DSA-2023-389: Security Update for Dell Technologies PowerProtect DataDomain Vulnerabilities

Summary: Dell Technologies PowerProtect DataDomain remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Impact

Critical

Details

Third-party Component CVEs More Information
Apache CVE-2022-28331, CVE-2022-24963, CVE-2021-35940, CVE-2023-24998, CVE-2023-27522, CVE-2023-25690, CVE-2022-37436, CVE-2022-36760, CVE-2022-31813, CVE-2022-30556, CVE-2022-30522, CVE-2022-29404, CVE-2022-28615, CVE-2022-28614, CVE-2022-28330, CVE-2022-26377, CVE-2006-20001, CVE-2023-27522, CVE-2023-25690, CVE-2022-45143 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Postgres CVE-2023-0215, CVE-2022-41862 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Linux CVE-2023-26545, CVE-2023-26242, CVE-2023-25012, CVE-2023-23559, CVE-2023-23455, CVE-2023-23454, CVE-2023-22998, CVE-2023-0615, CVE-2023-0469, CVE-2023-0468, CVE-2023-0394, CVE-2023-0266, CVE-2023-0240, CVE-2022-47929, CVE-2022-47521, CVE-2022-47520, CVE-2022-47519, CVE-2022-47518, CVE-2022-4662, CVE-2022-45934, CVE-2022-45919, CVE-2022-45888, CVE-2022-45887, CVE-2022-45886, CVE-2022-45885, CVE-2022-45884 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
rsyslog CVE-2022-24903 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
p11-kit CVE-2020-29362 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
PCRE2 CVE-2022-1586 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
containerd, docker CVE-2022-23648, CVE-2022-24769, CVE-2022-27191, CVE-2021-43565, CVE-2021-41190, CVE-2022-23648, CVE-2022-27191, CVE-2022-23471, CVE-2022-31030, CVE-2022-29162, CVE-2021-41190, CVE-2021-41103, CVE-2021-41092, CVE-2021-41091, CVE-2021-41089, CVE-2022-36109 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Runc CVE-2023-28642, CVE-2023-27561, CVE-2023-25809 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Unzip CVE-2022-0529, CVE-2022-0530 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
udisks2 CVE-2022-21233 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Libtasb1 CVE-2021-46848 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Bind CVE-2022-2795, CVE-2022-38177, CVE-2022-38178 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Python CVE-2023-24329, CVE-2022-40899, CVE-2022-45061, CVE-2022-42919, CVE-2022-37454 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
libxml2 CVE-2022-40304, CVE-2022-40303, CVE-2022-29824, CVE-2022-23308, CVE-2021-3541, CVE-2021-3537, CVE-2021-3518, CVE-2021-3517, CVE-2022-40304, CVE-2022-40303 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
OpenSSL CVE-2023-0464, CVE-2023-0465, CVE-2023-0466 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Java CVE-2022-31129, CVE-2021-23337 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
c-ares CVE-2020-8277, CVE-2021-3672 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Certifi CVE-2022-23491 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Curl CVE-2023-23916, CVE-2023-27538, CVE-2023-27536, CVE-2023-27535, CVE-2023-27534, CVE-2023-27533 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Systemd CVE-2023-26604 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Tar CVE-2022-48303 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Libxslt CVE-2021-30560 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
glib2 CVE-2023-24593, CVE-2023-25180 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Libpq5 CVE-2022-41862 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

CVEs Addressed Product Affected Versions Remediated Versions Link
CVE-2022-28331, CVE-2022-24963, CVE-2021-35940, CVE-2023-24998, CVE-2023-27522, CVE-2023-25690, CVE-2022-37436, CVE-2022-36760, CVE-2022-31813, CVE-2022-30556, CVE-2022-30522, CVE-2022-29404, CVE-2022-28615, CVE-2022-28614, CVE-2022-28330, CVE-2022-26377, CVE-2006-20001, CVE-2022-31129, CVE-2020-8277, CVE-2021-3672, CVE-2023-27522, CVE-2023-25690, CVE-2022-45143, CVE-2021-23337  PowerProtect DD DDOS, DDMC, and SmartScale.


