Article Number: 000215920
DSA-2023-262: Security Update for Dell PowerProtect Data Manager
Summary: Dell PowerProtect Data Manager remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
Article Content
Impact
Critical
Details
Operating System Components CVE Details:
PPDM Core
PPDM Kubernetes cProxy:
PPDM-UI:
PPDM Cloud Disaster Recovery
PPDM Native Reporting
Cloud Snapshot Manager
PPDM Agents
| Third Party Component | CVEs | More Information |
|---|---|---|
| python3-cffi=1.11.5-5.19.1 | CVE-2023-23931 | CVE-2023-23931  |
| python3-cryptography=2.8-7.40.1 | CVE-2023-23931 | CVE-2023-23931 |
| libldap-2_4-2=2.4.41-22.19.1 | CVE-2023-2953 | CVE-2023-2953 |
| supportutils=3.0.11-95.54.1 | CVE-2022-45154 | CVE-2022-45154 |
| shadow=4.2.1-36.3.1 | CVE-2023-29383 | CVE-2023-29383 |
| libxslt-tools=1.1.28-17.15.1 libxslt1=1.1.28-17.15.1 |
CVE-2021-30560 | CVE-2021-30560 |
| libavahi-client3=0.6.32-32.18.1 libavahi-common3=0.6.32-32.18.1 |
CVE-2023-1981 | CVE-2023-1981 |
| libpq5=15.3-3.9.1 postgresql14-server=14.8-3.23.1 postgresql14=14.8-3.23.1 |
CVE-2023-2454, CVE-2023-2455 | CVE-2023-2454, CVE-2023-2455 |
| ucode-intel=20230512-3.52.1 | CVE-2022-33972 | CVE-2022-33972 |
| containerd=1.6.19-16.79.1 | CVE-2023-25153, CVE-2023-25173 | CVE-2023-25153, CVE-2023-25173 |
| vim-data-common=9.0.1386-17.15.4 vim-data=9.0.1386-17.15.4 vim=9.0.1386-17.15.4 |
CVE-2023-0512, CVE-2023-1127, CVE-2023-1170, CVE-2023-1175 | CVE-2023-0512, CVE-2023-1127, CVE-2023-1170, CVE-2023-1175 |
| kernel-default=4.12.14-122.159.1 | CVE-2022-43945, CVE-2023-1670, CVE-2023-1855, CVE-2023-1989, CVE-2023-1990, CVE-2023-1998, CVE-2023-2124, CVE-2023-2162, CVE-2023-2483, CVE-2023-30772 | CVE-2022-43945, CVE-2023-1670, CVE-2023-1855, CVE-2023-1989, CVE-2023-1990, CVE-2023-1998, CVE-2023-2124, CVE-2023-2162, CVE-2023-2483, CVE-2023-30772 |
| runc=1.1.5-16.31.1 | CVE-2023-25809, CVE-2023-27561, CVE-2023-28642 | CVE-2023-25809, CVE-2023-27561, CVE-2023-28642 |
| git-core=2.26.2-27.69.1 | CVE-2023-25652 | CVE-2023-25652 |
| java-11-openjdk-headless=11.0.19.0-3.58.2 | CVE-2023-21930, CVE-2023-21937, CVE-2023-21938 | CVE-2023-21930, CVE-2023-21937, CVE-2023-21938 |
| docker=20.10.23_ce-98.89.1 | CVE-2022-36109 | CVE-2022-36109 |
| libsystemd0=228-157.52.1 libudev1=228-157.52.1 systemd-bash-completion=228-157.52.1 systemd-sysvinit=228-157.52.1 systemd=228-157.52.1 udev=228-157.52.1 |
CVE-2023-26604 | CVE-2023-26604 |
| samba-client-libs=4.15.13+git.594.449ec4a79a1-3.80.1 samba-libs-python3=4.15.13+git.594.449ec4a79a1-3.80.1 samba-libs=4.15.13+git.594.449ec4a79a1-3.80.1 |
CVE-2023-0922 | CVE-2023-0922 |
| libpython3_4m1_0=3.4.10-25.111.1 python3-base=3.4.10-25.111.1 python3=3.4.10-25.111.1 |
CVE-2023-24329 | CVE-2023-24329 |
| libncurses5=5.9-81.1 libncurses6=5.9-81.1 ncurses-utils=5.9-81.1 terminfo-base=5.9-81.1 terminfo=5.9-81.1 |
CVE-2023-29491 | CVE-2023-29491 |
| libpython3_6m1_0=3.6.15-46.1 python36-base=3.6.15-46.1 python36=3.6.15-46.1 |
