CVE-2020-13936 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
Apache Xerces CVE-2022-23437 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
Curl CVE-2023-38545 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
Dom4j CVE-2020-10683 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
Google-guava CVE-2023-2976, CVE-2020-8908 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
H2 Database Engine CVE-2022-45868 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
Java SE 8u421 CVE-2024-21235, CVE-2024-21217, CVE-2024-21210, CVE-2024-21208 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
Jboss REST Easy CVE-2016-9606, CVE-2020-25633 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
Jettison CVE-2022-40149, CVE-2022-40150, CVE-2022-45685, CVE-2022-45693, CVE-2023-1436 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
JGit CVE-2023-4759 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
Jsoup CVE-2021-37714, CVE-2022-36033 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
libcurl CVE-2023-27537, CVE-2023-38039 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
MySql Connector CVE-2023-22102, CVE-2023-21971 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
okHttp CVE-2018-20200 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
PostgreSQL driver CVE-2024-1597 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
Slf4j_ext CVE-2018-8088 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
SnakeYaml CVE-2022-41854, CVE-2022-38750,CVE-2022-38751, CVE-2022-38749, CVE-2022-25857, CVE-2022-1471, CVE-2022-38752 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
SSH CVE-2023-46445, CVE-2023-46446 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
Wildfly CVE-2020-14338 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
XML External Entity CVE-2014-3530 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

 

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2025-46699 Dell Data Protection Advisor, versions prior to 19.12, contains an Improper Neutralization of Special Elements Used in a Template Engine vulnerability in the Server. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure. 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NThis hyperlink is taking you to a website outside of Dell Technologies.

 

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2025-46699 Dell Data Protection Advisor, versions prior to 19.12, contains an Improper Neutralization of Special Elements Used in a Template Engine vulnerability in the Server. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure. 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NThis hyperlink is taking you to a website outside of Dell Technologies.

 

Dell Technologies empfiehlt allen Kunden, sowohl die CVSS-Gesamtbewertung als auch alle relevanten zeitlichen und umweltbezogenen Bewertungen zu berücksichtigen, die sich auf den potenziellen Schweregrad einer bestimmten Sicherheitsschwachstelle auswirken können.

Betroffene Produkte und Korrektur

Product Affected Versions Remediated Versions Link to Update
Data Protection Advisor Versions 19.9, 19.10 and 19.11 Version 19.12 or later Data Protection Advisor Downloads Area

 

Product Affected Versions Remediated Versions Link to Update
Data Protection Advisor Versions 19.9, 19.10 and 19.11 Version 19.12 or later Data Protection Advisor Downloads Area

 

Notes:

  1. Dell recommends that you always upgrade to the latest release/version for your product.
  2. To request the workaround files that remove the affected OpenSSL-dependent libraries, or to receive assistance with applying the workaround, please contact Dell Customer Support.

Workarounds und Korrekturmaßnahmen

CVE ID Workaround and Mitigation

CVE-2024-5535, CVE-2023-3446

Pre-requisites: 

  • This workaround applies to Dell Data Protection Advisor (DPA), version 19.11 and later.
  • The HP Disk Array and HP Virtual Tape Library (VTL) endpoints must not be actively monitored by DPA.
  • The script must be executed by a user with system access and privileges to perform operations such as read, execute and delete files or execute shell or batch scripts.
  • The absolute paths to the _install and _uninstall directories of DPA on the host’s file system must be prepared and noted in advance, as they will be required during script execution. 
  • The appropriate script file for your operating system has been downloaded. The script helps remove OpenSSL 1.0.2 dependent libraries affected by CVE-2024-5535 and CVE-2023-3446.
    • Linux: Unbundle_openssl_102_Libs_From_DPA.sh
    • Windows: Unbundle_Openssl_102_Libs_From_DPA.bat 
 

For Linux: 

  1. Extract UnbundleScript_Openssl_102_Libs.zip to a temporary folder, using one either gunzip or unzip command.
  2. Grant execute permission to the script using the following CLI command: 
     # chmod 0777 unbundle_openssl_102_Libs_From_DPA 

  1. Execute the script and when prompted, provide the absolute path where _install and _uninstall DPA folders are present. Example: </opt/emc/dpa/>.

Note: Post execution the script will automatically remove libssl.so.1.0.0, libcrypto.so.1.0.0, dpaagent_modhparray, and dpaagent_modhpvls and exit. 

 

 

For Windows: 

  1. Extract UnbundleScript_Openssl_102_Libs.zip to a temporary folder using 7Zip software or any Windows supported zip software 
  2. Execute the script and when prompted, provide the absolute path where _install and _uninstall DPA folders are present. Example: <C:\Program Files\EMC\DPA>.
 

Note: Post execution of the script will automatically remove libeay32.dll, ssleay32.dll, dpaagent_modhparray.exe, dpaagent_modhpvls.exe and exit.

 

Revisionsverlauf

RevisionDateDescription
1.02025-02-06Initial Release
2.02025-06-11Minor updates related to workaround and formatting
3.02025-06-18Minor update related to workaround files availability
4.02026-01-21Major update to include CVE-2025-46699

 

Zugehörige Informationen

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Rechtlicher Hinweis

Betroffene Produkte

Data Protection Advisor, Data Protection Suite Series
Artikeleigenschaften
Artikelnummer: 000281732
Artikeltyp: Dell Security Advisory
Zuletzt geändert: 21 Jan. 2026
Antworten auf Ihre Fragen erhalten Sie von anderen Dell NutzerInnen
Support Services
Prüfen Sie, ob Ihr Gerät durch Support Services abgedeckt ist.