 		 Versions 7.0 through 7.11
 		 Versions 7.12.0.0 or later, or
7.10.1.10 or later to stay on LTS2023 7.10,
or
7.7.5.20 or later to stay on LTS2022 7.7		  For more details about DDOS versions available for download, see the links below (requires log in to Dell Support to view articles):
https://www.dell.com/support/kbdoc/334649
https://www.dell.com/support/kbdoc/525902
 
CVE-2022-28331, CVE-2022-24963, CVE-2021-35940, CVE-2023-24998, CVE-2023-27522, CVE-2023-25690, CVE-2022-37436, CVE-2022-36760, CVE-2022-31813, CVE-2022-30556, CVE-2022-30522, CVE-2022-29404, CVE-2022-28615, CVE-2022-28614, CVE-2022-28330, CVE-2022-26377, CVE-2006-20001, CVE-2022-31129, CVE-2020-8277, CVE-2021-3672, CVE-2023-27522, CVE-2023-25690, CVE-2022-45143, CVE-2023-24329, CVE-2022-45061, CVE-2022-42919, CVE-2022-37454, CVE-2021-23337 PowerProtect DD DDOS, DDMC



 		 Versions prior to 6.2.1.100 Versions 6.2.1.120 or later  
CVE-2023-24329, CVE-2022-45061, CVE-2022-42919, CVE-2022-37454 PowerProtect DD DDOS, DDMC


 		 Versions 7.0 through 7.11 Versions 7.12.0.0 or later, or 
7.10.1.10 or later to stay on LTS2023 7.10, 
or
7.7.5.20 or later to stay on LTS2022 7.7		 For more details about DDOS versions available for download, see the links below (requires log in to Dell Support to view articles):
https://www.dell.com/support/kbdoc/334649
https://www.dell.com/support/kbdoc/525902
 
CVE-2023-0215, CVE-2022-41862, CVE-2023-26545, CVE-2023-26242, CVE-2023-25012, CVE-2023-23559, CVE-2023-23455, CVE-2023-23454, CVE-2023-22998, CVE-2023-0615, CVE-2023-0469, CVE-2023-0468, CVE-2023-0394, CVE-2023-0266, CVE-2023-0240, CVE-2022-47929, CVE-2022-47521, CVE-2022-47520, CVE-2022-47519, CVE-2022-47518, CVE-2022-4662, CVE-2022-45934, CVE-2022-45919, CVE-2022-45888, CVE-2022-45887, CVE-2022-45886, CVE-2022-45885, CVE-2022-45884, CVE-2022-24903, CVE-2020-29362, CVE-2022-1586, CVE-2022-23648, CVE-2022-24769, CVE-2022-27191, CVE-2021-43565, CVE-2021-41190, CVE-2022-23648, CVE-2022-27191, CVE-2022-23471, CVE-2022-31030,CVE-2022-29162, CVE-2021-41190, CVE-2021-41103, CVE-2021-41092, CVE-2021-41091, CVE-2021-41089, CVE-2022-36109, CVE-2023-28642, CVE-2023-27561, CVE-2023-25809, CVE-2022-0529, CVE-2022-0530, CVE-2022-21233, CVE-2021-46848, CVE-2022-2795, CVE-2022-38177, CVE-2022-38178, CVE-2023-24329,CVE-2022-40899, CVE-2022-40304, CVE-2022-40303, CVE-2022-29824, CVE-2022-23308, CVE-2021-3541, CVE-2021-3537, CVE-2021-3518, CVE-2021-3517, CVE-2022-40304, CVE-2022-40303, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2022-23491, CVE-2023-23916, CVE-2023-27538, CVE-2023-27536, CVE-2023-27535, CVE-2023-27534, CVE-2023-27533, CVE-2023-26604, CVE-2022-48303, CVE-2021-30560, CVE-2023-24593, CVE-2023-25180, CVE-2022-41862 PowerProtect DD SmartScale


 		 Versions 7.8 through 7.11 Versions 7.12.0.0 or later, or
7.10.1.10 or later to stay on LTS2023 7.10		 For more details about DDOS versions available for download, see the links below (requires log in to Dell Support to view articles):
https://www.dell.com/support/kbdoc/334649
https://www.dell.com/support/kbdoc/525902
 
CVE-2022-28331, CVE-2022-24963, CVE-2021-35940, CVE-2023-24998, CVE-2023-27522, CVE-2023-25690, CVE-2022-37436, CVE-2022-36760, CVE-2022-31813, CVE-2022-30556, CVE-2022-30522, CVE-2022-29404, CVE-2022-28615, CVE-2022-28614, CVE-2022-28330, CVE-2022-26377, CVE-2006-20001, CVE-2022-31129, CVE-2020-8277, CVE-2021-3672, CVE-2023-27522, CVE-2023-25690, CVE-2022-45143, CVE-2021-23337, CVE-2022-28331, CVE-2022-24963, CVE-2021-35940, CVE-2023-24998, CVE-2023-27522, CVE-2023-25690, CVE-2022-37436, CVE-2022-36760, CVE-2022-31813, CVE-2022-30556, CVE-2022-30522, CVE-2022-29404, CVE-2022-28615, CVE-2022-28614, CVE-2022-28330, CVE-2022-26377, CVE-2006-20001, CVE-2022-31129, CVE-2020-8277, CVE-2021-3672, CVE-2023-27522, CVE-2023-25690, CVE-2022-45143, CVE-2023-24329, CVE-2022-45061, CVE-2022-42919, CVE-2022-37454, CVE-2021-23337, CVE-2023-24329, CVE-2022-45061, CVE-2022-42919, CVE-2022-37454 PowerProtect DP Series Appliance (IDPA) Versions prior to 2.7.4 Version 2.7.6 For more details about DDOS versions available for download, see the links below (requires log in to Dell Support to view articles):
https://www.dell.com/support/kbdoc/334649
https://www.dell.com/support/kbdoc/525902
 

