Some article numbers may have changed. If this isn't what you're looking for, try searching all articles. Search articles

Article Number: 000211965

DSA-2023-127: Dell PowerProtect Data Manager Security Update for Multiple Security Vulnerabilities

Summary: Dell PowerProtect Data Manager remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Article Content

Impact

Critical

Details

Operating System Components CVE Details:

Third Party Component	CVEs	More Information
libpython3_6m1_0=3.6.15-32.2 python36-base=3.6.15-32.2 python36=3.6.15-32.2	CVE-2022-37454	See NVD ( http://nvd.nist.gov/) for individual scores for Each CVE
bind-utils=9.11.22-3.43.1 libbind9-161=9.11.22-3.43.1 libdns1110=9.11.22-3.43.1 libirs161=9.11.22-3.43.1 libisc1107=9.11.22-3.43.1 libisccc161=9.11.22-3.43.1 libisccfg163=9.11.22-3.43.1 liblwres161=9.11.22-3.43.1 python-bind=9.11.22-3.43.1	CVE-2022-2795 CVE-2022-38177 CVE-2022-38178
tar-lang=1.27.1-15.18.1 tar=1.27.1-15.18.1	CVE-2022-48303
samba-client-libs=4.15.13+git.534.0d9f8ece26-3.77.1 samba-libs-python3=4.15.13+git.534.0d9f8ece26-3.77.1 samba-libs=4.15.13+git.534.0d9f8ece26-3.77.1	CVE-2021-20251 CVE-2022-38023
libtirpc-netconfig=1.0.1-17.24.1 libtirpc3=1.0.1-17.24.1	CVE-2021-46828
dbus-1-x11=1.8.22-41.1 dbus-1=1.8.22-41.1 libdbus-1-3=1.8.22-41.1	CVE-2022-42010
libopenssl1_0_0=1.0.2p-3.64.1 libopenssl1_1=1.1.1d-2.75.1 openssl-1_0_0=1.0.2p-3.64.1	CVE-2023-0286
libsqlite3-0=3.39.3-9.26.1 sqlite3-tcl=3.39.3-9.26.1	CVE-2022-46908
libmspack0=0.4-15.13.1	CVE-2018-18586
glibc-i18ndata=2.22-114.22.1 glibc-locale=2.22-114.22.1 glibc=2.22-114.22.1	CVE-2015-8985
emacs-info=24.3-25.9.1 emacs-nox=24.3-25.9.1 emacs=24.3-25.9.1 etags=24.3-25.9.1	CVE-2022-45939
git-core=2.26.2-27.66.1	CVE-2023-22490
grub2-i386-pc=2.02-156.1 grub2-snapper-plugin=2.02-156.1 grub2-systemd-sleep-plugin=2.02-156.1 grub2=2.02-156.1	CVE-2022-2601 CVE-2022-3775
expat=2.1.0-21.28.1 libexpat1=2.1.0-21.28.1	CVE-2022-43680
libxml2-2=2.9.4-46.59.2 libxml2-tools=2.9.4-46.59.2	CVE-2022-40303
python3-setuptools=40.6.2-4.21.1 python36-setuptools=44.1.1-8.6.1	CVE-2022-40897
libpython3_4m1_0=3.4.10-25.105.1 python3-base=3.4.10-25.105.1	CVE-2022-40899
w3m=0.5.3.git20161120-161.6.1	CVE-2022-38223
containerd=1.6.12-16.68.1	CVE-2022-23471 CVE-2022-27191
libX11-6=1.6.2-12.24.1 libX11-data=1.6.2-12.24.1	CVE-2022-3554 CVE-2022-3555
libsnmp30=5.7.3-11.6.1 net-snmp=5.7.3-11.6.1 perl-SNMP=5.7.3-11.6.1 snmp-mibs=5.7.3-11.6.1	CVE-2022-44793
vim-data-common=9.0.1234-17.12.1 vim-data=9.0.1234-17.12.1 vim=9.0.1234-17.12.1	CVE-2021-3928 CVE-2022-3234 CVE-2022-3235 CVE-2022-3324 CVE-2022-3491 CVE-2022-3520 CVE-2022-3591 CVE-2022-3705 CVE-2022-4141 CVE-2022-4292 CVE-2022-4293 CVE-2023-0049 CVE-2023-0051 CVE-2023-0054 CVE-2023-0288 CVE-2023-0433
rpm=4.11.2-16.26.1	CVE-2021-20271 CVE-2021-3421
java-11-openjdk-headless=11.0.18.0-3.52.1	CVE-2022-21618 CVE-2022-21619 CVE-2022-21624 CVE-2022-21626 CVE-2022-21628 CVE-2022-39399 CVE-2023-21835 CVE-2023-21843
libfreebl3-hmac=3.79.4-58.94.1 libfreebl3=3.79.4-58.94.1 libsoftokn3-hmac=3.79.4-58.94.1 libsoftokn3=3.79.4-58.94.1 mozilla-nss-certs=3.79.4-58.94.1 mozilla-nss=3.79.4-58.94.1	CVE-2022-23491 CVE-2022-3479 CVE-2023-0767
krb5=1.12.5-40.46.1	CVE-2022-42898
sudo=1.8.27-4.33.1	CVE-2023-22809
libpython2_7-1_0=2.7.18-33.17.1 python-base=2.7.18-33.17.1 python-xml=2.7.18-33.17.1 python3=3.4.10-25.105.1	CVE-2022-45061
libksba8=1.3.0-24.6.1	CVE-2022-47629
curl=7.60.0-11.55.1 libcurl4=7.60.0-11.55.1	CVE-2023-23916
libsystemd0=228-157.49.1 libudev1=228-157.49.1 systemd-bash-completion=228-157.49.1 systemd-sysvinit=228-157.49.1 systemd=228-157.49.1 udev=228-157.49.1	CVE-2022-4415
ucode-intel=20230214-3.49.1	CVE-2022-21216 CVE-2022-33196 CVE-2022-38090
libtasn1-6=4.9-3.13.1 libtasn1=4.9-3.13.1	CVE-2021-46848
python3-py=1.8.1-11.15.2	CVE-2020-29651 CVE-2022-42969
kernel-default=4.12.14-122.147.1	CVE-2023-23454
libdb-4_8=4.8.30-33.1	CVE-2019-2708
dhcp-client=4.3.3-10.28.1 dhcp=4.3.3-10.28.1	CVE-2022-2928 CVE-2022-2929
kpartx=0.7.9+232+suse.cbc3754-3.14.1	CVE-2022-41973
libpq5=15.2-3.6.1 postgresql14-server=14.7-3.20.1 postgresql14=14.7-3.20.1	CVE-2022-41862

