DSA-2023-262: Security Update for Dell PowerProtect Data Manager
Summary: Dell PowerProtect Data Manager remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Impact
Critical
Details
Operating System Components CVE Details:
PPDM Core
PPDM Kubernetes cProxy:
PPDM-UI:
PPDM Cloud Disaster Recovery
PPDM Native Reporting
Cloud Snapshot Manager
PPDM Agents
| Third Party Component | CVEs | More Information |
|---|---|---|
| python3-cffi=1.11.5-5.19.1 | CVE-2023-23931 | CVE-2023-23931  |
| python3-cryptography=2.8-7.40.1 | CVE-2023-23931 | CVE-2023-23931 |
| libldap-2_4-2=2.4.41-22.19.1 | CVE-2023-2953 | CVE-2023-2953 |
| supportutils=3.0.11-95.54.1 | CVE-2022-45154 | CVE-2022-45154 |
| shadow=4.2.1-36.3.1 | CVE-2023-29383 | CVE-2023-29383 |
| libxslt-tools=1.1.28-17.15.1 libxslt1=1.1.28-17.15.1 |
CVE-2021-30560 | CVE-2021-30560 |
| libavahi-client3=0.6.32-32.18.1 libavahi-common3=0.6.32-32.18.1 |
CVE-2023-1981 | CVE-2023-1981 |
| libpq5=15.3-3.9.1 postgresql14-server=14.8-3.23.1 postgresql14=14.8-3.23.1 |
CVE-2023-2454, CVE-2023-2455 | CVE-2023-2454, CVE-2023-2455 |
| ucode-intel=20230512-3.52.1 | CVE-2022-33972 | CVE-2022-33972 |
| containerd=1.6.19-16.79.1 | CVE-2023-25153, CVE-2023-25173 | CVE-2023-25153, CVE-2023-25173 |
| vim-data-common=9.0.1386-17.15.4 vim-data=9.0.1386-17.15.4 vim=9.0.1386-17.15.4 |
CVE-2023-0512, CVE-2023-1127, CVE-2023-1170, CVE-2023-1175 | CVE-2023-0512, CVE-2023-1127, CVE-2023-1170, CVE-2023-1175 |
| kernel-default=4.12.14-122.159.1 | CVE-2022-43945, CVE-2023-1670, CVE-2023-1855, CVE-2023-1989, CVE-2023-1990, CVE-2023-1998, CVE-2023-2124, CVE-2023-2162, CVE-2023-2483, CVE-2023-30772 | CVE-2022-43945, CVE-2023-1670, CVE-2023-1855, CVE-2023-1989, CVE-2023-1990, CVE-2023-1998, CVE-2023-2124, CVE-2023-2162, CVE-2023-2483, CVE-2023-30772 |
| runc=1.1.5-16.31.1 | CVE-2023-25809, CVE-2023-27561, CVE-2023-28642 | CVE-2023-25809, CVE-2023-27561, CVE-2023-28642 |
| git-core=2.26.2-27.69.1 | CVE-2023-25652 | CVE-2023-25652 |
| java-11-openjdk-headless=11.0.19.0-3.58.2 | CVE-2023-21930, CVE-2023-21937, CVE-2023-21938 | CVE-2023-21930, CVE-2023-21937, CVE-2023-21938 |
| docker=20.10.23_ce-98.89.1 | CVE-2022-36109 | CVE-2022-36109 |
| libsystemd0=228-157.52.1 libudev1=228-157.52.1 systemd-bash-completion=228-157.52.1 systemd-sysvinit=228-157.52.1 systemd=228-157.52.1 udev=228-157.52.1 |
CVE-2023-26604 | CVE-2023-26604 |
| samba-client-libs=4.15.13+git.594.449ec4a79a1-3.80.1 samba-libs-python3=4.15.13+git.594.449ec4a79a1-3.80.1 samba-libs=4.15.13+git.594.449ec4a79a1-3.80.1 |
CVE-2023-0922 | CVE-2023-0922 |
| libpython3_4m1_0=3.4.10-25.111.1 python3-base=3.4.10-25.111.1 python3=3.4.10-25.111.1 |
CVE-2023-24329 | CVE-2023-24329 |
| libncurses5=5.9-81.1 libncurses6=5.9-81.1 ncurses-utils=5.9-81.1 terminfo-base=5.9-81.1 terminfo=5.9-81.1 |
CVE-2023-29491 | CVE-2023-29491 |
| libpython3_6m1_0=3.6.15-46.1 python36-base=3.6.15-46.1 python36=3.6.15-46.1 |
CVE-2007-4559 | CVE-2007-4559 |