Dell KB articles 
IDPA : Allowed Point Product Upgrades
Procedure to upgrade DataDomainOS
CVEs Addressed Product Affected Versions Remediated Versions Link
CVE-2022-28331, CVE-2022-24963, CVE-2021-35940, CVE-2023-24998, CVE-2023-27522, CVE-2023-25690, CVE-2022-37436, CVE-2022-36760, CVE-2022-31813, CVE-2022-30556, CVE-2022-30522, CVE-2022-29404, CVE-2022-28615, CVE-2022-28614, CVE-2022-28330, CVE-2022-26377, CVE-2006-20001, CVE-2022-31129, CVE-2020-8277, CVE-2021-3672, CVE-2023-27522, CVE-2023-25690, CVE-2022-45143, CVE-2021-23337  PowerProtect DD DDOS, DDMC, and SmartScale.


 		 Versions 7.0 through 7.11
 		 Versions 7.12.0.0 or later, or
7.10.1.10 or later to stay on LTS2023 7.10,
or
7.7.5.20 or later to stay on LTS2022 7.7		  For more details about DDOS versions available for download, see the links below (requires log in to Dell Support to view articles):
https://www.dell.com/support/kbdoc/334649
https://www.dell.com/support/kbdoc/525902
 
CVE-2022-28331, CVE-2022-24963, CVE-2021-35940, CVE-2023-24998, CVE-2023-27522, CVE-2023-25690, CVE-2022-37436, CVE-2022-36760, CVE-2022-31813, CVE-2022-30556, CVE-2022-30522, CVE-2022-29404, CVE-2022-28615, CVE-2022-28614, CVE-2022-28330, CVE-2022-26377, CVE-2006-20001, CVE-2022-31129, CVE-2020-8277, CVE-2021-3672, CVE-2023-27522, CVE-2023-25690, CVE-2022-45143, CVE-2023-24329, CVE-2022-45061, CVE-2022-42919, CVE-2022-37454, CVE-2021-23337 PowerProtect DD DDOS, DDMC



 		 Versions prior to 6.2.1.100 Versions 6.2.1.120 or later  
CVE-2023-24329, CVE-2022-45061, CVE-2022-42919, CVE-2022-37454 PowerProtect DD DDOS, DDMC


 		 Versions 7.0 through 7.11 Versions 7.12.0.0 or later, or 
7.10.1.10 or later to stay on LTS2023 7.10, 
or
7.7.5.20 or later to stay on LTS2022 7.7		 For more details about DDOS versions available for download, see the links below (requires log in to Dell Support to view articles):
https://www.dell.com/support/kbdoc/334649
https://www.dell.com/support/kbdoc/525902
 
CVE-2023-0215, CVE-2022-41862, CVE-2023-26545, CVE-2023-26242, CVE-2023-25012, CVE-2023-23559, CVE-2023-23455, CVE-2023-23454, CVE-2023-22998, CVE-2023-0615, CVE-2023-0469, CVE-2023-0468, CVE-2023-0394, CVE-2023-0266, CVE-2023-0240, CVE-2022-47929, CVE-2022-47521, CVE-2022-47520, CVE-2022-47519, CVE-2022-47518, CVE-2022-4662, CVE-2022-45934, CVE-2022-45919, CVE-2022-45888, CVE-2022-45887, CVE-2022-45886, CVE-2022-45885, CVE-2022-45884, CVE-2022-24903, CVE-2020-29362, CVE-2022-1586, CVE-2022-23648, CVE-2022-24769, CVE-2022-27191, CVE-2021-43565, CVE-2021-41190, CVE-2022-23648, CVE-2022-27191, CVE-2022-23471, CVE-2022-31030,CVE-2022-29162, CVE-2021-41190, CVE-2021-41103, CVE-2021-41092, CVE-2021-41091, CVE-2021-41089, CVE-2022-36109, CVE-2023-28642, CVE-2023-27561, CVE-2023-25809, CVE-2022-0529, CVE-2022-0530, CVE-2022-21233, CVE-2021-46848, CVE-2022-2795, CVE-2022-38177, CVE-2022-38178, CVE-2023-24329,CVE-2022-40899, CVE-2022-40304, CVE-2022-40303, CVE-2022-29824, CVE-2022-23308, CVE-2021-3541, CVE-2021-3537, CVE-2021-3518, CVE-2021-3517, CVE-2022-40304, CVE-2022-40303, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2022-23491, CVE-2023-23916, CVE-2023-27538, CVE-2023-27536, CVE-2023-27535, CVE-2023-27534, CVE-2023-27533, CVE-2023-26604, CVE-2022-48303, CVE-2021-30560, CVE-2023-24593, CVE-2023-25180, CVE-2022-41862 PowerProtect DD SmartScale


