DSA-2022-080: Dell EMC PowerProtect Data Manager Update for Multiple Security Vulnerabilities
Summary: Dell EMC PowerProtect Data Manager remediation is available for multiple security vulnerabilities that may potentially be exploited by malicious users to compromise the affected system. ...
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Impact
Critical
Details
| Third-party Component | CVEs | More Information |
| XStream1.4.17 | CVE-2021-39141 CVE-2021-39139 CVE-2021-39151 CVE-2021-39150 CVE-2021-39149 CVE-2021-39148 CVE-2021-39154 CVE-2021-39147 CVE-2021-39146 CVE-2021-39145 CVE-2021-39153 CVE-2021-39152 CVE-2021-39140 |
See NVD (http://nvd.nist.gov/) for individual scores for Each CVE |
| Apache Tomcat9.0.50 | CVE-2021-42340 | |
| Kubernetes Client API9.0.2 | CVE-2021-25738 | |
| Netty Project4.1.65.Final | CVE-2021-37137 CVE-2021-37136 |
|
| thymeleaf-spring53.0.12.RELEASE | CVE-2021-43466 | |
| json-smart2.4.2 | CVE-2021-31684 | |
| json-schema0.2.3 | CVE-2021-3918 | |
| Apache Log4j2.13.3 | CVE-2021-44228 CVE-2021-45046 CVE-2021-45105 |
|
| H2 Database Engine 1.4.200 | CVE-2021-23463 | |
| Elasticsearch7.10.2 | CVE-2021-22145 CVE-2021-22144 CVE-2021-22147 CVE-2021-22135 CVE-2021-22134 |
|
| jwt-go v3.2.0 | CVE-2020-26160 | |
| Consul1.1.0 | CVE-2021-37219 CVE-2021-3121 CVE-2021-32574 CVE-2020-7219 CVE-2021-36213 CVE-2021-38698 CVE-2020-25864 CVE-2018-19653 |
|
| etcd 2.0.0 | CVE-2018-1098 CVE-2018-1099 |
|
| etcd 3.3.13 | CVE-2020-15114 CVE-2020-15115 CVE-2020-15136) |
|
| etcd 3.3.10 | CVE-2020-15114 CVE-2020-15115 CVE-2020-15136 |
|
| jwt-gov3.2.0 | CVE-2020-26160 | |
| miekg/dns 1.0.14 | CVE-2019-19794 | |
| velero 1.6.0 | CVE-2016-2781 CVE-2016-10228 CVE-2019-25013 CVE-2020-29562 CVE-2020-27618 CVE-2020-29562 CVE-2021-40528 CVE-2021-33560 CVE-2021-20231 CVE-2021-20232 CVE-2021-20305 CVE-2021-3580 CVE-2021-3520 CVE-2021-20305 CVE-2021-3580 CVE-2017-11164 CVE-2019-20838 CVE-2020-14155 CVE-2021-3711 CVE-2021-33910 CVE-2020-13529 CVE-2018-1000654 CVE-2021-33910 CVE-2020-13529 CVE-2013-4235 CVE-2021-3711 CVE-2021-3712 CVE-2013-4235 CVE-2020-29652 CVE-2021-3121 CVE-2020-29652 CVE-2020-8565 |
|
| velero-plugin-for-vsphere:v1.2.1 | CVE-2019-18276 CVE-2016-2781 CVE-2020-29562 CVE-2021-40528 CVE-2021-33560 CVE-2021-20231 CVE-2021-20232 CVE-2021-20305 CVE-2021-3580 CVE-2021-3520 CVE-2021-20305 CVE-2021-3580 CVE-2017-11164 CVE-2019-20838 CVE-2020-14155 CVE-2021-33910 CVE-2020-13529 CVE-2018-1000654 CVE-2021-33910 CVE-2020-13529 CVE-2021-24031 CVE-2021-24032 CVE-2013-4235 |