PPDM Core

Third Party Component	CVEs	More Information
jettison-1.1/jettison-1.4 Jettison - Json Stax implementation1.1	CVE-2022-40149 CVE-2022-40150	See NVD ( http://nvd.nist.gov/) for individual scores for Each CVE
XStream1.4.19	CVE-2022-40151 CVE-2022-40152 CVE-2022-41966
snakeyaml-1.30	CVE-2022-25857
jackson-databind2.13.4	CVE-2022-42003
Apache Commons JXPath1.3	CVE-2022-41852 CVE-2022-40159 CVE-2022-40157 CVE-2022-40160 CVE-2022-40161 CVE-2022-40158
Apache Commons Text1.9	CVE-2022-42889
Spring Security5.7.4	CVE-2022-31692 CVE-2022-31690
PostgreSQL JDBC Driver (pgjdbc)42.4.2	CVE-2022-41946
zip4j 2.10.0/zip4j 2.11.2	CVE-2023-22899

PPDM-UI

Third-Party Component	CVEs	More Information
engine io 6.2.0	CVE-2022-41940	See NVD ( http://nvd.nist.gov/) for individual scores for Each CVE
glob-parent 5.1.2	CVE-2020-28469
jszip 3.7.1	CVE-2022-48285
minimatch 3.0.4	CVE-2022-3517
qs 6.5.2	CVE-2022-24999
sindresorhus/got 9.6.0	CVE-2021-33502
socket io-parser 4.0.4	CVE-2022-2421
terser 5.11.0	CVE-2022-25858