CVE-2007-4559 | CVE-2007-4559 |
| emacs-info=24.3-25.12.1 emacs-nox=24.3-25.12.1 emacs=24.3-25.12.1 etags=24.3-25.12.1 |
CVE-2022-48337, CVE-2022-48339 | CVE-2022-48337, CVE-2022-48339 |
| curl=8.0.1-11.65.2 libcurl4=8.0.1-11.65.2 |
CVE-2023-28319 | CVE-2023-28319 |
| cloud-init-config-suse=20.2-37.57.1 cloud-init=20.2-37.57.1 |
CVE-2023-1786 | CVE-2023-1786 |
| sudo=1.8.27-4.38.1 | CVE-2023-28486 | CVE-2023-28486 |
| libopenssl1_0_0=1.0.2p-3.75.1 libopenssl1_1=1.1.1d-2.84.1 openssl-1_0_0=1.0.2p-3.75.1 |
CVE-2023-2650 | CVE-2023-2650 |
| libharfbuzz0=1.4.5-8.3.1 | CVE-2023-25193 | CVE-2023-25193 |
| glib2-lang=2.48.2-12.34.1 glib2-tools=2.48.2-12.34.1 libgio-2_0-0=2.48.2-12.34.1 libglib-2_0-0=2.48.2-12.34.1 libgmodule-2_0-0=2.48.2-12.34.1 libgobject-2_0-0=2.48.2-12.34.1 |
CVE-2023-24593 | CVE-2023-24593 |
| libxml2-2=2.9.4-46.62.1 libxml2-tools=2.9.4-46.62.1 |
CVE-2023-29469 | CVE-2023-29469 |
| dmidecode=3.0-10.6.1 | CVE-2023-30630 | CVE-2023-30630 |
| ntp=4.2.8p15-100.1 | CVE-2023-26551 | CVE-2023-26551 |
| cups-libs=1.7.5-20.39.1 | CVE-2023-32324 | CVE-2023-32324 |
PPDM Core
| Third Party Component | CVEs | More Information |
|---|---|---|
| openapi-generator 6.2.1 | CVE-2023-27162 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| Apache JAMES mime4j 0.7.2 | CVE-2022-45787 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| SnakeYAML1.33 | CVE-2022-1471 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| Spring Vault Core 2.3.2 | CVE-2023-20859 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| spring-security-oauth2-client 5.7.3 | CVE-2022-31690 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| Elastic search 7.17.8 | CVE-2022-38777 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| Xerial SQLite JDBC3.36.0.3 | CVE-2023-32697 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
PPDM Kubernetes cProxy:
| Third Party Component | CVEs | More Information |
|---|---|---|
| powerprotect-k8s-controller | CVE-2023-29405, CVE-2023-29404, CVE-2023-29402, CVE-2023-24540, CVE-2023-24538, CVE-2023-29403, CVE-2023-26604, CVE-2023-24537, CVE-2023-24536, CVE-2023-24534, CVE-2022-41725, CVE-2022-41724, CVE-2022-41723, CVE-2022-41716, CVE-2022-41715, CVE-2022-2880, CVE-2022-2879, CVE-2023-29400, CVE-2023-24539, CVE-2022-41723, CVE-2022-27664, CVE-2023-28322, CVE-2023-29491, CVE-2023-2650, CVE-2022-27774, CVE-2023-2953, CVE-2023-29469, CVE-2023-28484, CVE-2023-28319, CVE-2023-0465, CVE-2023-27538, CVE-2023-27536, CVE-2023-27535, CVE-2023-29383, CVE-2023-24532, CVE-2023-0464, CVE-2022-41717, CVE-2023-27534, CVE-2023-27533, CVE-2023-28321, CVE-2023-28320, CVE-2023-0466 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| powerprotect-cproxy | CVE-2023-29405 , CVE-2023-29404, CVE-2023-29402, CVE-2023-24540, CVE-2023-24538, CVE-2023-29403, CVE-2023-26604, CVE-2023-24537, CVE-2023-24536, CVE-2023-24534, CVE-2023-29400, CVE-2023-24539, CVE-2022-27191, CVE-2023-28322, CVE-2023-29491, CVE-2023-2650, CVE-2022-27774, CVE-2023-2953, CVE-2023-29469, CVE-2023-28484, CVE-2023-28319, CVE-2023-0465, CVE-2023-27538, CVE-2023-27536, CVE-2023-27535, CVE-2023-29383, CVE-2023-24532, CVE-2023-0464, CVE-2023-27534, CVE-2023-27533, CVE-2023-28321, CVE-2023-28320, CVE-2023-0466 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| powerprotect-velero-dd | CVE-2023-29405, CVE-2023-29404CVE-2023-29402, CVE-2023-24540CVE-2023-24538, CVE-2023-29403CVE-2023-26604, CVE-2023-24537CVE-2023-24536, CVE-2023-24534CVE-2023-29400, CVE-2023-24539CVE-2022-41723, CVE-2022-27664CVE-2023-28322, CVE-2023-29491, CVE-2023-2650, CVE-2022-27774CVE-2023-2953, CVE-2023-29469CVE-2023-28484, CVE-2023-28319CVE-2023-0465, CVE-2023-27538CVE-2023-27536, CVE-2023-27535CVE-2023-29383, CVE-2023-24532CVE-2023-0464, CVE-2023-27534CVE-2023-27533, CVE-2023-28321CVE-2022-41717, CVE-2023-28320CVE-2023-0466 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
PPDM-UI:
| Third Party Component | CVEs | More Information |
|---|---|---|
| Webpack v5.74.0 | CVE-2023-28154 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| engine.io v6.2.1 | CVE-2023-31125 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
PPDM Cloud Disaster Recovery
| Third Party Component | CVEs | More Information |
|---|---|---|
| Jettison - Json Stax implementation1.5.2 | CVE-2023-1436 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| SnakeYaml 1.33 | CVE-2022-1471 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| json-smart2.4.8 | CVE-2023-1370 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| SpringFramework 5.3.25 | CVE-2023-20860, CVE-2023-20861, CVE-2023-20863 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
PPDM Native Reporting
| Third Party Component | CVEs | More Information |
|---|---|---|
| Apache Commons Compress 1.9 | CVE-2018-11771, CVE-2021-35515, CVE-2021-35516, CVE-2021-35517, CVE-2021-36090 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| jackson-databind 2.13.2.2 | CVE-2022-42003, CVE-2022-42004 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| RESTEasy 3.0.11.Final | CVE-2016-6346 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
Cloud Snapshot Manager
| Third Party Component | CVEs | More Information |
|---|---|---|
| gopkg.in/golang/text.v0#v0.3.6 | CVE-2022-32149, CVE-2021-38561 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| github: golang/text:v0.3.5 | CVE-2021-38561, CVE-2021-38561 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
PPDM Agents
| Third Party Component | CVEs | More Information |
|---|---|---|
