DSA-2026-031: Security Update for Dell Data Protection Advisor Multiple Third-Party Component Vulnerabilities

Summary: Dell Data Protection Advisor remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Affected Products & Remediation

Affected Products

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.

Check out other resources

Impact

Critical

Details

Third-party Component	CVEs	More Information
Apache Ant	CVE-2020-11979, CVE-2020-1945, CVE-2021-36373	https://nvd.nist.gov/vuln/search
Apache Batik	CVE-2017-5662, CVE-2019-17566, CVE-2020-11987, CVE-2018-8013	https://nvd.nist.gov/vuln/search
Apache Commons BeanUtils	CVE-2014-0114, CVE-2019-10086	https://nvd.nist.gov/vuln/search
Apache Commons Compress	CVE-2018-11771, CVE-2021-35515, CVE-2021-35516, CVE-2021-35517, CVE-2021-36090	https://nvd.nist.gov/vuln/search
Apache CXF	CVE-2015-5253, CVE-2016-6812, CVE-2016-8739, CVE-2017-3156, CVE-2018-8039, CVE-2019-12406, CVE-2019-12419, CVE-2019-12423, CVE-2019-17573, CVE-2020-13954, CVE-2020-1954	https://nvd.nist.gov/vuln/search
Apache HttpClient	CVE-2012-6153, CVE-2013-4366	https://nvd.nist.gov/vuln/search
Apache jUDDI	CVE-2015-5241	https://nvd.nist.gov/vuln/search
Apache POI	CVE-2012-0213, CVE-2014-3529, CVE-2014-3574, CVE-2014-9527, CVE-2016-5000, CVE-2017-12626, CVE-2017-5644, CVE-2019-12415, CVE-2022-26336	https://nvd.nist.gov/vuln/search
Apache WSS4J	CVE-2014-3623	https://nvd.nist.gov/vuln/search
Apache Xerces2	CVE-2012-0881, CVE-2009-2625, CVE-2013-4002	https://nvd.nist.gov/vuln/search
Apache XML Graphics Batik	CVE-2022-41704, CVE-2022-42890, CVE-2022-44729, CVE-2022-44730	https://nvd.nist.gov/vuln/search
BeanShell	CVE-2016-2510	https://nvd.nist.gov/vuln/search
Codehaus Plexus	CVE-2022-4244, CVE-2022-4245	https://nvd.nist.gov/vuln/search
curl	CVE-2016-4802, CVE-2016-5419, CVE-2016-5420, CVE-2017-9502, CVE-2017-1000101, CVE-2017-1000100, CVE-2018-1000120, CVE-2018-1000121, CVE-2018-1000122, CVE-2016-9586, CVE-2016-9594, CVE-2018-1000301, CVE-2017-2629, CVE-2016-8624, CVE-2016-8617, CVE-2016-8621, CVE-2016-8615, CVE-2016-8616, CVE-2016-8619, CVE-2016-8620, CVE-2016-8623, CVE-2016-8625, CVE-2018-14618, CVE-2018-16839, CVE-2018-16842, CVE-2019-5443, CVE-2019-5482, CVE-2016-4606, CVE-2020-8177, CVE-2020-8284, CVE-2020-8285, CVE-2020-8286, CVE-2021-22876, CVE-2021-22898, CVE-2021-22922, CVE-2021-22923, CVE-2021-22925, CVE-2021-22926, CVE-2021-22946, CVE-2021-22947, CVE-2022-22576, CVE-2022-27774, CVE-2022-27776, CVE-2022-27781, CVE-2022-27782, CVE-2022-32206, CVE-2022-32208, CVE-2022-35252, CVE-2022-43552, CVE-2023-27533, CVE-2023-27534, CVE-2023-28319, CVE-2023-28320, CVE-2023-28321, CVE-2023-28322, CVE-2023-46218	https://nvd.nist.gov/vuln/search
decode-uri-component	CVE-2022-38900	https://nvd.nist.gov/vuln/search
Dom4j	CVE-2018-1000632	https://nvd.nist.gov/vuln/search
Eclipse Mojarra	CVE-2018-14371, CVE-2019-17091, CVE-2020-6950	https://nvd.nist.gov/vuln/search
Elastic Kibana	CVE-2022-38778	https://nvd.nist.gov/vuln/search
Engine.IO	CVE-2023-31125, CVE-2022-41940	https://nvd.nist.gov/vuln/search
FasterXML jackson-databind	CVE-2023-35116, CVE-2017-15095, CVE-2017-17485, CVE-2017-7525, CVE-2018-11307, CVE-2018-12022, CVE-2018-14718, CVE-2018-14719, CVE-2018-14720, CVE-2018-14721, CVE-2018-19360, CVE-2018-19361, CVE-2018-19362, CVE-2019-12384, CVE-2019-12814, CVE-2019-14379, CVE-2019-14439, CVE-2019-14540, CVE-2019-14892, CVE-2019-14893, CVE-2019-16335, CVE-2019-16942, CVE-2019-16943, CVE-2019-17267, CVE-2019-17531, CVE-2019-20330, CVE-2019-5427, CVE-2020-10650, CVE-2020-10673, CVE-2020-10969, CVE-2020-24616, CVE-2020-24750, CVE-2020-35490, CVE-2020-35491, CVE-2020-35728, CVE-2020-36179, CVE-2020-36180, CVE-2020-36181, CVE-2020-36182, CVE-2020-36183, CVE-2020-36184, CVE-2020-36185, CVE-2020-36186, CVE-2020-36187, CVE-2020-36188, CVE-2020-36189, CVE-2020-8840, CVE-2020-9546, CVE-2020-9547, CVE-2020-9548, CVE-2021-20190, CVE-2021-23926, CVE-2019-12086	https://nvd.nist.gov/vuln/search
follow-redirects	CVE-2023-26159	https://nvd.nist.gov/vuln/search
Google Guava	CVE-2018-10237	https://nvd.nist.gov/vuln/search
Hibernate Validator	CVE-2014-3558, CVE-2019-10219	https://nvd.nist.gov/vuln/search
HornetQ	CVE-2024-51127	https://nvd.nist.gov/vuln/search
hutool-json	CVE-2022-45688	https://nvd.nist.gov/vuln/search
Infinispan	CVE-2016-0750, CVE-2017-15089, CVE-2017-2638, CVE-2019-10158, CVE-2019-10174, CVE-2020-25711	https://nvd.nist.gov/vuln/search