|
| vsphereveleroplugin/backup-driver 1.2.1 | CVE-2020-26160 CVE-2021-3121 CVE-2020-29652 CVE-2020-8565 |
OS Vulnerabilities:
| Packages | CVEs | More Information |
| glibc-i18ndata=2.22-114.19.1 glibc-locale=2.22-114.19.1 glibc=2.22-114.19.1 |
CVE-2021-33574 CVE-2021-3999 CVE-2022-23218 CVE-2022-23219 |
See NVD (http://nvd.nist.gov/) for individual scores for Each CVE |
| file-magic=5.22-10.21.1file=5.22-10.21.1libmagic1=5.22-10.21.1 | CVE-2019-18218 | |
| runc=1.0.3-16.18.1 | CVE-2021-43784 | |
| libpolkit0=0.113-5.27.1 polkit=0.113-5.27.1 |
CVE-2021-4115 | |
| libsnmp30=5.7.3-6.9.1 net-snmp=5.7.3-6.9.1perl-SNMP=5.7.3-6.9.1 snmp-mibs=5.7.3-6.9.1 |
CVE-2020-15862 | |
| libsqlite3-0=3.36.0-9.18.1 | CVE-2015-3414 CVE-2015-3415 CVE-2019-19244 CVE-2019-19317 CVE-2019-19603 CVE-2019-19645 CVE-2019-19646 CVE-2019-19880 CVE-2019-19923 CVE-2019-19924 CVE-2019-19925 CVE-2019-19926 CVE-2019-19959 CVE-2019-20218 CVE-2020-13434 CVE-2020-13435 CVE-2020-13630 CVE-2020-13631 CVE-2020-13632 CVE-2020-15358 CVE-2020-9327 |
|
| cpio-lang=2.11-36.15.1 cpio=2.11-36.15.1 |
CVE-2021-38185 | |
| java-11-openjdk-headless=11.0.13.0-3.36.1 | CVE-2019-2818 CVE-2019-2821 CVE-2019-2977 CVE-2020-14562 CVE-2020-14573 CVE-2020-2655 CVE-2020-2767 CVE-2020-2778 CVE-2020-2816 CVE-2021-2161 CVE-2021-2341 CVE-2021-2369 CVE-2021-2388 CVE-2021-35550 CVE-2021-35556 CVE-2021-35559 CVE-2021-35561 CVE-2021-35564 CVE-2021-35565 CVE-2021-35567 CVE-2021-35578 CVE-2021-35586 CVE-2021-35603 |
|
| libpq5=14.1-3.3.1 postgresql10-server=10.19-4.22.1 postgresql10=10.19-4.22.1 |
CVE-2021-23214CVE-2021-23222 | |
| tcpdump=4.9.2-14.20.1 | CVE-2018-16301 | |
| libgmp10=5.1.3-4.3.1 | CVE-2021-43618 | |
| libpcre1=8.45-8.7.1 | CVE-2017-6004 CVE-2017-7244 CVE-2017-7245 CVE-2019-20838 CVE-2020-14155 |
|
| kernel-default=4.12.14-122.110.1 | CVE-2020-28097 CVE-2021-3564 CVE-2021-39648 CVE-2021-39657 CVE-2021-44733 CVE-2022-0330 CVE-2022-0435 CVE-2022-22942 |
|
| iproute2=4.12-16.6.1 | CVE-2019-20795 | |
| libesmtp=1.0.6-23.2.1 | CVE-2019-19977 | |
| git-core=2.26.2-27.49.3 | CVE-2021-40330 | |
| libp11-kit0=0.23.2-8.3.2p11 -kit-tools=0.23.2-8.3.2p11 -kit=0.23.2-8.3.2 |
CVE-2020-29361 | |
| libruby2_1-2_1=2.1.9-19.6.1 ruby2.1-stdlib=2.1.9-19.6.1 ruby2.1=2.1.9-19.6.1 |
CVE-2020-25613 CVE-2021-31799 CVE-2021-31810 CVE-2021-32066 |
|
| openssh-helpers=7.2p2-78.13.1 openssh=7.2p2-78.13.1 |
CVE-2021-41617 | |