| emacs-info=24.3-25.12.1 emacs-nox=24.3-25.12.1 emacs=24.3-25.12.1 etags=24.3-25.12.1 |
CVE-2022-48337, CVE-2022-48339 | CVE-2022-48337, CVE-2022-48339 |
| curl=8.0.1-11.65.2 libcurl4=8.0.1-11.65.2 |
CVE-2023-28319 | CVE-2023-28319 |
| cloud-init-config-suse=20.2-37.57.1 cloud-init=20.2-37.57.1 |
CVE-2023-1786 | CVE-2023-1786 |
| sudo=1.8.27-4.38.1 | CVE-2023-28486 | CVE-2023-28486 |
| libopenssl1_0_0=1.0.2p-3.75.1 libopenssl1_1=1.1.1d-2.84.1 openssl-1_0_0=1.0.2p-3.75.1 |
CVE-2023-2650 | CVE-2023-2650 |
| libharfbuzz0=1.4.5-8.3.1 | CVE-2023-25193 | CVE-2023-25193 |
| glib2-lang=2.48.2-12.34.1 glib2-tools=2.48.2-12.34.1 libgio-2_0-0=2.48.2-12.34.1 libglib-2_0-0=2.48.2-12.34.1 libgmodule-2_0-0=2.48.2-12.34.1 libgobject-2_0-0=2.48.2-12.34.1 |
CVE-2023-24593 | CVE-2023-24593 |
| libxml2-2=2.9.4-46.62.1 libxml2-tools=2.9.4-46.62.1 |
CVE-2023-29469 | CVE-2023-29469 |
| dmidecode=3.0-10.6.1 | CVE-2023-30630 | CVE-2023-30630 |
| ntp=4.2.8p15-100.1 | CVE-2023-26551 | CVE-2023-26551 |
| cups-libs=1.7.5-20.39.1 | CVE-2023-32324 | CVE-2023-32324 |
PPDM Core
| Third Party Component | CVEs | More Information |
|---|---|---|
| openapi-generator 6.2.1 | CVE-2023-27162 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| Apache JAMES mime4j 0.7.2 | CVE-2022-45787 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| SnakeYAML1.33 | CVE-2022-1471 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| Spring Vault Core 2.3.2 | CVE-2023-20859 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| spring-security-oauth2-client 5.7.3 | CVE-2022-31690 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| Elastic search 7.17.8 | CVE-2022-38777 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| Xerial SQLite JDBC3.36.0.3 | CVE-2023-32697 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
PPDM Kubernetes cProxy:
| Third Party Component | CVEs | More Information |
|---|---|---|
| powerprotect-k8s-controller | CVE-2023-29405, CVE-2023-29404, CVE-2023-29402, CVE-2023-24540, CVE-2023-24538, CVE-2023-29403, CVE-2023-26604, CVE-2023-24537, CVE-2023-24536, CVE-2023-24534, CVE-2022-41725, CVE-2022-41724, CVE-2022-41723, CVE-2022-41716, CVE-2022-41715, CVE-2022-2880, CVE-2022-2879, CVE-2023-29400, CVE-2023-24539, CVE-2022-41723, CVE-2022-27664, CVE-2023-28322, CVE-2023-29491, CVE-2023-2650, CVE-2022-27774, CVE-2023-2953, CVE-2023-29469, CVE-2023-28484, CVE-2023-28319, CVE-2023-0465, CVE-2023-27538, CVE-2023-27536, CVE-2023-27535, CVE-2023-29383, CVE-2023-24532, CVE-2023-0464, CVE-2022-41717, CVE-2023-27534, CVE-2023-27533, CVE-2023-28321, CVE-2023-28320, CVE-2023-0466 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| powerprotect-cproxy | CVE-2023-29405 , CVE-2023-29404, CVE-2023-29402, CVE-2023-24540, CVE-2023-24538, CVE-2023-29403, CVE-2023-26604, CVE-2023-24537, CVE-2023-24536, CVE-2023-24534, CVE-2023-29400, CVE-2023-24539, CVE-2022-27191, CVE-2023-28322, CVE-2023-29491, CVE-2023-2650, CVE-2022-27774, CVE-2023-2953, CVE-2023-29469, CVE-2023-28484, CVE-2023-28319, CVE-2023-0465, CVE-2023-27538, CVE-2023-27536, CVE-2023-27535, CVE-2023-29383, CVE-2023-24532, CVE-2023-0464, CVE-2023-27534, CVE-2023-27533, CVE-2023-28321, CVE-2023-28320, CVE-2023-0466 