JBoss EAP7 - Wildfly's EJB Client	CVE-2020-14297, CVE-2021-20250	https://nvd.nist.gov/vuln/search
JBoss Weld	CVE-2014-8122	https://nvd.nist.gov/vuln/search
jBPM	CVE-2014-8125	https://nvd.nist.gov/vuln/search
JDOM	CVE-2021-33813	https://nvd.nist.gov/vuln/search
Jgroups	CVE-2016-2141	https://nvd.nist.gov/vuln/search
Json-smart	CVE-2023-1370, CVE-2021-27568	https://nvd.nist.gov/vuln/search
JUnit4	CVE-2020-15250	https://nvd.nist.gov/vuln/search
libcurl	CVE-2024-7264, CVE-2016-5421, CVE-2016-7141, CVE-2016-7167, CVE-2017-1000254, CVE-2017-1000257, CVE-2017-8816, CVE-2017-8817, CVE-2018-1000007, CVE-2016-9952, CVE-2016-9953, CVE-2016-8618, CVE-2016-8622, CVE-2018-16890, CVE-2019-3822, CVE-2019-3823, CVE-2019-5436, CVE-2020-8231, CVE-2021-22924, CVE-2022-32221, CVE-2023-27535, CVE-2023-27536, CVE-2023-27538, CVE-2023-38546	https://nvd.nist.gov/vuln/search
Netty	CVE-2014-3488, CVE-2015-2156	https://nvd.nist.gov/vuln/search
node-sass	CVE-2020-24025	https://nvd.nist.gov/vuln/search
Node.js	CVE-2022-33987, CVE-2023-45133	https://nvd.nist.gov/vuln/search
OpenSSL	CVE-2010-4252, CVE-2011-1945, CVE-2012-0027, CVE-2011-1473, CVE-2013-0166, CVE-2013-0169, CVE-2014-0076, CVE-2010-5298, CVE-2014-0195, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470, CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3510, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292, CVE-2015-0293, CVE-2014-8176, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792, CVE-2015-3195, CVE-2016-0703, CVE-2016-0704, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2017-3735, CVE-2021-4044, CVE-2016-2105, CVE-2016-2177, CVE-2016-2178, CVE-2016-2179, CVE-2016-2180, CVE-2016-2181, CVE-2016-2182, CVE-2016-2183, CVE-2016-6302, CVE-2016-6303, CVE-2016-6304, CVE-2016-2176, CVE-2016-7056, CVE-2017-3737, CVE-2019-1559, CVE-2020-1968, CVE-2021-23840, CVE-2021-23841, CVE-2021-23839, CVE-2021-3712, CVE-2022-0778, CVE-2016-8610	https://nvd.nist.gov/vuln/search
Oracle JDK 8u461	CVE-2025-53066, CVE-2025-31257, CVE-2025-53057, CVE-2025-61748, CVE-2025-61755	https://www.oracle.com/security-alerts/cpuoct2025.html
PicketLink	CVE-2015-3158	https://nvd.nist.gov/vuln/search
plexus-archiver	CVE-2018-1002200	https://nvd.nist.gov/vuln/search
Plexus-utils	CVE-2017-1000487, CVE-2023-37460	https://nvd.nist.gov/vuln/search
PostCSS	CVE-2023-44270	https://nvd.nist.gov/vuln/search
proto	CVE-2021-22570, CVE-2023-26136, CVE-2020-28499	https://nvd.nist.gov/vuln/search
protobuf-java	CVE-2022-3509, CVE-2022-3510	https://nvd.nist.gov/vuln/search
QOS.ch Logback	CVE-2017-5929, CVE-2021-42550	https://nvd.nist.gov/vuln/search
RESTEasy	CVE-2014-3490, CVE-2014-7839, CVE-2016-6345, CVE-2016-6346, CVE-2016-6347, CVE-2016-6348	https://nvd.nist.gov/vuln/search
scss-tokenizer	CVE-2022-25758	https://nvd.nist.gov/vuln/search
Semver	CVE-2022-25883	https://nvd.nist.gov/vuln/search
Spring Framework	CVE-2016-9878, CVE-2018-1275, CVE-2023-20860, CVE-2024-22243	https://nvd.nist.gov/vuln/search
SQLite	CVE-2021-29425, CVE-2019-16168, CVE-2019-19645, CVE-2020-13434, CVE-2020-13435, CVE-2020-13631, CVE-2020-13632, CVE-2020-15358, CVE-2019-19646, CVE-2020-11656, CVE-2020-11655, CVE-2020-13630, CVE-2022-35737, CVE-2023-7104, CVE-2023-32697	https://nvd.nist.gov/vuln/search
swagger-codegen	CVE-2021-21363, CVE-2021-21364	https://nvd.nist.gov/vuln/search
Swagger-Parser's	CVE-2017-1000207, CVE-2017-1000208, CVE-2022-25927	https://nvd.nist.gov/vuln/search
TLS Protocol	CVE-2015-4000	https://nvd.nist.gov/vuln/search
xml2js	CVE-2023-0842	https://nvd.nist.gov/vuln/search
XNIO	CVE-2022-0084	https://nvd.nist.gov/vuln/search
Xstream	CVE-2013-7285, CVE-2016-3674, CVE-2017-7957, CVE-2019-10173, CVE-2020-26217, CVE-2020-26258, CVE-2020-26259, CVE-2021-21341, CVE-2021-21342, CVE-2021-21343, CVE-2021-21344, CVE-2021-21345, CVE-2021-21346, CVE-2021-21347, CVE-2021-21348, CVE-2021-21349, CVE-2021-21350, CVE-2021-21351, CVE-2021-29505, CVE-2021-39139, CVE-2021-39140, CVE-2021-39141, CVE-2021-39144, CVE-2021-39145, CVE-2021-39146, CVE-2021-39147, CVE-2021-39148, CVE-2021-39149, CVE-2021-39150, CVE-2021-39151, CVE-2021-39152, CVE-2021-39153, CVE-2021-39154, CVE-2021-43859, CVE-2022-40151, CVE-2022-41966	https://nvd.nist.gov/vuln/search
zlib	CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843, CVE-2018-25032, CVE-2022-37434, CVE-2023-45853	https://nvd.nist.gov/vuln/search