| glib-networking-lang=2.48.2-6.3.1 glib-networking=2.48.2-6.3.1 |
CVE-2020-13645 | |
| docker=20.10.12_ce-98.75.1 | CVE-2021-41089 CVE-2021-41092 CVE-2021-41190 |
|
| gettext-runtime=0.19.2-3.3.6 | CVE-2018-18751 | |
| expat=2.1.0-21.15.1 libexpat1=2.1.0-21.15.1 |
CVE-2022-23852 | |
| libpython3_4m1_0=3.4.10-25.80.2 python3-base=3.4.10-25.80.2 python3=3.4.10-25.80.2 |
CVE-2021-3733 | |
| python36-pip=20.2.4-8.9.1 | CVE-2021-3572 | |
| libpython3_6m1_0=3.6.15-16.2 python36-base=3.6.15-16.2 python36=3.6.15-16.2 |
CVE-2021-3733 CVE-2021-3737 |
|
| libopenssl1_0_0=1.0.2p-3.45.1 libopenssl1_1=1.1.1d-2.54.1 openssl-1_0_0=1.0.2p-3.45.1 |
CVE-2021-3712 | |
| libblkid1=2.33.2-4.11.1 libfdisk1=2.33.2-4.11.1 libmount1=2.33.2-4.11.1 libsmartcols1=2.33.2-4.11.1 libuuid1=2.33.2-4.11.1 util-linux-lang=2.33.2-4.11.1 util-linux-systemd=2.33.2-4.11.1 util-linux=2.33.2-4.11.1 |
CVE-2021-37600 | |
| bind-utils=9.11.22-3.37.1 libbind9-161=9.11.22-3.37.1 libdns1110=9.11.22-3.37.1 libirs161=9.11.22-3.37.1 libisc1107=9.11.22-3.37.1 libisccc161=9.11.22-3.37.1 libisccfg163=9.11.22-3.37.1 liblwres161=9.11.22-3.37.1 python-bind=9.11.22-3.37.1 |
CVE-2021-25219 | |
| libasound2=1.0.27.2-15.1 | CVE-2009-0035 | |
| aide=0.16-20.15.1 | CVE-2021-45417 | |
| libfreebl3-hmac=3.68.2-58.60.1 libfreebl3=3.68.2-58.60.1 libsoftokn3-hmac=3.68.2-58.60.1 libsoftokn3=3.68.2-58.60.1 mozilla-nss-certs=3.68.2-58.60.1 mozilla-nss=3.68.2-58.60.1 |
CVE-2021-43527 | |
| libgraphite2-3=1.3.1-10.3.1 | CVE-2018-7999 | |
| curl=7.60.0-11.34.2libcurl4=7.60.0-11.34.2 | CVE-2021-22947 | |
| libpython2_7-1_0=2.7.18-28.77.1 python-base=2.7.18-28.77.1 python-xml=2.7.18-28.77.1 |
CVE-2019-20907 | |
| containerd=1.4.12-16.49.1 | CVE-2021-41103 CVE-2021-41190 |
|
| libncurses5=5.9-75.1 libncurses6=5.9-75.1 ncurses-utils=5.9-75.1 terminfo-base=5.9-75.1 terminfo=5.9-75.1 |
CVE-2021-39537 |
| Third-party Component | CVEs | More Information |
| XStream1.4.17 | CVE-2021-39141 CVE-2021-39139 CVE-2021-39151 CVE-2021-39150 CVE-2021-39149 CVE-2021-39148 CVE-2021-39154 CVE-2021-39147 CVE-2021-39146 CVE-2021-39145 CVE-2021-39153 CVE-2021-39152 CVE-2021-39140 |
See NVD (http://nvd.nist.gov/) for individual scores for Each CVE |
| Apache Tomcat9.0.50 | CVE-2021-42340 | |
| Kubernetes Client API9.0.2 | CVE-2021-25738 | |
| Netty Project4.1.65.Final | CVE-2021-37137 CVE-2021-37136 |
|
| thymeleaf-spring53.0.12.RELEASE | CVE-2021-43466 | |
| json-smart2.4.2 | CVE-2021-31684 | |
| json-schema0.2.3 | CVE-2021-3918 | |