PPDM Cloud Disaster Recovery

Third Party Component	CVEs	More Information
Spring Security 5.5.7	CVE-2022-31690	See NVD ( http://nvd.nist.gov/) for individual scores for Each CVE
jackson-databind 2.13.4	CVE-2022-42003
spring_framework_version 5.3.23	CVE-2016-1000027
snake_yaml_version 1.31	CVE-2022-41854 CVE-2022-38752
jettison_version 1.5.1	CVE-2022-45693 CVE-2022-45685
hsql 2.6.1	CVE-2022-41853

PPDM Kubernetes cProxy

Third Party Component	CVEs	More Information
curl <v7.88.0	CVE-2023-23916	See NVD ( http://nvd.nist.gov/) for individual scores for Each CVE
GNU Tar 1.27.1-15.15.1	CVE-2022-48303

PPDM Native Reporting

Third Party Component	CVEs	More Information
Apache POI 2.5.1/Apache POI 3.10-beta2	CVE-2017-12626 CVE-2019-12415 CVE-2016-5000 CVE-2022-26336 CVE-2017-5644 CVE-2012-0213 CVE-2014-9527 CVE-2014-3574 CVE-2014-3529	See NVD ( http://nvd.nist.gov/) for individual scores for Each CVE
BeanShell 2.0b4	CVE-2016-2510
Jsoup 1.7.3	CVE-2021-37714 CVE-2022-36033 CVE-2015-6748
libplexus-utils 2.0.5/ libplexus-utils 1.5.15	CVE-2017-1000487
Maven Shared Utils 0.1 Maven Shared Utils 0.4 Maven Shared Utils 0.7	CVE-2022-29599
XMLBeans 2.3.0	CVE-2021-23926

Cloud Snapshot Manager

Third Party Component	CVEs	More Information
cryptiles 3.1.2	CVE-2018-1000620	See NVD ( http://nvd.nist.gov/) for individual scores for Each CVE
deep-extend 0.4.2	CVE-2018-3750
extend 3.0.1	CVE-2018-16492 CVE-2018-16492
Handlebars.js 4.0.11	CVE-2021-23369 CVE-2021-23383 CVE-2019-19919
json-schema 0.2.3	CVE-2021-3918
knex 0.14.6	CVE-2019-10757 CVE-2019-10757
Lodash 4.17.10	CVE-2019-10744 CVE-2021-23337
minimist 1.2.0	CVE-2021-44906
mixin-deep 1.3.1	CVE-2019-10746
set-value 0.4.3	CVE-2021-23440 CVE-2019-10747
y18n 4.0.0	CVE-2020-7774
yeikos/js.merge 1.2.0	CVE-2020-28499
ansi-regex 4.1.0	CVE-2021-3807
Async 2.6.0	CVE-2021-43138
axios 0.18.1	CVE-2021-3749
dicer 0.2.5	CVE-2022-24434
dot-prop 4.2.0	CVE-2020-8116
doTJS v1.1.2	CVE-2020-8141
glob-parent 2.0.0	CVE-2020-28469
hueniverse/hawk 6.0.2	CVE-2022-29167
ini 1.3.5	CVE-2020-7788
kind-of 6.0.2	CVE-2019-20149
knowledgecode/date-and-time 0.11.1	CVE-2020-26289
moment/moment 2.24.0	CVE-2022-24785 CVE-2022-31129
node-forge 0.8.4	CVE-2022-24771 CVE-2022-24772 CVE-2020-7720
Nodemailerv 6.4.18	CVE-2021-23400
path-parse 1.0.5	CVE-2021-23343
pathval 1.1.0	CVE-2020-7751
redis 2.8.0	CVE-2021-29469
simple-getv 3.1.0	CVE-2022-0355
tar v4.4.10	CVE-2021-32803 CVE-2021-32804 CVE-2021-37701 CVE-2021-37712 CVE-2021-37713
tmpl 1.0.4	CVE-2021-3777
Underscore.js 1.9.1	CVE-2021-23358
validator.js 9.4.1	CVE-2021-3765
ajv 5.5.2	CVE-2020-15366
bl 4.0.2	CVE-2020-8244
debug-js/debug 2.2.0	CVE-2017-16137
follow-redirects 1.7.0	CVE-2022-0155 CVE-2022-0536
hosted-git-info 2.7.1	CVE-2021-23362
jszip 3.2.2	CVE-2021-21366 CVE-2021-32796
micromatch/braces 1.8.5	CVE-2018-1109
mikaelbr/node-notifier 5.2.1	CVE-2020-7789
node-fetch 2.6.0	CVE-2020-15168 CVE-2022-0235
Passport.js 0.3.2	CVE-2022-25896
randomatic 1.1.7	CVE-2017-16028
stringstream 0.0.5	CVE-2018-21270
undefsafe 2.0.2	CVE-2019-10795
xmldom 0.1.27	CVE-2021-21366 CVE-2021-32796
yargs-parser 2.4.1	CVE-2020-7608
Chownr 1.0.1	CVE-2017-18869

