Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.

Article Number: 000191930


DSA-2021-181: Dell EMC PowerProtect Data Manager Update for Multiple Security Vulnerabilities

Summary: Dell EMC PowerProtect Data Manager remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected systems.

Article Content


Impact

Critical

Details

Third-party Component  CVE(s) More Information
MyBatis 3.4.4 CVE-2020-26945 See NVD (http://nvd.nist.gov/) for individual scores for each CVE.
Spring Cloud Netflix Zuul2.2.6.RELEASE CVE-2021-22113
json-smart 2.3 CVE-2021-27568
AWS SDK for Node.js v2.596.0 CVE-2020-28472
css-whatv4.0.0/css-whatv3.4.2 CVE-2021-33587
einaros/ws 6.2.2 CVE-2021-32640
engine.io 3.5.0  CVE-2020-36048 
glob-parent 3.1.0 CVE-2020-28469
normalize_url v4.5.0/ normalize_url3.3.0 CVE-2021-33502
path-parse 1.0.6 CVE-2021-23343
PostCSS 7.0.35 CVE-2021-23382
CVE-2021-23368
Socket.IO Parser 3.3.2 CVE-2020-36049
UAParser.js 0.7.21 CVE-2021-27292
CVE-2020-7793
 
CVE-2020-7733 
Apache Commons Compress 1.20 CVE-2021-36090
CVE-2021-35517
CVE-2021-35516
CVE-2021-35515
Expression Language 3.03.0.3 CVE-2021-28170
HashiCorp Consul v1.1.0 CVE-2020-7219
GoLang 1.16 CVE-2021-34558
CVE-2021-33198
CVE-2021-33197
CVE-2021-33196
CVE-2021-33195
CVE-2021-33194
CVE-2021-31525
CVE-2021-27919
CVE-2021-27918
CVE-2021-3121
CVE-2020-29652
CVE-2020-29511
CVE-2020-29510
CVE-2020-29509
CVE-2020-28852
CVE-2020-28851
libgcrypt20=1.6.1-16.77.1 CVE-2021-33560
libsystemd0=228-157.30.1
libudev1=228-157.30.1
systemd-bash-completion=228-157.30.1
systemd-sysvinit=228-157.30.1
systemd=228-157.30.1
udev=228-157.30.1
CVE-2021-33910
containerd=1.4.4-16.42.1 CVE-2021-21334
CVE-2021-32760
python3-urllib3=1.25.10-3.29.1 CVE-2021-33503
bind-utils=9.11.22-3.34.1
libbind9-161=9.11.22-3.34.1
libdns1110=9.11.22-3.34.1
libirs161=9.11.22-3.34.1
libisc1107=9.11.22-3.34.1
libisccc161=9.11.22-3.34.1
libisccfg163=9.11.22-3.34.1
liblwres161=9.11.22-3.34.1
python-bind=9.11.22-3.34.1
CVE-2021-25214
CVE-2021-25215
CVE-2021-25216
dhcp-client=4.3.3-10.22.1
dhcp=4.3.3-10.22.1
CVE-2021-25217
libX11-6=1.6.2-12.21.1
libX11-data=1.6.2-12.21.1
CVE-2021-31535
kernel-default=4.12.14-122.83.1 CVE-2020-0429
CVE-2021-3659
libmspack0=0.4-15.10.1 CVE-2018-14681
glibc-i18ndata=2.22-114.12.1
glibc-locale=2.22-114.12.1
glibc=2.22-114.12.1
CVE-2016-10228
CVE-2020-27618
CVE-2020-29562
CVE-2020-29573
CVE-2021-35942
libpython3_6m1_0=3.6.13-4.42.1
python36-base=3.6.13-4.42.1
python36=3.6.13-4.42.1
CVE-2021-3426
ucode-intel=20210525-3.35.1 CVE-2020-24489
CVE-2020-24511
CVE-2020-24512
CVE-2020-24513
libpolkit0=0.113-5.21.1
polkit=0.113-5.21.1
CVE-2021-3560
libxml2-2=2.9.4-46.46.1
libxml2-tools=2.9.4-46.46.1
CVE-2021-3541
libhogweed2=2.7.1-13.6.1
libnettle4=2.7.1-13.6.1
CVE-2021-3580
libjpeg8=8.1.2-31.25.1 CVE-2020-17541
python3-PyYAML=5.3.1-28.4.3 CVE-2020-14343
postgresql10-server=10.17-4.16.4
postgresql10=10.17-4.16.4
CVE-2021-32027
CVE-2021-32028
dbus-1-x11=1.8.22-35.2
dbus-1=1.8.22-35.2
libdbus-1-3=1.8.22-35.2
CVE-2020-35512
java-1_8_0-openjdk-headless=1.8.0.292-27.60.1 CVE-2021-2163
libpq5=13.3-3.9.3 CVE-2021-32027
CVE-2021-32028
CVE-2021-32029
curl=7.60.0-11.23.1
libcurl4=7.60.0-11.23.1
CVE-2021-22925
cpio-lang=2.11-36.9.2
cpio=2.11-36.9.2
CVE-2021-38185
libsolv-tools=0.6.37-2.33.1 CVE-2019-20387
CVE-2021-3200
sudo >= 1.8.27-4.15.1 CVE-2021-3156
Third-party Component  CVE(s) More Information
MyBatis 3.4.4 CVE-2020-26945 See NVD (http://nvd.nist.gov/) for individual scores for each CVE.
Spring Cloud Netflix Zuul2.2.6.RELEASE CVE-2021-22113
json-smart 2.3 CVE-2021-27568
AWS SDK for Node.js v2.596.0 CVE-2020-28472
css-whatv4.0.0/css-whatv3.4.2 CVE-2021-33587
einaros/ws 6.2.2 CVE-2021-32640
engine.io 3.5.0  CVE-2020-36048 
glob-parent 3.1.0 CVE-2020-28469
normalize_url v4.5.0/ normalize_url3.3.0 CVE-2021-33502
path-parse 1.0.6 CVE-2021-23343
PostCSS 7.0.35 CVE-2021-23382
CVE-2021-23368
Socket.IO Parser 3.3.2 CVE-2020-36049
UAParser.js 0.7.21 CVE-2021-27292
CVE-2020-7793
 