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| powerprotect-velero-dd | CVE-2023-29405, CVE-2023-29404CVE-2023-29402, CVE-2023-24540CVE-2023-24538, CVE-2023-29403CVE-2023-26604, CVE-2023-24537CVE-2023-24536, CVE-2023-24534CVE-2023-29400, CVE-2023-24539CVE-2022-41723, CVE-2022-27664CVE-2023-28322, CVE-2023-29491, CVE-2023-2650, CVE-2022-27774CVE-2023-2953, CVE-2023-29469CVE-2023-28484, CVE-2023-28319CVE-2023-0465, CVE-2023-27538CVE-2023-27536, CVE-2023-27535CVE-2023-29383, CVE-2023-24532CVE-2023-0464, CVE-2023-27534CVE-2023-27533, CVE-2023-28321CVE-2022-41717, CVE-2023-28320CVE-2023-0466 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
PPDM-UI:
| Third Party Component | CVEs | More Information |
|---|---|---|
| Webpack v5.74.0 | CVE-2023-28154 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| engine.io v6.2.1 | CVE-2023-31125 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
PPDM Cloud Disaster Recovery
| Third Party Component | CVEs | More Information |
|---|---|---|
| Jettison - Json Stax implementation1.5.2 | CVE-2023-1436 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| SnakeYaml 1.33 | CVE-2022-1471 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| json-smart2.4.8 | CVE-2023-1370 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| SpringFramework 5.3.25 | CVE-2023-20860, CVE-2023-20861, CVE-2023-20863 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
PPDM Native Reporting
| Third Party Component | CVEs | More Information |
|---|---|---|
| Apache Commons Compress 1.9 | CVE-2018-11771, CVE-2021-35515, CVE-2021-35516, CVE-2021-35517, CVE-2021-36090 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| jackson-databind 2.13.2.2 | CVE-2022-42003, CVE-2022-42004 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| RESTEasy 3.0.11.Final | CVE-2016-6346 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
Cloud Snapshot Manager
| Third Party Component | CVEs | More Information |
|---|---|---|
| gopkg.in/golang/text.v0#v0.3.6 | CVE-2022-32149, CVE-2021-38561 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| github: golang/text:v0.3.5 | CVE-2021-38561, CVE-2021-38561 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
PPDM Agents
| Third Party Component | CVEs | More Information |
|---|---|---|
| libxml2 2.9.14 | CVE-2022-40304, CVE-2022-40303, CVE-2023-29469, CVE-2023-28484 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| Apache Commons Net 3.8.0 | CVE-2021-37533 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| Apache Xerces2 J2.7.1 | CVE-2012-0881, CVE-2013-4002, CVE-2022-23437, CVE-2009-2625 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| GStreamer 0.10.35 | CVE-2016-9634, CVE-2016-9636, CVE-2016-9635, CVE-2019-9928, CVE-2022-1920, CVE-2022-1923, CVE-2022-1924, CVE-2022-2122, CVE-2022-1921, CVE-2022-1922, CVE-2021-3497, CVE-2016-9447, CVE-2016-9809, CVE-2022-1925, CVE-2017-5848, CVE-2017-5840, CVE-2016-10199, CVE-2016-9446, CVE-2017-5839, CVE-2017-5838, CVE-2016-9812, CVE-2017-5841, CVE-2017-5843, CVE-2017-5847, CVE-2016-9808, CVE-2017-5845, CVE-2015-0797, CVE-2016-10198, CVE-2021-3522, CVE-2017-5844, CVE-2016-9807, CVE-2017-5837, CVE-2017-5846, CVE-2016-9810, CVE-2016-9813, CVE-2017-5842, CVE-2016-9811 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| Java Platform Standard Edition (JRE) (J2RE) 8u51 |
CVE-2015-4881, CVE-2015-4860, CVE-2015-4844, CVE-2015-4883, CVE-2015-4805, CVE-2015-4843, CVE-2015-4835, CVE-2015-4868, CVE-2015-4806, CVE-2015-4803, CVE-2015-4903, CVE-2015-4734, CVE-2015-4882, CVE-2015-4893, CVE-2015-4872, CVE-2015-4911, CVE-2015-4840, CVE-2015-4842 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| libjpeg 7 | CVE-2020-14152 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| libpng 1.6.16 | CVE-2017-12652, CVE-2016-3751, CVE-2015-8126, CVE-2016-10087, CVE-2015-8472, CVE-2019-7317 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| PCRE 8.00 | CVE-2015-8389, CVE-2015-8386, CVE-2015-8390, CVE-2015-8394, CVE-2015-8391, CVE-2016-3191, CVE-2015-8383, CVE-2015-5073, CVE-2015-2325, CVE-2015-8393, CVE-2019-20838, CVE-2015-8381, CVE-2017-6004, CVE-2015-8380, CVE-2015-8395, CVE-2015-8392, CVE-2015-2327, CVE-2015-2328, CVE-2015-8388, CVE-2015-8384, CVE-2015-8385, CVE-2015-8387, CVE-2015-2326, CVE-2020-14155, CVE-2014-8964 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| SQLite 3.7.16.2 | CVE-2015-5895, CVE-2019-8457, CVE-2020-11656, CVE-2019-19646, CVE-2017-10989, CVE-2018-20346, CVE-2018-20506, CVE-2015-3414, CVE-2015-3416, CVE-2018-20505, CVE-2022-35737, CVE-2018-8740, CVE-2020-11655, CVE-2015-3415, CVE-2015-3717, CVE-2020-13630, CVE-2015-6607, CVE-2020-13435, CVE-2019-19645, CVE-2020-15358, CVE-2020-13631, CVE-2020-13434, CVE-2020-13632, CVE-2016-6153 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| zlib 1.2.8 | CVE-2016-9841, CVE-2022-37434, CVE-2016-9843, CVE-2016-9842, CVE-2016-9840, CVE-2018-25032 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| curl 7.87.0 | CVE-2023-23914, CVE-2023-27534, CVE-2023-27533, CVE-2023-27535, CVE-2023-28319, CVE-2023-23915, CVE-2023-23916, CVE-2023-27536, CVE-2023-28320, CVE-2023-28321, CVE-2023-27538, CVE-2023-28322 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| libxml2 2.10.3 | CVE-2023-28484, CVE-2023-29469 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
Operating System Components CVE Details:
PPDM Core
PPDM Kubernetes cProxy:
PPDM-UI:
PPDM Cloud Disaster Recovery
PPDM Native Reporting
Cloud Snapshot Manager
PPDM Agents
| Third Party Component | CVEs | More Information |
|---|---|---|
| python3-cffi=1.11.5-5.19.1 | CVE-2023-23931 | CVE-2023-23931 |
| python3-cryptography=2.8-7.40.1 | CVE-2023-23931 | CVE-2023-23931 |