PPDM AppAgents

Third Party Component	CVEs	More Information
SQLite 3.38.1 SQLite 3.39.4	CVE-2022-35737 CVE-2022-46908	See NVD ( http://nvd.nist.gov/) for individual scores for Each CVE
Zlib 1.2.11	CVE-2022-37434 CVE-2018-25032
Libxml 2.9.14	CVE-2022-40304 CVE-2022-40303
Libcurl 7.86	CVE-2022-43551 CVE-2022-43552

Operating System Components CVE Details:

Third Party Component	CVEs	More Information
libpython3_6m1_0=3.6.15-32.2 python36-base=3.6.15-32.2 python36=3.6.15-32.2	CVE-2022-37454	See NVD ( http://nvd.nist.gov/) for individual scores for Each CVE
bind-utils=9.11.22-3.43.1 libbind9-161=9.11.22-3.43.1 libdns1110=9.11.22-3.43.1 libirs161=9.11.22-3.43.1 libisc1107=9.11.22-3.43.1 libisccc161=9.11.22-3.43.1 libisccfg163=9.11.22-3.43.1 liblwres161=9.11.22-3.43.1 python-bind=9.11.22-3.43.1	CVE-2022-2795 CVE-2022-38177 CVE-2022-38178
tar-lang=1.27.1-15.18.1 tar=1.27.1-15.18.1	CVE-2022-48303
samba-client-libs=4.15.13+git.534.0d9f8ece26-3.77.1 samba-libs-python3=4.15.13+git.534.0d9f8ece26-3.77.1 samba-libs=4.15.13+git.534.0d9f8ece26-3.77.1	CVE-2021-20251 CVE-2022-38023
libtirpc-netconfig=1.0.1-17.24.1 libtirpc3=1.0.1-17.24.1	CVE-2021-46828
dbus-1-x11=1.8.22-41.1 dbus-1=1.8.22-41.1 libdbus-1-3=1.8.22-41.1	CVE-2022-42010
libopenssl1_0_0=1.0.2p-3.64.1 libopenssl1_1=1.1.1d-2.75.1 openssl-1_0_0=1.0.2p-3.64.1	CVE-2023-0286
libsqlite3-0=3.39.3-9.26.1 sqlite3-tcl=3.39.3-9.26.1	CVE-2022-46908
libmspack0=0.4-15.13.1	CVE-2018-18586
glibc-i18ndata=2.22-114.22.1 glibc-locale=2.22-114.22.1 glibc=2.22-114.22.1	CVE-2015-8985
emacs-info=24.3-25.9.1 emacs-nox=24.3-25.9.1 emacs=24.3-25.9.1 etags=24.3-25.9.1	CVE-2022-45939
git-core=2.26.2-27.66.1	CVE-2023-22490
grub2-i386-pc=2.02-156.1 grub2-snapper-plugin=2.02-156.1 grub2-systemd-sleep-plugin=2.02-156.1 grub2=2.02-156.1	CVE-2022-2601 CVE-2022-3775
expat=2.1.0-21.28.1 libexpat1=2.1.0-21.28.1	CVE-2022-43680
libxml2-2=2.9.4-46.59.2 libxml2-tools=2.9.4-46.59.2	CVE-2022-40303
python3-setuptools=40.6.2-4.21.1 python36-setuptools=44.1.1-8.6.1	CVE-2022-40897