CVE-2020-7733 
Apache Commons Compress 1.20 CVE-2021-36090
CVE-2021-35517
CVE-2021-35516
CVE-2021-35515
Expression Language 3.03.0.3 CVE-2021-28170
HashiCorp Consul v1.1.0 CVE-2020-7219
GoLang 1.16 CVE-2021-34558
CVE-2021-33198
CVE-2021-33197
CVE-2021-33196
CVE-2021-33195
CVE-2021-33194
CVE-2021-31525
CVE-2021-27919
CVE-2021-27918
CVE-2021-3121
CVE-2020-29652
CVE-2020-29511
CVE-2020-29510
CVE-2020-29509
CVE-2020-28852
CVE-2020-28851
libgcrypt20=1.6.1-16.77.1 CVE-2021-33560
libsystemd0=228-157.30.1
libudev1=228-157.30.1
systemd-bash-completion=228-157.30.1
systemd-sysvinit=228-157.30.1
systemd=228-157.30.1
udev=228-157.30.1
CVE-2021-33910
containerd=1.4.4-16.42.1 CVE-2021-21334
CVE-2021-32760
python3-urllib3=1.25.10-3.29.1 CVE-2021-33503
bind-utils=9.11.22-3.34.1
libbind9-161=9.11.22-3.34.1
libdns1110=9.11.22-3.34.1
libirs161=9.11.22-3.34.1
libisc1107=9.11.22-3.34.1
libisccc161=9.11.22-3.34.1
libisccfg163=9.11.22-3.34.1
liblwres161=9.11.22-3.34.1
python-bind=9.11.22-3.34.1
CVE-2021-25214
CVE-2021-25215
CVE-2021-25216
dhcp-client=4.3.3-10.22.1
dhcp=4.3.3-10.22.1
CVE-2021-25217
libX11-6=1.6.2-12.21.1
libX11-data=1.6.2-12.21.1
CVE-2021-31535
kernel-default=4.12.14-122.83.1 CVE-2020-0429
CVE-2021-3659
libmspack0=0.4-15.10.1 CVE-2018-14681
glibc-i18ndata=2.22-114.12.1
glibc-locale=2.22-114.12.1
glibc=2.22-114.12.1
CVE-2016-10228
CVE-2020-27618
CVE-2020-29562
CVE-2020-29573
CVE-2021-35942
libpython3_6m1_0=3.6.13-4.42.1
python36-base=3.6.13-4.42.1
python36=3.6.13-4.42.1
CVE-2021-3426
ucode-intel=20210525-3.35.1 CVE-2020-24489
CVE-2020-24511
CVE-2020-24512
CVE-2020-24513
libpolkit0=0.113-5.21.1
polkit=0.113-5.21.1
CVE-2021-3560
libxml2-2=2.9.4-46.46.1
libxml2-tools=2.9.4-46.46.1
CVE-2021-3541
libhogweed2=2.7.1-13.6.1
libnettle4=2.7.1-13.6.1
CVE-2021-3580
libjpeg8=8.1.2-31.25.1 CVE-2020-17541
python3-PyYAML=5.3.1-28.4.3 CVE-2020-14343
postgresql10-server=10.17-4.16.4
postgresql10=10.17-4.16.4
CVE-2021-32027
CVE-2021-32028
dbus-1-x11=1.8.22-35.2
dbus-1=1.8.22-35.2
libdbus-1-3=1.8.22-35.2
CVE-2020-35512
java-1_8_0-openjdk-headless=1.8.0.292-27.60.1 CVE-2021-2163
libpq5=13.3-3.9.3 CVE-2021-32027
CVE-2021-32028
CVE-2021-32029
curl=7.60.0-11.23.1
libcurl4=7.60.0-11.23.1
CVE-2021-22925
cpio-lang=2.11-36.9.2
cpio=2.11-36.9.2
CVE-2021-38185
libsolv-tools=0.6.37-2.33.1 CVE-2019-20387
CVE-2021-3200
sudo >= 1.8.27-4.15.1 CVE-2021-3156