 		 Versions 7.8 through 7.11 Versions 7.12.0.0 or later, or
7.10.1.10 or later to stay on LTS2023 7.10		 For more details about DDOS versions available for download, see the links below (requires log in to Dell Support to view articles):
https://www.dell.com/support/kbdoc/334649
https://www.dell.com/support/kbdoc/525902
 
CVE-2022-28331, CVE-2022-24963, CVE-2021-35940, CVE-2023-24998, CVE-2023-27522, CVE-2023-25690, CVE-2022-37436, CVE-2022-36760, CVE-2022-31813, CVE-2022-30556, CVE-2022-30522, CVE-2022-29404, CVE-2022-28615, CVE-2022-28614, CVE-2022-28330, CVE-2022-26377, CVE-2006-20001, CVE-2022-31129, CVE-2020-8277, CVE-2021-3672, CVE-2023-27522, CVE-2023-25690, CVE-2022-45143, CVE-2021-23337, CVE-2022-28331, CVE-2022-24963, CVE-2021-35940, CVE-2023-24998, CVE-2023-27522, CVE-2023-25690, CVE-2022-37436, CVE-2022-36760, CVE-2022-31813, CVE-2022-30556, CVE-2022-30522, CVE-2022-29404, CVE-2022-28615, CVE-2022-28614, CVE-2022-28330, CVE-2022-26377, CVE-2006-20001, CVE-2022-31129, CVE-2020-8277, CVE-2021-3672, CVE-2023-27522, CVE-2023-25690, CVE-2022-45143, CVE-2023-24329, CVE-2022-45061, CVE-2022-42919, CVE-2022-37454, CVE-2021-23337, CVE-2023-24329, CVE-2022-45061, CVE-2022-42919, CVE-2022-37454 PowerProtect DP Series Appliance (IDPA) Versions prior to 2.7.4 Version 2.7.6 For more details about DDOS versions available for download, see the links below (requires log in to Dell Support to view articles):
https://www.dell.com/support/kbdoc/334649
https://www.dell.com/support/kbdoc/525902
 

Dell KB articles 
IDPA : Allowed Point Product Upgrades
Procedure to upgrade DataDomainOS
Highest CVSS score of affected CVEs is Critical 9.8 from CVE-2022-28331, CVE-2022-24963, CVE-2022-24963, CVE-2022-36760, CVE-2022-31813, CVE-2022-28615, CVE-2022-37454, CVE-2023-25690, CVE-2022-1586, CVE-2021-46848

Revision History

RevisionDateDescription
1.02023-10-16Initial Release
2.02023-10-20Added CVE-2021-23337 in Java section of Third-Party Components.  
Added CVE-2021-23337 to the Affected Products and Remediation Table for PowerProtect DD DDOS, DDMC, and SmartScale Affected Versions 7.0 to 7.11 and PowerProtect DD DDOS, DDMC version 6.2.1.100
Updated Affected Product section under Article Properties
Combined 6.2.1.100 CVE's to one line in the Affected Products and Remediation table
Removed "SmartScale" from PowerProtect DD DDOS and DDMC for Version 6.2.1.100
 
3.02023-10-30Cosmetic update: Combined the Third-Party Component "Python" into one row in the Third-Party Components Table
4.02023-11-20Added Under Affect Products and Remedition table - Product PowerProtect DP Series (IDPA) with the CVE's addressed, Affected Version, Remediated Version, and Link
5.02024-01-24Updated the Third Party Component Table for Product PowerProtect DP Series Appliance (IDPA) by updating the Remediated Version from Versions 2.7.2, 2.7.3, 2.7.4, with 7.7.5.20 patch to Version 2.7.6
6.02024-04-25Updated Affected Products and Remediation section: Updated Remediated version for Versions prior to 6.2.1.100

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Disclaimer

Affected Products

Data Domain, PowerProtect Data Protection Appliance, DD OS 7.0, DD OS 7.1, DD OS 7.10, DD OS 7.11, DD OS 7.2, DD OS 7.3, DD OS 7.4, DD OS 7.5, DD OS 7.6, DD OS 7.7, DD OS 7.8, DD OS 7.9, PowerProtect Data Domain Management Center , PowerProtect Data Protection Software, Integrated Data Protection Appliance Family, Integrated Data Protection Appliance Software ...
Article Properties
Article Number: 000218619
Article Type: Dell Security Advisory
Last Modified: 25 Apr 2024
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.