| libxml2 2.9.14 | CVE-2022-40304, CVE-2022-40303, CVE-2023-29469, CVE-2023-28484 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| Apache Commons Net 3.8.0 | CVE-2021-37533 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| Apache Xerces2 J2.7.1 | CVE-2012-0881, CVE-2013-4002, CVE-2022-23437, CVE-2009-2625 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| GStreamer 0.10.35 | CVE-2016-9634, CVE-2016-9636, CVE-2016-9635, CVE-2019-9928, CVE-2022-1920, CVE-2022-1923, CVE-2022-1924, CVE-2022-2122, CVE-2022-1921, CVE-2022-1922, CVE-2021-3497, CVE-2016-9447, CVE-2016-9809, CVE-2022-1925, CVE-2017-5848, CVE-2017-5840, CVE-2016-10199, CVE-2016-9446, CVE-2017-5839, CVE-2017-5838, CVE-2016-9812, CVE-2017-5841, CVE-2017-5843, CVE-2017-5847, CVE-2016-9808, CVE-2017-5845, CVE-2015-0797, CVE-2016-10198, CVE-2021-3522, CVE-2017-5844, CVE-2016-9807, CVE-2017-5837, CVE-2017-5846, CVE-2016-9810, CVE-2016-9813, CVE-2017-5842, CVE-2016-9811 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| Java Platform Standard Edition (JRE) (J2RE) 8u51 |
CVE-2015-4881, CVE-2015-4860, CVE-2015-4844, CVE-2015-4883, CVE-2015-4805, CVE-2015-4843, CVE-2015-4835, CVE-2015-4868, CVE-2015-4806, CVE-2015-4803, CVE-2015-4903, CVE-2015-4734, CVE-2015-4882, CVE-2015-4893, CVE-2015-4872, CVE-2015-4911, CVE-2015-4840, CVE-2015-4842 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| libjpeg 7 | CVE-2020-14152 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| libpng 1.6.16 | CVE-2017-12652, CVE-2016-3751, CVE-2015-8126, CVE-2016-10087, CVE-2015-8472, CVE-2019-7317 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| PCRE 8.00 | CVE-2015-8389, CVE-2015-8386, CVE-2015-8390, CVE-2015-8394, CVE-2015-8391, CVE-2016-3191, CVE-2015-8383, CVE-2015-5073, CVE-2015-2325, CVE-2015-8393, CVE-2019-20838, CVE-2015-8381, CVE-2017-6004, CVE-2015-8380, CVE-2015-8395, CVE-2015-8392, CVE-2015-2327, CVE-2015-2328, CVE-2015-8388, CVE-2015-8384, CVE-2015-8385, CVE-2015-8387, CVE-2015-2326, CVE-2020-14155, CVE-2014-8964 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| SQLite 3.7.16.2 | CVE-2015-5895, CVE-2019-8457, CVE-2020-11656, CVE-2019-19646, CVE-2017-10989, CVE-2018-20346, CVE-2018-20506, CVE-2015-3414, CVE-2015-3416, CVE-2018-20505, CVE-2022-35737, CVE-2018-8740, CVE-2020-11655, CVE-2015-3415, CVE-2015-3717, CVE-2020-13630, CVE-2015-6607, CVE-2020-13435, CVE-2019-19645, CVE-2020-15358, CVE-2020-13631, CVE-2020-13434, CVE-2020-13632, CVE-2016-6153 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| zlib 1.2.8 | CVE-2016-9841, CVE-2022-37434, CVE-2016-9843, CVE-2016-9842, CVE-2016-9840, CVE-2018-25032 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| curl 7.87.0 | CVE-2023-23914, CVE-2023-27534, CVE-2023-27533, CVE-2023-27535, CVE-2023-28319, CVE-2023-23915, CVE-2023-23916, CVE-2023-27536, CVE-2023-28320, CVE-2023-28321, CVE-2023-27538, CVE-2023-28322 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| libxml2 2.10.3 | CVE-2023-28484, CVE-2023-29469 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
Operating System Components CVE Details:
PPDM Core
PPDM Kubernetes cProxy:
PPDM-UI:
PPDM Cloud Disaster Recovery
PPDM Native Reporting
Cloud Snapshot Manager
PPDM Agents
| Third Party Component | CVEs | More Information |
|---|---|---|
| python3-cffi=1.11.5-5.19.1 | CVE-2023-23931 | CVE-2023-23931 |