| libldap-2_4-2=2.4.41-22.19.1 | CVE-2023-2953 | CVE-2023-2953 |
| supportutils=3.0.11-95.54.1 | CVE-2022-45154 | CVE-2022-45154 |
| shadow=4.2.1-36.3.1 | CVE-2023-29383 | CVE-2023-29383 |
| libxslt-tools=1.1.28-17.15.1 libxslt1=1.1.28-17.15.1 |
CVE-2021-30560 | CVE-2021-30560 |
| libavahi-client3=0.6.32-32.18.1 libavahi-common3=0.6.32-32.18.1 |
CVE-2023-1981 | CVE-2023-1981 |
| libpq5=15.3-3.9.1 postgresql14-server=14.8-3.23.1 postgresql14=14.8-3.23.1 |
CVE-2023-2454, CVE-2023-2455 | CVE-2023-2454, CVE-2023-2455 |
| ucode-intel=20230512-3.52.1 | CVE-2022-33972 | CVE-2022-33972 |
| containerd=1.6.19-16.79.1 | CVE-2023-25153, CVE-2023-25173 | CVE-2023-25153, CVE-2023-25173 |
| vim-data-common=9.0.1386-17.15.4 vim-data=9.0.1386-17.15.4 vim=9.0.1386-17.15.4 |
CVE-2023-0512, CVE-2023-1127, CVE-2023-1170, CVE-2023-1175 | CVE-2023-0512, CVE-2023-1127, CVE-2023-1170, CVE-2023-1175 |
| kernel-default=4.12.14-122.159.1 | CVE-2022-43945, CVE-2023-1670, CVE-2023-1855, CVE-2023-1989, CVE-2023-1990, CVE-2023-1998, CVE-2023-2124, CVE-2023-2162, CVE-2023-2483, CVE-2023-30772 | CVE-2022-43945, CVE-2023-1670, CVE-2023-1855, CVE-2023-1989, CVE-2023-1990, CVE-2023-1998, CVE-2023-2124, CVE-2023-2162, CVE-2023-2483, CVE-2023-30772 |
| runc=1.1.5-16.31.1 | CVE-2023-25809, CVE-2023-27561, CVE-2023-28642 | CVE-2023-25809, CVE-2023-27561, CVE-2023-28642 |
| git-core=2.26.2-27.69.1 | CVE-2023-25652 | CVE-2023-25652 |
| java-11-openjdk-headless=11.0.19.0-3.58.2 | CVE-2023-21930, CVE-2023-21937, CVE-2023-21938 | CVE-2023-21930, CVE-2023-21937, CVE-2023-21938 |
| docker=20.10.23_ce-98.89.1 | CVE-2022-36109 | CVE-2022-36109 |
| libsystemd0=228-157.52.1 libudev1=228-157.52.1 systemd-bash-completion=228-157.52.1 systemd-sysvinit=228-157.52.1 systemd=228-157.52.1 udev=228-157.52.1 |
CVE-2023-26604 | CVE-2023-26604 |
| samba-client-libs=4.15.13+git.594.449ec4a79a1-3.80.1 samba-libs-python3=4.15.13+git.594.449ec4a79a1-3.80.1 samba-libs=4.15.13+git.594.449ec4a79a1-3.80.1 |
CVE-2023-0922 | CVE-2023-0922 |
| libpython3_4m1_0=3.4.10-25.111.1 python3-base=3.4.10-25.111.1 python3=3.4.10-25.111.1 |
CVE-2023-24329 | CVE-2023-24329 |
| libncurses5=5.9-81.1 libncurses6=5.9-81.1 ncurses-utils=5.9-81.1 terminfo-base=5.9-81.1 terminfo=5.9-81.1 |
CVE-2023-29491 | CVE-2023-29491 |
| libpython3_6m1_0=3.6.15-46.1 python36-base=3.6.15-46.1 python36=3.6.15-46.1 |
CVE-2007-4559 | CVE-2007-4559 |
| emacs-info=24.3-25.12.1 emacs-nox=24.3-25.12.1 emacs=24.3-25.12.1 etags=24.3-25.12.1 |
CVE-2022-48337, CVE-2022-48339 | CVE-2022-48337, CVE-2022-48339 |
| curl=8.0.1-11.65.2 libcurl4=8.0.1-11.65.2 |
CVE-2023-28319 | CVE-2023-28319 |
| cloud-init-config-suse=20.2-37.57.1 cloud-init=20.2-37.57.1 |
CVE-2023-1786 | CVE-2023-1786 |
| sudo=1.8.27-4.38.1 | CVE-2023-28486 | CVE-2023-28486 |
| libopenssl1_0_0=1.0.2p-3.75.1 libopenssl1_1=1.1.1d-2.84.1 openssl-1_0_0=1.0.2p-3.75.1 |
CVE-2023-2650 | CVE-2023-2650 |
| libharfbuzz0=1.4.5-8.3.1 | CVE-2023-25193 | CVE-2023-25193 |
