DSA-2025-071: Security update for Dell Avamar for Multiple Component Vulnerabilities.
Summary: Dell Avamar remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Impact
Critical
Details
|
Third-party Component |
CVEs |
More Information |
|
The FreeType Project |
CVE-2022-27404, CVE-2017-10672 |
See NVD link below for individual scores for each CVE. |
|
Dozer |
CVE-2014-9515 |
|
|
OpenSSH |
CVE-2023-38408 |
|
|
Curl |
CVE-2018-0500, CVE-2018-14618, CVE-2018-16839, CVE-2018-16842, CVE-2019-3822, CVE-2019-5481 |
See NVD link below for individual scores for each CVE. |
|
jackson-databind |
CVE-2019-14379, CVE-2019-14540, CVE-2019-16335, CVE-2019-16942, CVE-2019-16943, CVE-2019-17267, CVE-2019-17531, CVE-2019-20330, CVE-2020-8840, CVE-2020-9547, CVE-2020-9548, CVE-2020-10672, CVE-2020-10968, CVE-2020-10969, CVE-2020-11111, CVE-2020-11112, CVE-2020-11113, CVE-2020-11619, CVE-2020-11620, CVE-2020-14061, CVE-2020-14062, CVE-2020-14060, CVE-2020-14195, CVE-2020-25649 |
See NVD link below for individual scores for each CVE. |
|
POCO C++ Libraries |
CVE-2023-52389, CVE-2017-1000472 |
See NVD link below for individual scores for each CVE. |
|
mailx |
CVE-2014-7844 |
|
|
OpenSSL |
CVE-2011-4109 |
|
|
file |
CVE-2019-18218 |
|
|
TestNG |
CVE-2022-4065 |
|
|
Linux Kernel |
CVE-2017-1000112 |
|
|
Cyrus SASL |
CVE-2019-19906, CVE-2022-24407, CVE-2013-4122 |
See NVD link below for individual scores for each CVE. |
|
libffi |
CVE-2017-1000376 |
|
|
Gstreamer |
CVE-2021-3497, CVE-2021-3498, CVE-2022-1924, CVE-2022-1920, CVE-2022-1921, CVE-2022-1925, CVE-2022-2122, CVE-2021-3522, CVE-2006-4339, CVE-2022-1922, CVE-2022-1923 |
See NVD link below for individual scores for each CVE. |
|
e2fsprogs |
CVE-2019-5188 |
|
|
elfutils |
CVE-2018-18520 |
|
|
JBIG-KIT lossless image compression library 2 |
CVE-2013-6369 |
|
|
Jetty: Java based HTTP/1.x, HTTP/2, Servlet, WebSocket Server |
CVE-2021-34429 |
|
|
libpng |
CVE-2019-7317 |
|
|
LibYAML |
CVE-2014-9130 |
|
|
mutt |
CVE-2022-1328 |
|
|
OpenSC |
CVE-2018-16391 |
|
|
libgcrypt |
CVE-2018-0495 |
|
|
pypi/setuptools |
CVE-2022-40897 |
|
|
RPM |
CVE-2021-35939 |
|
|
util-linux |
CVE-2022-0563 |
|
|
Apache James MIME4J |
CVE-2022-45787 |
|
|
Network Time Protocol project (NTP) |
CVE-2023-26555 |
|
|
Readline |
CVE-2014-2524 |
|
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
|
CVE-2025-21117 |
Dell Avamar, version 19.4 or later, contains an access token reuse vulnerability in the AUI. A low privileged local attacker could potentially exploit this vulnerability, leading to fully impersonating the user. |
6.6 |
|
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
|
CVE-2025-21117 |
Dell Avamar, version 19.4 or later, contains an access token reuse vulnerability in the AUI. A low privileged local attacker could potentially exploit this vulnerability, leading to fully impersonating the user. |
6.6 |
Affected Products & Remediation
|
Product |
Software/Firmware |
Affected Versions |
Remediated Versions |
Link |
|
Dell Avamar Data Store Gen5A, Gen4T |
Dell Avamar operating system |
Versions 19.4, 19.7,19.8,19.9,19.10 and 19.10 SP1 |
Version 19.12 or later |
https://dl.dell.com/downloads/TCM61_Avamar-19.12-for-Server-and-AVE-Upgrades.avp |
|
Avamar Virtual Edition for VMware ESXi and vSphere |
Dell Avamar operating system |
Versions 19.4, 19.7,19.8,19.9,19.10 and 19.10 SP1 |
Version 19.12 or later |
https://dl.dell.com/downloads/1GK63_Avamar-19.12-Virtual-Edition-for-VMware-ESXi-and-vSphere.7z |
|
Avamar Virtual Edition for VMware vSphere only |
Dell Avamar operating system |
Versions 19.4, 19.7,19.8,19.9,19.10 and 19.10 SP1 |
Version 19.12 or later |