| python3-cryptography=2.8-7.40.1 | CVE-2023-23931 | CVE-2023-23931 |
| libldap-2_4-2=2.4.41-22.19.1 | CVE-2023-2953 | CVE-2023-2953 |
| supportutils=3.0.11-95.54.1 | CVE-2022-45154 | CVE-2022-45154 |
| shadow=4.2.1-36.3.1 | CVE-2023-29383 | CVE-2023-29383 |
| libxslt-tools=1.1.28-17.15.1 libxslt1=1.1.28-17.15.1 |
CVE-2021-30560 | CVE-2021-30560 |
| libavahi-client3=0.6.32-32.18.1 libavahi-common3=0.6.32-32.18.1 |
CVE-2023-1981 | CVE-2023-1981 |
| libpq5=15.3-3.9.1 postgresql14-server=14.8-3.23.1 postgresql14=14.8-3.23.1 |
CVE-2023-2454, CVE-2023-2455 | CVE-2023-2454, CVE-2023-2455 |
| ucode-intel=20230512-3.52.1 | CVE-2022-33972 | CVE-2022-33972 |
| containerd=1.6.19-16.79.1 | CVE-2023-25153, CVE-2023-25173 | CVE-2023-25153, CVE-2023-25173 |
| vim-data-common=9.0.1386-17.15.4 vim-data=9.0.1386-17.15.4 vim=9.0.1386-17.15.4 |
CVE-2023-0512, CVE-2023-1127, CVE-2023-1170, CVE-2023-1175 | CVE-2023-0512, CVE-2023-1127, CVE-2023-1170, CVE-2023-1175 |
| kernel-default=4.12.14-122.159.1 | CVE-2022-43945, CVE-2023-1670, CVE-2023-1855, CVE-2023-1989, CVE-2023-1990, CVE-2023-1998, CVE-2023-2124, CVE-2023-2162, CVE-2023-2483, CVE-2023-30772 | CVE-2022-43945, CVE-2023-1670, CVE-2023-1855, CVE-2023-1989, CVE-2023-1990, CVE-2023-1998, CVE-2023-2124, CVE-2023-2162, CVE-2023-2483, CVE-2023-30772 |
| runc=1.1.5-16.31.1 | CVE-2023-25809, CVE-2023-27561, CVE-2023-28642 | CVE-2023-25809, CVE-2023-27561, CVE-2023-28642 |
| git-core=2.26.2-27.69.1 | CVE-2023-25652 | CVE-2023-25652 |
| java-11-openjdk-headless=11.0.19.0-3.58.2 | CVE-2023-21930, CVE-2023-21937, CVE-2023-21938 | CVE-2023-21930, CVE-2023-21937, CVE-2023-21938 |
| docker=20.10.23_ce-98.89.1 | CVE-2022-36109 | CVE-2022-36109 |
| libsystemd0=228-157.52.1 libudev1=228-157.52.1 systemd-bash-completion=228-157.52.1 systemd-sysvinit=228-157.52.1 systemd=228-157.52.1 udev=228-157.52.1 |
CVE-2023-26604 | CVE-2023-26604 |
| samba-client-libs=4.15.13+git.594.449ec4a79a1-3.80.1 samba-libs-python3=4.15.13+git.594.449ec4a79a1-3.80.1 samba-libs=4.15.13+git.594.449ec4a79a1-3.80.1 |
CVE-2023-0922 | CVE-2023-0922 |
| libpython3_4m1_0=3.4.10-25.111.1 python3-base=3.4.10-25.111.1 python3=3.4.10-25.111.1 |
CVE-2023-24329 | CVE-2023-24329 |
| libncurses5=5.9-81.1 libncurses6=5.9-81.1 ncurses-utils=5.9-81.1 terminfo-base=5.9-81.1 terminfo=5.9-81.1 |
CVE-2023-29491 | CVE-2023-29491 |
| libpython3_6m1_0=3.6.15-46.1 python36-base=3.6.15-46.1 python36=3.6.15-46.1 |
CVE-2007-4559 | CVE-2007-4559 |
| emacs-info=24.3-25.12.1 emacs-nox=24.3-25.12.1 emacs=24.3-25.12.1 etags=24.3-25.12.1 |
CVE-2022-48337, CVE-2022-48339 | CVE-2022-48337, CVE-2022-48339 |
| curl=8.0.1-11.65.2 libcurl4=8.0.1-11.65.2 |
CVE-2023-28319 | CVE-2023-28319 |
| cloud-init-config-suse=20.2-37.57.1 cloud-init=20.2-37.57.1 |
CVE-2023-1786 | CVE-2023-1786 |
| sudo=1.8.27-4.38.1 | CVE-2023-28486 | CVE-2023-28486 |
| libopenssl1_0_0=1.0.2p-3.75.1 libopenssl1_1=1.1.1d-2.84.1 openssl-1_0_0=1.0.2p-3.75.1 |