libpython3_4m1_0=3.4.10-25.105.1 python3-base=3.4.10-25.105.1	CVE-2022-40899
w3m=0.5.3.git20161120-161.6.1	CVE-2022-38223
containerd=1.6.12-16.68.1	CVE-2022-23471 CVE-2022-27191
libX11-6=1.6.2-12.24.1 libX11-data=1.6.2-12.24.1	CVE-2022-3554 CVE-2022-3555
libsnmp30=5.7.3-11.6.1 net-snmp=5.7.3-11.6.1 perl-SNMP=5.7.3-11.6.1 snmp-mibs=5.7.3-11.6.1	CVE-2022-44793
vim-data-common=9.0.1234-17.12.1 vim-data=9.0.1234-17.12.1 vim=9.0.1234-17.12.1	CVE-2021-3928 CVE-2022-3234 CVE-2022-3235 CVE-2022-3324 CVE-2022-3491 CVE-2022-3520 CVE-2022-3591 CVE-2022-3705 CVE-2022-4141 CVE-2022-4292 CVE-2022-4293 CVE-2023-0049 CVE-2023-0051 CVE-2023-0054 CVE-2023-0288 CVE-2023-0433
rpm=4.11.2-16.26.1	CVE-2021-20271 CVE-2021-3421
java-11-openjdk-headless=11.0.18.0-3.52.1	CVE-2022-21618 CVE-2022-21619 CVE-2022-21624 CVE-2022-21626 CVE-2022-21628 CVE-2022-39399 CVE-2023-21835 CVE-2023-21843
libfreebl3-hmac=3.79.4-58.94.1 libfreebl3=3.79.4-58.94.1 libsoftokn3-hmac=3.79.4-58.94.1 libsoftokn3=3.79.4-58.94.1 mozilla-nss-certs=3.79.4-58.94.1 mozilla-nss=3.79.4-58.94.1	CVE-2022-23491 CVE-2022-3479 CVE-2023-0767
krb5=1.12.5-40.46.1	CVE-2022-42898
sudo=1.8.27-4.33.1	CVE-2023-22809
libpython2_7-1_0=2.7.18-33.17.1 python-base=2.7.18-33.17.1 python-xml=2.7.18-33.17.1 python3=3.4.10-25.105.1	CVE-2022-45061
libksba8=1.3.0-24.6.1	CVE-2022-47629
curl=7.60.0-11.55.1 libcurl4=7.60.0-11.55.1	CVE-2023-23916
libsystemd0=228-157.49.1 libudev1=228-157.49.1 systemd-bash-completion=228-157.49.1 systemd-sysvinit=228-157.49.1 systemd=228-157.49.1 udev=228-157.49.1	CVE-2022-4415
ucode-intel=20230214-3.49.1	CVE-2022-21216 CVE-2022-33196 CVE-2022-38090
libtasn1-6=4.9-3.13.1 libtasn1=4.9-3.13.1	CVE-2021-46848
python3-py=1.8.1-11.15.2	CVE-2020-29651 CVE-2022-42969
kernel-default=4.12.14-122.147.1	CVE-2023-23454
libdb-4_8=4.8.30-33.1	CVE-2019-2708
dhcp-client=4.3.3-10.28.1 dhcp=4.3.3-10.28.1	CVE-2022-2928 CVE-2022-2929
kpartx=0.7.9+232+suse.cbc3754-3.14.1	CVE-2022-41973
libpq5=15.2-3.6.1 postgresql14-server=14.7-3.20.1 postgresql14=14.7-3.20.1	CVE-2022-41862