| Apache Log4j2.13.3 | CVE-2021-44228 CVE-2021-45046 CVE-2021-45105 |
|
| H2 Database Engine 1.4.200 | CVE-2021-23463 | |
| Elasticsearch7.10.2 | CVE-2021-22145 CVE-2021-22144 CVE-2021-22147 CVE-2021-22135 CVE-2021-22134 |
|
| jwt-go v3.2.0 | CVE-2020-26160 | |
| Consul1.1.0 | CVE-2021-37219 CVE-2021-3121 CVE-2021-32574 CVE-2020-7219 CVE-2021-36213 CVE-2021-38698 CVE-2020-25864 CVE-2018-19653 |
|
| etcd 2.0.0 | CVE-2018-1098 CVE-2018-1099 |
|
| etcd 3.3.13 | CVE-2020-15114 CVE-2020-15115 CVE-2020-15136) |
|
| etcd 3.3.10 | CVE-2020-15114 CVE-2020-15115 CVE-2020-15136 |
|
| jwt-gov3.2.0 | CVE-2020-26160 | |
| miekg/dns 1.0.14 | CVE-2019-19794 | |
| velero 1.6.0 | CVE-2016-2781 CVE-2016-10228 CVE-2019-25013 CVE-2020-29562 CVE-2020-27618 CVE-2020-29562 CVE-2021-40528 CVE-2021-33560 CVE-2021-20231 CVE-2021-20232 CVE-2021-20305 CVE-2021-3580 CVE-2021-3520 CVE-2021-20305 CVE-2021-3580 CVE-2017-11164 CVE-2019-20838 CVE-2020-14155 CVE-2021-3711 CVE-2021-33910 CVE-2020-13529 CVE-2018-1000654 CVE-2021-33910 CVE-2020-13529 CVE-2013-4235 CVE-2021-3711 CVE-2021-3712 CVE-2013-4235 CVE-2020-29652 CVE-2021-3121 CVE-2020-29652 CVE-2020-8565 |
|
| velero-plugin-for-vsphere:v1.2.1 | CVE-2019-18276 CVE-2016-2781 CVE-2020-29562 CVE-2021-40528 CVE-2021-33560 CVE-2021-20231 CVE-2021-20232 CVE-2021-20305 CVE-2021-3580 CVE-2021-3520 CVE-2021-20305 CVE-2021-3580 CVE-2017-11164 CVE-2019-20838 CVE-2020-14155 CVE-2021-33910 CVE-2020-13529 CVE-2018-1000654 CVE-2021-33910 CVE-2020-13529 CVE-2021-24031 CVE-2021-24032 CVE-2013-4235 |
|
| vsphereveleroplugin/backup-driver 1.2.1 | CVE-2020-26160 CVE-2021-3121 CVE-2020-29652 CVE-2020-8565 |
OS Vulnerabilities:
| Packages | CVEs | More Information |
| glibc-i18ndata=2.22-114.19.1 glibc-locale=2.22-114.19.1 glibc=2.22-114.19.1 |
CVE-2021-33574 CVE-2021-3999 CVE-2022-23218 CVE-2022-23219 |
See NVD (http://nvd.nist.gov/) for individual scores for Each CVE |
| file-magic=5.22-10.21.1file=5.22-10.21.1libmagic1=5.22-10.21.1 | CVE-2019-18218 | |
| runc=1.0.3-16.18.1 | CVE-2021-43784 | |
| libpolkit0=0.113-5.27.1 polkit=0.113-5.27.1 |
CVE-2021-4115 | |
| libsnmp30=5.7.3-6.9.1 net-snmp=5.7.3-6.9.1perl-SNMP=5.7.3-6.9.1 snmp-mibs=5.7.3-6.9.1 |
CVE-2020-15862 | |
| libsqlite3-0=3.36.0-9.18.1 | CVE-2015-3414 CVE-2015-3415 CVE-2019-19244 CVE-2019-19317 CVE-2019-19603 CVE-2019-19645 CVE-2019-19646 CVE-2019-19880 CVE-2019-19923 CVE-2019-19924 CVE-2019-19925 CVE-2019-19926 CVE-2019-19959 CVE-2019-20218 CVE-2020-13434 CVE-2020-13435 CVE-2020-13630 CVE-2020-13631 CVE-2020-13632 CVE-2020-15358 CVE-2020-9327 |