CVE-2023-2650 | CVE-2023-2650 |
| libharfbuzz0=1.4.5-8.3.1 | CVE-2023-25193 | CVE-2023-25193 |
| glib2-lang=2.48.2-12.34.1 glib2-tools=2.48.2-12.34.1 libgio-2_0-0=2.48.2-12.34.1 libglib-2_0-0=2.48.2-12.34.1 libgmodule-2_0-0=2.48.2-12.34.1 libgobject-2_0-0=2.48.2-12.34.1 |
CVE-2023-24593 | CVE-2023-24593 |
| libxml2-2=2.9.4-46.62.1 libxml2-tools=2.9.4-46.62.1 |
CVE-2023-29469 | CVE-2023-29469 |
| dmidecode=3.0-10.6.1 | CVE-2023-30630 | CVE-2023-30630 |
| ntp=4.2.8p15-100.1 | CVE-2023-26551 | CVE-2023-26551 |
| cups-libs=1.7.5-20.39.1 | CVE-2023-32324 | CVE-2023-32324 |
PPDM Core
| Third Party Component | CVEs | More Information |
|---|---|---|
| openapi-generator 6.2.1 | CVE-2023-27162 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| Apache JAMES mime4j 0.7.2 | CVE-2022-45787 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| SnakeYAML1.33 | CVE-2022-1471 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| Spring Vault Core 2.3.2 | CVE-2023-20859 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| spring-security-oauth2-client 5.7.3 | CVE-2022-31690 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| Elastic search 7.17.8 | CVE-2022-38777 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| Xerial SQLite JDBC3.36.0.3 | CVE-2023-32697 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
PPDM Kubernetes cProxy:
| Third Party Component | CVEs | More Information |
|---|---|---|
| powerprotect-k8s-controller | CVE-2023-29405, CVE-2023-29404, CVE-2023-29402, CVE-2023-24540, CVE-2023-24538, CVE-2023-29403, CVE-2023-26604, CVE-2023-24537, CVE-2023-24536, CVE-2023-24534, CVE-2022-41725, CVE-2022-41724, CVE-2022-41723, CVE-2022-41716, CVE-2022-41715, CVE-2022-2880, CVE-2022-2879, CVE-2023-29400, CVE-2023-24539, CVE-2022-41723, CVE-2022-27664, CVE-2023-28322, CVE-2023-29491, CVE-2023-2650, CVE-2022-27774, CVE-2023-2953, CVE-2023-29469, CVE-2023-28484, CVE-2023-28319, CVE-2023-0465, CVE-2023-27538, CVE-2023-27536, CVE-2023-27535, CVE-2023-29383, CVE-2023-24532, CVE-2023-0464, CVE-2022-41717, CVE-2023-27534, CVE-2023-27533, CVE-2023-28321, CVE-2023-28320, CVE-2023-0466 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| powerprotect-cproxy | CVE-2023-29405 , CVE-2023-29404, CVE-2023-29402, CVE-2023-24540, CVE-2023-24538, CVE-2023-29403, CVE-2023-26604, CVE-2023-24537, CVE-2023-24536, CVE-2023-24534, CVE-2023-29400, CVE-2023-24539, CVE-2022-27191, CVE-2023-28322, CVE-2023-29491, CVE-2023-2650, CVE-2022-27774, CVE-2023-2953, CVE-2023-29469, CVE-2023-28484, CVE-2023-28319, CVE-2023-0465, CVE-2023-27538, CVE-2023-27536, CVE-2023-27535, CVE-2023-29383, CVE-2023-24532, CVE-2023-0464, CVE-2023-27534, CVE-2023-27533, CVE-2023-28321, CVE-2023-28320, CVE-2023-0466 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| powerprotect-velero-dd | CVE-2023-29405, CVE-2023-29404CVE-2023-29402, CVE-2023-24540CVE-2023-24538, CVE-2023-29403CVE-2023-26604, CVE-2023-24537CVE-2023-24536, CVE-2023-24534CVE-2023-29400, CVE-2023-24539CVE-2022-41723, CVE-2022-27664CVE-2023-28322, CVE-2023-29491, CVE-2023-2650, CVE-2022-27774CVE-2023-2953, CVE-2023-29469CVE-2023-28484, CVE-2023-28319CVE-2023-0465, CVE-2023-27538CVE-2023-27536, CVE-2023-27535CVE-2023-29383, CVE-2023-24532CVE-2023-0464, CVE-2023-27534CVE-2023-27533, CVE-2023-28321CVE-2022-41717, CVE-2023-28320CVE-2023-0466 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