| glib2-lang=2.48.2-12.34.1 glib2-tools=2.48.2-12.34.1 libgio-2_0-0=2.48.2-12.34.1 libglib-2_0-0=2.48.2-12.34.1 libgmodule-2_0-0=2.48.2-12.34.1 libgobject-2_0-0=2.48.2-12.34.1 |
CVE-2023-24593 | CVE-2023-24593 |
| libxml2-2=2.9.4-46.62.1 libxml2-tools=2.9.4-46.62.1 |
CVE-2023-29469 | CVE-2023-29469 |
| dmidecode=3.0-10.6.1 | CVE-2023-30630 | CVE-2023-30630 |
| ntp=4.2.8p15-100.1 | CVE-2023-26551 | CVE-2023-26551 |
| cups-libs=1.7.5-20.39.1 | CVE-2023-32324 | CVE-2023-32324 |
PPDM Core
| Third Party Component | CVEs | More Information |
|---|---|---|
| openapi-generator 6.2.1 | CVE-2023-27162 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| Apache JAMES mime4j 0.7.2 | CVE-2022-45787 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| SnakeYAML1.33 | CVE-2022-1471 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| Spring Vault Core 2.3.2 | CVE-2023-20859 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| spring-security-oauth2-client 5.7.3 | CVE-2022-31690 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| Elastic search 7.17.8 | CVE-2022-38777 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| Xerial SQLite JDBC3.36.0.3 | CVE-2023-32697 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
PPDM Kubernetes cProxy:
| Third Party Component | CVEs | More Information |
|---|---|---|
| powerprotect-k8s-controller | CVE-2023-29405, CVE-2023-29404, CVE-2023-29402, CVE-2023-24540, CVE-2023-24538, CVE-2023-29403, CVE-2023-26604, CVE-2023-24537, CVE-2023-24536, CVE-2023-24534, CVE-2022-41725, CVE-2022-41724, CVE-2022-41723, CVE-2022-41716, CVE-2022-41715, CVE-2022-2880, CVE-2022-2879, CVE-2023-29400, CVE-2023-24539, CVE-2022-41723, CVE-2022-27664, CVE-2023-28322, CVE-2023-29491, CVE-2023-2650, CVE-2022-27774, CVE-2023-2953, CVE-2023-29469, CVE-2023-28484, CVE-2023-28319, CVE-2023-0465, CVE-2023-27538, CVE-2023-27536, CVE-2023-27535, CVE-2023-29383, CVE-2023-24532, CVE-2023-0464, CVE-2022-41717, CVE-2023-27534, CVE-2023-27533, CVE-2023-28321, CVE-2023-28320, CVE-2023-0466 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| powerprotect-cproxy | CVE-2023-29405 , CVE-2023-29404, CVE-2023-29402, CVE-2023-24540, CVE-2023-24538, CVE-2023-29403, CVE-2023-26604, CVE-2023-24537, CVE-2023-24536, CVE-2023-24534, CVE-2023-29400, CVE-2023-24539, CVE-2022-27191, CVE-2023-28322, CVE-2023-29491, CVE-2023-2650, CVE-2022-27774, CVE-2023-2953, CVE-2023-29469, CVE-2023-28484, CVE-2023-28319, CVE-2023-0465, CVE-2023-27538, CVE-2023-27536, CVE-2023-27535, CVE-2023-29383, CVE-2023-24532, CVE-2023-0464, CVE-2023-27534, CVE-2023-27533, CVE-2023-28321, CVE-2023-28320, CVE-2023-0466 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| powerprotect-velero-dd | CVE-2023-29405, CVE-2023-29404CVE-2023-29402, CVE-2023-24540CVE-2023-24538, CVE-2023-29403CVE-2023-26604, CVE-2023-24537CVE-2023-24536, CVE-2023-24534CVE-2023-29400, CVE-2023-24539CVE-2022-41723, CVE-2022-27664CVE-2023-28322, CVE-2023-29491, CVE-2023-2650, CVE-2022-27774CVE-2023-2953, CVE-2023-29469CVE-2023-28484, CVE-2023-28319CVE-2023-0465, CVE-2023-27538CVE-2023-27536, CVE-2023-27535CVE-2023-29383, CVE-2023-24532CVE-2023-0464, CVE-2023-27534CVE-2023-27533, CVE-2023-28321CVE-2022-41717, CVE-2023-28320CVE-2023-0466 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