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

Product Affected Version(s) Updated Version(s) Link to Update
Dell EMC PowerProtect Data Manager 19.8 and prior 19.9 Contact Customer Support
Product Affected Version(s) Updated Version(s) Link to Update
Dell EMC PowerProtect Data Manager 19.8 and prior 19.9 Contact Customer Support

Workarounds and Mitigations

None.

Revision History

RevisionDateDescription
1.02021-09-27Initial Release

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide


The information in this Dell Technologies Security Advisory should be read and used to assist in avoiding situations that may arise from the problems described herein. Dell Technologies distributes Security Advisories to bring important security information to the attention of users of the affected product(s). Dell Technologies assesses the risk based on an average of risks across a diverse set of installed systems and may not represent the actual risk to your local installation and individual environment. It is recommended that all users determine the applicability of this information to their individual environments and take appropriate actions. The information set forth herein is provided "as is" without warranty of any kind. Dell Technologies expressly disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Dell Technologies, its affiliates or suppliers, be liable for any damages whatsoever arising from or related to the information contained herein or actions that you decide to take based thereon, including any direct, indirect, incidental, consequential, loss of business profits or special damages, even if Dell Technologies, its affiliates or suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation shall apply to the extent permissible under law.

Article Properties


Affected Product

PowerProtect Data Manager, Product Security Information

Last Published Date

27 Sep 2021

Version

1

Article Type

Dell Security Advisory

Rate This Article


Accurate
Useful
Easy to Understand
Was this article helpful?

0/3000 characters