PPDM-UI:
| Third Party Component | CVEs | More Information |
|---|---|---|
| Webpack v5.74.0 | CVE-2023-28154 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| engine.io v6.2.1 | CVE-2023-31125 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
PPDM Cloud Disaster Recovery
| Third Party Component | CVEs | More Information |
|---|---|---|
| Jettison - Json Stax implementation1.5.2 | CVE-2023-1436 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| SnakeYaml 1.33 | CVE-2022-1471 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| json-smart2.4.8 | CVE-2023-1370 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| SpringFramework 5.3.25 | CVE-2023-20860, CVE-2023-20861, CVE-2023-20863 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
PPDM Native Reporting
| Third Party Component | CVEs | More Information |
|---|---|---|
| Apache Commons Compress 1.9 | CVE-2018-11771, CVE-2021-35515, CVE-2021-35516, CVE-2021-35517, CVE-2021-36090 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| jackson-databind 2.13.2.2 | CVE-2022-42003, CVE-2022-42004 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| RESTEasy 3.0.11.Final | CVE-2016-6346 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
Cloud Snapshot Manager
| Third Party Component | CVEs | More Information |
|---|---|---|
| gopkg.in/golang/text.v0#v0.3.6 | CVE-2022-32149, CVE-2021-38561 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| github: golang/text:v0.3.5 | CVE-2021-38561, CVE-2021-38561 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
PPDM Agents
| Third Party Component | CVEs | More Information |
|---|---|---|
| libxml2 2.9.14 | CVE-2022-40304, CVE-2022-40303, CVE-2023-29469, CVE-2023-28484 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| Apache Commons Net 3.8.0 | CVE-2021-37533 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| Apache Xerces2 J2.7.1 | CVE-2012-0881, CVE-2013-4002, CVE-2022-23437, CVE-2009-2625 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| GStreamer 0.10.35 | CVE-2016-9634, CVE-2016-9636, CVE-2016-9635, CVE-2019-9928, CVE-2022-1920, CVE-2022-1923, CVE-2022-1924, CVE-2022-2122, CVE-2022-1921, CVE-2022-1922, CVE-2021-3497, CVE-2016-9447, CVE-2016-9809, CVE-2022-1925, CVE-2017-5848, CVE-2017-5840, CVE-2016-10199, CVE-2016-9446, CVE-2017-5839, CVE-2017-5838, CVE-2016-9812, CVE-2017-5841, CVE-2017-5843, CVE-2017-5847, CVE-2016-9808, CVE-2017-5845, CVE-2015-0797, CVE-2016-10198, CVE-2021-3522, CVE-2017-5844, CVE-2016-9807, CVE-2017-5837, CVE-2017-5846, CVE-2016-9810, CVE-2016-9813, CVE-2017-5842, CVE-2016-9811 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| Java Platform Standard Edition (JRE) (J2RE) 8u51 |