PPDM-UI:
| Third Party Component | CVEs | More Information |
|---|---|---|
| Webpack v5.74.0 | CVE-2023-28154 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| engine.io v6.2.1 | CVE-2023-31125 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
PPDM Cloud Disaster Recovery
| Third Party Component | CVEs | More Information |
|---|---|---|
| Jettison - Json Stax implementation1.5.2 | CVE-2023-1436 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| SnakeYaml 1.33 | CVE-2022-1471 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| json-smart2.4.8 | CVE-2023-1370 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| SpringFramework 5.3.25 | CVE-2023-20860, CVE-2023-20861, CVE-2023-20863 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
PPDM Native Reporting
| Third Party Component | CVEs | More Information |
|---|---|---|
| Apache Commons Compress 1.9 | CVE-2018-11771, CVE-2021-35515, CVE-2021-35516, CVE-2021-35517, CVE-2021-36090 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| jackson-databind 2.13.2.2 | CVE-2022-42003, CVE-2022-42004 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| RESTEasy 3.0.11.Final | CVE-2016-6346 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
Cloud Snapshot Manager
| Third Party Component | CVEs | More Information |
|---|---|---|
| gopkg.in/golang/text.v0#v0.3.6 | CVE-2022-32149, CVE-2021-38561 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| github: golang/text:v0.3.5 | CVE-2021-38561, CVE-2021-38561 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
PPDM Agents
| Third Party Component | CVEs | More Information |
|---|---|---|
| libxml2 2.9.14 | CVE-2022-40304, CVE-2022-40303, CVE-2023-29469, CVE-2023-28484 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| Apache Commons Net 3.8.0 | CVE-2021-37533 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| Apache Xerces2 J2.7.1 | CVE-2012-0881, CVE-2013-4002, CVE-2022-23437, CVE-2009-2625 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| GStreamer 0.10.35 | CVE-2016-9634, CVE-2016-9636, CVE-2016-9635, CVE-2019-9928, CVE-2022-1920, CVE-2022-1923, CVE-2022-1924, CVE-2022-2122, CVE-2022-1921, CVE-2022-1922, CVE-2021-3497, CVE-2016-9447, CVE-2016-9809, CVE-2022-1925, CVE-2017-5848, CVE-2017-5840, CVE-2016-10199, CVE-2016-9446, CVE-2017-5839, CVE-2017-5838, CVE-2016-9812, CVE-2017-5841, CVE-2017-5843, CVE-2017-5847, CVE-2016-9808, CVE-2017-5845, CVE-2015-0797, CVE-2016-10198, CVE-2021-3522, CVE-2017-5844, CVE-2016-9807, CVE-2017-5837, CVE-2017-5846, CVE-2016-9810, CVE-2016-9813, CVE-2017-5842, CVE-2016-9811 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| Java Platform Standard Edition (JRE) (J2RE) 8u51 |
