Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.
Sign In Create an Account Premier Sign In Partner Program Sign In
Contact Us

Your Dell.com Carts

Article Number: 000220651

DSA-2023-416: Security Update for Dell PowerProtect DP Series Appliance (IDPA) Infrastructure for Multiple Vulnerabilities.

Summary: Dell PowerProtect DP Series Appliance (IDPA) remediation is available for multiple security vulnerabilities in Infrastructure that could be exploited by malicious users to compromise the affected system. ...

Article Content

Impact

Critical

Details

Third-party Component

CVEs

More Information

VMWare (Hypervisor and Hypervisor Manager) 

CVE-2023-38408, CVE-2021-36368, CVE-2023-20892, CVE-2023-20893, CVE-2023-2089 , CVE-2023-20895, CVE-2023-20896, CVE-2022-22982, CVE-2022-31696, CVE-2022-31699, CVE-2021-21972, CVE-2022-21123, CVE-2022-21125, CVE-2022-21166, CVE-2022-29901, CVE-2022-28693, CVE-2022-23816, CVE-2022-23825, CVE-2022-26373, CVE-2022-31681, CVE-2021-22040, CVE-2021-22041, CVE-2021-22042, CVE-2021-22043, CVE-2021-22050, CVE-2022-22948, CVE-2023-34048, CVE-2023-34056, CVE-2023-20894 

See NVD link below for individual scores for each CVE.
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.

 

Dell iDRAC 

CVE-2022-34435 

DSA-2022-265

OpenSSL

CVE-2023-0215, CVE-2022-2068, CVE-2022-1292 

See NVD link below for individual scores for each CVE.  
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.

Oracle Java 

CVE-2023-21835, CVE-2023-21830, CVE-2023-21843, CVE-2022-39399, CVE-2022-34169, CVE-2022-21628, CVE-2022-21626, CVE-2022-21618, CVE-2022-21624, CVE-2022-21619, CVE-2022-21541, CVE-2022-21540, CVE-2022-21549, CVE‑2022‑39399, CVE‑2022‑34169, CVE‑2022‑21628, CVE-2022-21626, CVE-2022-21618, CVE-2022-21624, CVE-2022-21619, CVE-2022-21541, CVE-2022-21540, CVE-2022-21549

See NVD link below for individual scores for each CVE.  
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.

 

OpenLDAP

CVE-1999-0385 

https://nvd.nist.gov/vuln/detail/CVE-1999-0385 This hyperlink is taking you to a website outside of Dell Technologies.

OpenSSH

CVE-2008-5161 

https://www.suse.com/security/cve/CVE-2008-5161.htmlThis hyperlink is taking you to a website outside of Dell Technologies.

Apache Tomcat 

CVE-2022-45143, CVE-2022-42252, CVE-2022-34305, CVE-2022-29885, CVE-2021-43980, CVE-2021-30640 

See NVD link below for individual scores for each CVE.  
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.

 

Grub2 

CVE-2022-2601, CVE-2022-3775, CVE-2021-3695, CVE-2021- 3696, CVE-2021-3697, CVE-2021-3981 

See NVD link below for individual scores for each CVE.  
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.

Apache Log4j 

CVE-2021-44228, CVE-2021-45046 

Apache Log4j Remote Code ExecutionThis hyperlink is taking you to a website outside of Dell Technologies.

Erlang 

CVE-2022-37026 

https://nvd.nist.gov/vuln/detail/CVE-2022-37026This hyperlink is taking you to a website outside of Dell Technologies.

SUSE 

CVE-2022-0413, CVE-2022-0318, CVE-2021-4019, CVE-2022-2284, CVE-2022-0361, CVE-2022-1679, CVE-2020-0452, CVE-2022-1652, CVE-2022-1619, CVE-2022-0492, CVE-2022-0359, CVE-2017-17095, CVE-2022-24903, CVE-2022-2207, CVE-2022-1927, CVE-2022-2304, CVE-2021-4197, CVE-2022-27239, CVE-2022-1304, CVE-2022-2129, CVE-2022-2264, CVE-2022-29155, CVE-2022-2124, CVE-2022-0261, CVE-2022-1851, CVE-2022-2126, CVE-2022-2183, CVE-2022-1720, CVE-2021-4157, CVE-2022-2344, CVE-2020-35523, CVE-2021-3927, CVE-2022-2175, CVE-2021-4069, CVE-2021-4192, CVE-2022-23219, CVE-2021-4136, CVE-2021-4202, CVE-2022-0407, CVE-2022-1381, CVE-2022-0213, CVE-2021-30560, CVE-2021-3778, CVE-2022-2210, CVE-2022-0435, CVE-2022-2257, CVE-2022-1898, CVE-2022-2206, CVE-2021-43527, CVE-2022-25235, CVE-2022-23218, CVE-2021-20292, CVE-2022-20141, CVE-2022-0128, CVE-2022-0847, CVE-2021-3973, CVE-2021-3796, CVE-2022-2286, CVE-2022-1796, CVE-2022-1968, CVE-2022-1735, CVE-2021-3984, CVE-2021-3968, CVE-2022-1048, CVE-2021-39713, CVE-2021-4083, CVE-2020-35524, CVE-2022-2182, CVE-2021-45078, CVE-2022-2343, CVE-2022-2345, CVE-2022-1897, CVE-2021-0920, CVE-2022-2125, CVE-2022-0392, CVE-2022-25315, CVE-2022-25236, CVE-2022-23852, CVE-2022-24407, CVE-2022-2285, CVE-2019-17546, CVE-2021-3872, CVE-2021-0935, CVE-2021-3974, CVE-2022-1616, CVE-2022-2795, CVE-2022-38177, CVE-2023-38545, CVE-2023-38546

See SUSE link below for individual scores for each CVE. 
https://www.suse.com/security/cve/This hyperlink is taking you to a website outside of Dell Technologies.

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

Product

Affected Versions

Remediated Versions 

Link 

Integrated Data Protection Appliance (PowerProtect DP Series)

2.7.4 and prior 

2.7.6 

https://www.dell.com/support/home/product-support/product/integrated-data-protection-appliance/drivers

Product

Affected Versions

Remediated Versions 

Link 

Integrated Data Protection Appliance (PowerProtect DP Series)

2.7.4 and prior 

2.7.6 

https://www.dell.com/support/home/product-support/product/integrated-data-protection-appliance/drivers
Link to PowerProtect DP Series Installation and Upgrade guide 
Dell EMC PowerProtect DP Series Appliance 2.7.6 Installation and Upgrade Guide 
 
NOTE: IDPA versions prior to 2.7.6 use an obsolete Operating System for ACM and DPA components. IDPA 2.7.6 has updated the Operating Systems of ACM and DPA components to a supported version.

Revision History

RevisionDateDescription
1.02023-23-21Initial release
2.02024-01-09Moved Installation & Upgrade guide to Additional Information section.
3.02024-01-09Updated 'More Information' column for Dell iDRAC & Apache Log4j
4.0-5.02024-01-09Added CVE-2023-38545, CVE-2023-38546 to SUSE Component
6.02024-01-22Updated for enhanced presentation with no changes to content.
7.02024-03-08Added CVE-2023-20894 to VMWare (Hypervisor and Hypervisor Manager) Component

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Information

Article Properties

Affected Product

PowerProtect Data Protection Appliance, PowerProtect Data Protection Software, Integrated Data Protection Appliance Family, PowerProtect Data Protection Hardware, Integrated Data Protection Appliance Software

Last Published Date

08 Mar 2024

Version

7

Article Type

Dell Security Advisory

Back to Top