CVE-2015-4881, CVE-2015-4860, CVE-2015-4844, CVE-2015-4883, CVE-2015-4805, CVE-2015-4843, CVE-2015-4835, CVE-2015-4868, CVE-2015-4806, CVE-2015-4803, CVE-2015-4903, CVE-2015-4734, CVE-2015-4882, CVE-2015-4893, CVE-2015-4872, CVE-2015-4911, CVE-2015-4840, CVE-2015-4842 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| libjpeg 7 | CVE-2020-14152 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| libpng 1.6.16 | CVE-2017-12652, CVE-2016-3751, CVE-2015-8126, CVE-2016-10087, CVE-2015-8472, CVE-2019-7317 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| PCRE 8.00 | CVE-2015-8389, CVE-2015-8386, CVE-2015-8390, CVE-2015-8394, CVE-2015-8391, CVE-2016-3191, CVE-2015-8383, CVE-2015-5073, CVE-2015-2325, CVE-2015-8393, CVE-2019-20838, CVE-2015-8381, CVE-2017-6004, CVE-2015-8380, CVE-2015-8395, CVE-2015-8392, CVE-2015-2327, CVE-2015-2328, CVE-2015-8388, CVE-2015-8384, CVE-2015-8385, CVE-2015-8387, CVE-2015-2326, CVE-2020-14155, CVE-2014-8964 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| SQLite 3.7.16.2 | CVE-2015-5895, CVE-2019-8457, CVE-2020-11656, CVE-2019-19646, CVE-2017-10989, CVE-2018-20346, CVE-2018-20506, CVE-2015-3414, CVE-2015-3416, CVE-2018-20505, CVE-2022-35737, CVE-2018-8740, CVE-2020-11655, CVE-2015-3415, CVE-2015-3717, CVE-2020-13630, CVE-2015-6607, CVE-2020-13435, CVE-2019-19645, CVE-2020-15358, CVE-2020-13631, CVE-2020-13434, CVE-2020-13632, CVE-2016-6153 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| zlib 1.2.8 | CVE-2016-9841, CVE-2022-37434, CVE-2016-9843, CVE-2016-9842, CVE-2016-9840, CVE-2018-25032 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| curl 7.87.0 | CVE-2023-23914, CVE-2023-27534, CVE-2023-27533, CVE-2023-27535, CVE-2023-28319, CVE-2023-23915, CVE-2023-23916, CVE-2023-27536, CVE-2023-28320, CVE-2023-28321, CVE-2023-27538, CVE-2023-28322 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| libxml2 2.10.3 | CVE-2023-28484, CVE-2023-29469 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
Affected Products and Remediation
| Product | Affected Versions | Remediated Versions | Link to Update | |
|---|---|---|---|---|
| Dell PowerProtect Data Manager | 19.13 and prior | 19.14 and later | PPDM 19.14 drivers and downloads |
|
| Product | Affected Versions | Remediated Versions | Link to Update | |
|---|---|---|---|---|
| Dell PowerProtect Data Manager | 19.13 and prior | 19.14 and later | PPDM 19.14 drivers and downloads |
|
Note: The table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
Revision History
| Revision | Date | Description |
|---|---|---|
| 1.0 | 2023-07-19 | Initial Release |
Related Information
Legal Information
Article Properties
Affected Product
PowerProtect Data Manager Software
Last Published Date
19 Jul 2023
Version
2
Article Type
Dell Security Advisory