PPDM Core

Third Party Component	CVEs	More Information
jettison-1.1/jettison-1.4 Jettison - Json Stax implementation1.1	CVE-2022-40149 CVE-2022-40150	See NVD ( http://nvd.nist.gov/) for individual scores for Each CVE
XStream1.4.19	CVE-2022-40151 CVE-2022-40152 CVE-2022-41966
snakeyaml-1.30	CVE-2022-25857
jackson-databind2.13.4	CVE-2022-42003
Apache Commons JXPath1.3	CVE-2022-41852 CVE-2022-40159 CVE-2022-40157 CVE-2022-40160 CVE-2022-40161 CVE-2022-40158
Apache Commons Text1.9	CVE-2022-42889
Spring Security5.7.4	CVE-2022-31692 CVE-2022-31690
PostgreSQL JDBC Driver (pgjdbc)42.4.2	CVE-2022-41946
zip4j 2.10.0/zip4j 2.11.2	CVE-2023-22899

PPDM-UI

Third-Party Component	CVEs	More Information
engine io 6.2.0	CVE-2022-41940	See NVD ( http://nvd.nist.gov/) for individual scores for Each CVE
glob-parent 5.1.2	CVE-2020-28469
jszip 3.7.1	CVE-2022-48285
minimatch 3.0.4	CVE-2022-3517
qs 6.5.2	CVE-2022-24999
sindresorhus/got 9.6.0	CVE-2021-33502
socket io-parser 4.0.4	CVE-2022-2421
terser 5.11.0	CVE-2022-25858

PPDM Cloud Disaster Recovery

Third Party Component	CVEs	More Information
Spring Security 5.5.7	CVE-2022-31690	See NVD ( http://nvd.nist.gov/) for individual scores for Each CVE
jackson-databind 2.13.4	CVE-2022-42003
spring_framework_version 5.3.23	CVE-2016-1000027
snake_yaml_version 1.31	CVE-2022-41854 CVE-2022-38752
jettison_version 1.5.1	CVE-2022-45693 CVE-2022-45685
hsql 2.6.1	CVE-2022-41853

PPDM Kubernetes cProxy

Third Party Component	CVEs	More Information
curl <v7.88.0	CVE-2023-23916	See NVD ( http://nvd.nist.gov/) for individual scores for Each CVE
GNU Tar 1.27.1-15.15.1	CVE-2022-48303

PPDM Native Reporting

Third Party Component	CVEs	More Information
Apache POI 2.5.1/Apache POI 3.10-beta2	CVE-2017-12626 CVE-2019-12415 CVE-2016-5000 CVE-2022-26336 CVE-2017-5644 CVE-2012-0213 CVE-2014-9527 CVE-2014-3574 CVE-2014-3529	See NVD ( http://nvd.nist.gov/) for individual scores for Each CVE
BeanShell 2.0b4	CVE-2016-2510
Jsoup 1.7.3	CVE-2021-37714 CVE-2022-36033 CVE-2015-6748
libplexus-utils 2.0.5/ libplexus-utils 1.5.15	CVE-2017-1000487
Maven Shared Utils 0.1 Maven Shared Utils 0.4 Maven Shared Utils 0.7	CVE-2022-29599
XMLBeans 2.3.0	CVE-2021-23926