CVE-2015-4881, CVE-2015-4860, CVE-2015-4844, CVE-2015-4883, CVE-2015-4805, CVE-2015-4843, CVE-2015-4835, CVE-2015-4868, CVE-2015-4806, CVE-2015-4803, CVE-2015-4903, CVE-2015-4734, CVE-2015-4882, CVE-2015-4893, CVE-2015-4872, CVE-2015-4911, CVE-2015-4840, CVE-2015-4842 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| libjpeg 7 | CVE-2020-14152 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| libpng 1.6.16 | CVE-2017-12652, CVE-2016-3751, CVE-2015-8126, CVE-2016-10087, CVE-2015-8472, CVE-2019-7317 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| PCRE 8.00 | CVE-2015-8389, CVE-2015-8386, CVE-2015-8390, CVE-2015-8394, CVE-2015-8391, CVE-2016-3191, CVE-2015-8383, CVE-2015-5073, CVE-2015-2325, CVE-2015-8393, CVE-2019-20838, CVE-2015-8381, CVE-2017-6004, CVE-2015-8380, CVE-2015-8395, CVE-2015-8392, CVE-2015-2327, CVE-2015-2328, CVE-2015-8388, CVE-2015-8384, CVE-2015-8385, CVE-2015-8387, CVE-2015-2326, CVE-2020-14155, CVE-2014-8964 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| SQLite 3.7.16.2 | CVE-2015-5895, CVE-2019-8457, CVE-2020-11656, CVE-2019-19646, CVE-2017-10989, CVE-2018-20346, CVE-2018-20506, CVE-2015-3414, CVE-2015-3416, CVE-2018-20505, CVE-2022-35737, CVE-2018-8740, CVE-2020-11655, CVE-2015-3415, CVE-2015-3717, CVE-2020-13630, CVE-2015-6607, CVE-2020-13435, CVE-2019-19645, CVE-2020-15358, CVE-2020-13631, CVE-2020-13434, CVE-2020-13632, CVE-2016-6153 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| zlib 1.2.8 | CVE-2016-9841, CVE-2022-37434, CVE-2016-9843, CVE-2016-9842, CVE-2016-9840, CVE-2018-25032 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| curl 7.87.0 | CVE-2023-23914, CVE-2023-27534, CVE-2023-27533, CVE-2023-27535, CVE-2023-28319, CVE-2023-23915, CVE-2023-23916, CVE-2023-27536, CVE-2023-28320, CVE-2023-28321, CVE-2023-27538, CVE-2023-28322 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
| libxml2 2.10.3 | CVE-2023-28484, CVE-2023-29469 | See NVD link for individual scores for each CVE http://nvd.nist.gov/ |
Affected Products & Remediation
| Product | Affected Versions | Remediated Versions | Link to Update | |
|---|---|---|---|---|
| Dell PowerProtect Data Manager | 19.13 and prior | 19.14 and later | PPDM 19.14 drivers and downloads |
|
| Product | Affected Versions | Remediated Versions | Link to Update | |
|---|---|---|---|---|
| Dell PowerProtect Data Manager | 19.13 and prior | 19.14 and later | PPDM 19.14 drivers and downloads |
|
Note: The table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
Revision History
| Revision | Date | Description |
|---|---|---|
| 1.0 | 2023-07-19 | Initial Release |
| 2.0 | 2025-09-11 | Updating the artice URL |
Related Information
Legal Disclaimer
Affected Products
PowerProtect Data Manager SoftwareArticle Properties
Article Number: 000215920
Article Type: Dell Security Advisory
Last Modified: 11 Sept 2025
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.