https://dl.dell.com/downloads/KF9JJ_Avamar-19.12-Virtual-Edition-for-VMware-vSphere-only.ova |
|
Avamar Virtual Edition for Hyper-V 2012 |
Dell Avamar operating system |
Versions 19.4, 19.7,19.8,19.9,19.10 and 19.10 SP1 |
Version 19.12 or later |
https://dl.dell.com/downloads/5X67J_Avamar-19.12-Virtual-Edition-for-Hyper-V-2012.7z |
|
Avamar Virtual Edition for Hyper-V 2012R2, Hyper-V 2016, and Hyper-V 2019 |
Dell Avamar operating system |
Versions 19.4, 19.7,19.8,19.9,19.10 and 19.10 SP1 |
Version 19.12 or later |
|
|
Avamar Virtual Edition for KVM/Open Stack KVM |
Dell Avamar operating system |
Versions 19.4, 19.7,19.8,19.9,19.10 and 19.10 SP1 |
Version 19.12 or later |
https://dl.dell.com/downloads/0CJC4_Avamar-19.12-Virtual-Edition-for-KVM-OpenStack-KVM.7z |
|
Product |
Software/Firmware |
Affected Versions |
Remediated Versions |
Link |
|
Dell Avamar Data Store Gen5A, Gen4T |
Dell Avamar operating system |
Versions 19.4, 19.7,19.8,19.9,19.10 and 19.10 SP1 |
Version 19.12 or later |
https://dl.dell.com/downloads/TCM61_Avamar-19.12-for-Server-and-AVE-Upgrades.avp |
|
Avamar Virtual Edition for VMware ESXi and vSphere |
Dell Avamar operating system |
Versions 19.4, 19.7,19.8,19.9,19.10 and 19.10 SP1 |
Version 19.12 or later |
https://dl.dell.com/downloads/1GK63_Avamar-19.12-Virtual-Edition-for-VMware-ESXi-and-vSphere.7z |
|
Avamar Virtual Edition for VMware vSphere only |
Dell Avamar operating system |
Versions 19.4, 19.7,19.8,19.9,19.10 and 19.10 SP1 |
Version 19.12 or later |
https://dl.dell.com/downloads/KF9JJ_Avamar-19.12-Virtual-Edition-for-VMware-vSphere-only.ova |
|
Avamar Virtual Edition for Hyper-V 2012 |
Dell Avamar operating system |
Versions 19.4, 19.7,19.8,19.9,19.10 and 19.10 SP1 |
Version 19.12 or later |
https://dl.dell.com/downloads/5X67J_Avamar-19.12-Virtual-Edition-for-Hyper-V-2012.7z |
|
Avamar Virtual Edition for Hyper-V 2012R2, Hyper-V 2016, and Hyper-V 2019 |
Dell Avamar operating system |
Versions 19.4, 19.7,19.8,19.9,19.10 and 19.10 SP1 |
Version 19.12 or later |
|
|
Avamar Virtual Edition for KVM/Open Stack KVM |
Dell Avamar operating system |
Versions 19.4, 19.7,19.8,19.9,19.10 and 19.10 SP1 |
Version 19.12 or later |
https://dl.dell.com/downloads/0CJC4_Avamar-19.12-Virtual-Edition-for-KVM-OpenStack-KVM.7z |
- The CVEs remedied by this security update are listed. The list not only have the new CVEs remedied by this update, but all the past CVEs included in this cumulative update. Due to dependencies on the above fixes, it cannot be backported.
- The OS Rollup 2024 R3 CVE is included in the 19.12 release. For further information on the OS Rollup 2024 R3 see. DSA-2024-433
- Dell recommends that you always upgrade to the latest release/version for your product.
- To schedule platform security patch installation, or to upgrade your server, contact Dell Customer Support at https://www.dell.com/support/home/product-support/product/avamar/drivers
- CVE-2014-9515 corresponding to Dozer Third Party Component is also remediated as a part of Version 19.10 SP1 corresponding to DSA-2024-280
Revision History
|
Revision |
Date |
Description |
|
1.0 |
2025-02-05 |
Initial Release |
Related Information
Legal Disclaimer
Affected Products
Avamar, Avamar Client, Avamar Client for VMware, Avamar Client for Windows, Avamar Data Store, Avamar Data Store Gen4T, Avamar Data Store Gen5A, Avamar Desktop/Laptop Option, Avamar Plug-in for Hyper-V VSS, Avamar Plug-in for NDMP, Avamar Server
, Avamar Virtual Edition
...
Article Properties
Article Number: 000281275
Article Type: Dell Security Advisory
Last Modified: 03 Mar 2025
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.