Cloud Snapshot Manager

Third Party Component	CVEs	More Information
cryptiles 3.1.2	CVE-2018-1000620	See NVD ( http://nvd.nist.gov/) for individual scores for Each CVE
deep-extend 0.4.2	CVE-2018-3750
extend 3.0.1	CVE-2018-16492 CVE-2018-16492
Handlebars.js 4.0.11	CVE-2021-23369 CVE-2021-23383 CVE-2019-19919
json-schema 0.2.3	CVE-2021-3918
knex 0.14.6	CVE-2019-10757 CVE-2019-10757
Lodash 4.17.10	CVE-2019-10744 CVE-2021-23337
minimist 1.2.0	CVE-2021-44906
mixin-deep 1.3.1	CVE-2019-10746
set-value 0.4.3	CVE-2021-23440 CVE-2019-10747
y18n 4.0.0	CVE-2020-7774
yeikos/js.merge 1.2.0	CVE-2020-28499
ansi-regex 4.1.0	CVE-2021-3807
Async 2.6.0	CVE-2021-43138
axios 0.18.1	CVE-2021-3749
dicer 0.2.5	CVE-2022-24434
dot-prop 4.2.0	CVE-2020-8116
doTJS v1.1.2	CVE-2020-8141
glob-parent 2.0.0	CVE-2020-28469
hueniverse/hawk 6.0.2	CVE-2022-29167
ini 1.3.5	CVE-2020-7788
kind-of 6.0.2	CVE-2019-20149
knowledgecode/date-and-time 0.11.1	CVE-2020-26289
moment/moment 2.24.0	CVE-2022-24785 CVE-2022-31129
node-forge 0.8.4	CVE-2022-24771 CVE-2022-24772 CVE-2020-7720
Nodemailerv 6.4.18	CVE-2021-23400
path-parse 1.0.5	CVE-2021-23343
pathval 1.1.0	CVE-2020-7751
redis 2.8.0	CVE-2021-29469
simple-getv 3.1.0	CVE-2022-0355
tar v4.4.10	CVE-2021-32803 CVE-2021-32804 CVE-2021-37701 CVE-2021-37712 CVE-2021-37713
tmpl 1.0.4	CVE-2021-3777
Underscore.js 1.9.1	CVE-2021-23358
validator.js 9.4.1	CVE-2021-3765
ajv 5.5.2	CVE-2020-15366
bl 4.0.2	CVE-2020-8244
debug-js/debug 2.2.0	CVE-2017-16137
follow-redirects 1.7.0	CVE-2022-0155 CVE-2022-0536
hosted-git-info 2.7.1	CVE-2021-23362
jszip 3.2.2	CVE-2021-21366 CVE-2021-32796
micromatch/braces 1.8.5	CVE-2018-1109
mikaelbr/node-notifier 5.2.1	CVE-2020-7789
node-fetch 2.6.0	CVE-2020-15168 CVE-2022-0235
Passport.js 0.3.2	CVE-2022-25896
randomatic 1.1.7	CVE-2017-16028
stringstream 0.0.5	CVE-2018-21270
undefsafe 2.0.2	CVE-2019-10795
xmldom 0.1.27	CVE-2021-21366 CVE-2021-32796
yargs-parser 2.4.1	CVE-2020-7608
Chownr 1.0.1	CVE-2017-18869

PPDM AppAgents

Third Party Component	CVEs	More Information
SQLite 3.38.1 SQLite 3.39.4	CVE-2022-35737 CVE-2022-46908	See NVD ( http://nvd.nist.gov/) for individual scores for Each CVE
Zlib 1.2.11	CVE-2022-37434 CVE-2018-25032
Libxml 2.9.14	CVE-2022-40304 CVE-2022-40303
Libcurl 7.86	CVE-2022-43551 CVE-2022-43552

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

Product	Affected Versions	Updated Version	Link to Update
Dell PowerProtect Data Manager	19.12 and earlier	19.13 and later	PPDM 19.13 drivers and downloads
Dell PowerProtect Data Manager Appliance (DM5500)	5.12	5.13	DM5500 5.13 Downloads

Product	Affected Versions	Updated Version	Link to Update
Dell PowerProtect Data Manager	19.12 and earlier	19.13 and later	PPDM 19.13 drivers and downloads
Dell PowerProtect Data Manager Appliance (DM5500)	5.12	5.13	DM5500 5.13 Downloads

Revision History

Revision	Date	Description
1.0	2023-04-03	Initial Release
2.0	2023-05-05	Added New Product Under "Affected Products and Remediation" Section

Related Information

Legal Information

Article Properties

Affected Product

PowerProtect Data Manager Appliance, PowerProtect Data Manager, Product Security Information

DSA-2023-127: Dell PowerProtect Data Manager Security Update for Multiple Security Vulnerabilities

Summary: Dell PowerProtect Data Manager remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Article Content

Impact

Details

Affected Products and Remediation

Revision History

Related Information

Legal Information

Article Properties

Affected Product

Last Published Date

Version

Article Type

Welcome

Welcome to Dell

DSA-2023-127: Dell PowerProtect Data Manager Security Update for Multiple Security Vulnerabilities

Summary: Dell PowerProtect Data Manager remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Article Content

Impact

Details

Affected Products and Remediation

Revision History

Related Information

Legal Information

Article Properties

Affected Product

Last Published Date

Version

Article Type