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

Product	Affected Versions	Remediated Versions	Link
Data Protection Advisor	Versions 19.10 through 19.12 SP1	Version 19.12 SP2	Data Protection Advisor Downloads Area

Product	Affected Versions	Remediated Versions	Link
Data Protection Advisor	Versions 19.10 through 19.12 SP1	Version 19.12 SP2	Data Protection Advisor Downloads Area

Notes:

Dell recommends that you always upgrade to the latest release/version for your product.
To schedule platform security patch installation, or to upgrade your server, contact Dell Customer Support.

Workarounds & Mitigations

None

Revision History

Revision	Date	Description
1.0	2026-01-19	Initial Release
2.0	2026-01-20	Added the Notes section

Related Information

Legal Disclaimer

Affected Products

Data Protection Advisor, Data Protection Suite Series

Article Number: 000417034

Article Type: Dell Security Advisory

Last Modified: 20 Jan 2026

Check if your device is covered by Support Services.

DSA-2026-031: Security Update for Dell Data Protection Advisor Multiple Third-Party Component Vulnerabilities

Summary: Dell Data Protection Advisor remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Impact

Details

Affected Products & Remediation

Workarounds & Mitigations

Revision History

Related Info

Legal Disclaimer

Affected Products

Impact

Details

Affected Products & Remediation

Workarounds & Mitigations

Revision History

Related Information

Legal Disclaimer

Affected Products

Article Properties

Find answers to your questions from other Dell users

Support Services

Article Properties

Find answers to your questions from other Dell users

Support Services

DSA-2026-031: Security Update for Dell Data Protection Advisor Multiple Third-Party Component Vulnerabilities

Summary: Dell Data Protection Advisor remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Detailed Article

Impact

Details

Affected Products & Remediation

Workarounds & Mitigations

Revision History

Related Information

Legal Disclaimer

Affected Products

Article Properties

Find answers to your questions from other Dell users

Support Services

Article Properties

Find answers to your questions from other Dell users

Support Services