|
| cpio-lang=2.11-36.15.1 cpio=2.11-36.15.1 |
CVE-2021-38185 | |
| java-11-openjdk-headless=11.0.13.0-3.36.1 | CVE-2019-2818 CVE-2019-2821 CVE-2019-2977 CVE-2020-14562 CVE-2020-14573 CVE-2020-2655 CVE-2020-2767 CVE-2020-2778 CVE-2020-2816 CVE-2021-2161 CVE-2021-2341 CVE-2021-2369 CVE-2021-2388 CVE-2021-35550 CVE-2021-35556 CVE-2021-35559 CVE-2021-35561 CVE-2021-35564 CVE-2021-35565 CVE-2021-35567 CVE-2021-35578 CVE-2021-35586 CVE-2021-35603 |
|
| libpq5=14.1-3.3.1 postgresql10-server=10.19-4.22.1 postgresql10=10.19-4.22.1 |
CVE-2021-23214CVE-2021-23222 | |
| tcpdump=4.9.2-14.20.1 | CVE-2018-16301 | |
| libgmp10=5.1.3-4.3.1 | CVE-2021-43618 | |
| libpcre1=8.45-8.7.1 | CVE-2017-6004 CVE-2017-7244 CVE-2017-7245 CVE-2019-20838 CVE-2020-14155 |
|
| kernel-default=4.12.14-122.110.1 | CVE-2020-28097 CVE-2021-3564 CVE-2021-39648 CVE-2021-39657 CVE-2021-44733 CVE-2022-0330 CVE-2022-0435 CVE-2022-22942 |
|
| iproute2=4.12-16.6.1 | CVE-2019-20795 | |
| libesmtp=1.0.6-23.2.1 | CVE-2019-19977 | |
| git-core=2.26.2-27.49.3 | CVE-2021-40330 | |
| libp11-kit0=0.23.2-8.3.2p11 -kit-tools=0.23.2-8.3.2p11 -kit=0.23.2-8.3.2 |
CVE-2020-29361 | |
| libruby2_1-2_1=2.1.9-19.6.1 ruby2.1-stdlib=2.1.9-19.6.1 ruby2.1=2.1.9-19.6.1 |
CVE-2020-25613 CVE-2021-31799 CVE-2021-31810 CVE-2021-32066 |
|
| openssh-helpers=7.2p2-78.13.1 openssh=7.2p2-78.13.1 |
CVE-2021-41617 | |
| glib-networking-lang=2.48.2-6.3.1 glib-networking=2.48.2-6.3.1 |
CVE-2020-13645 | |
| docker=20.10.12_ce-98.75.1 | CVE-2021-41089 CVE-2021-41092 CVE-2021-41190 |
|
| gettext-runtime=0.19.2-3.3.6 | CVE-2018-18751 | |
| expat=2.1.0-21.15.1 libexpat1=2.1.0-21.15.1 |
CVE-2022-23852 | |
| libpython3_4m1_0=3.4.10-25.80.2 python3-base=3.4.10-25.80.2 python3=3.4.10-25.80.2 |
CVE-2021-3733 | |
| python36-pip=20.2.4-8.9.1 | CVE-2021-3572 | |
| libpython3_6m1_0=3.6.15-16.2 python36-base=3.6.15-16.2 python36=3.6.15-16.2 |
CVE-2021-3733 CVE-2021-3737 |
|
| libopenssl1_0_0=1.0.2p-3.45.1 libopenssl1_1=1.1.1d-2.54.1 openssl-1_0_0=1.0.2p-3.45.1 |
CVE-2021-3712 | |
| libblkid1=2.33.2-4.11.1 libfdisk1=2.33.2-4.11.1 libmount1=2.33.2-4.11.1 libsmartcols1=2.33.2-4.11.1 libuuid1=2.33.2-4.11.1 util-linux-lang=2.33.2-4.11.1 util-linux-systemd=2.33.2-4.11.1 util-linux=2.33.2-4.11.1 |
CVE-2021-37600 | |
| bind-utils=9.11.22-3.37.1 libbind9-161=9.11.22-3.37.1 libdns1110=9.11.22-3.37.1 libirs161=9.11.22-3.37.1 libisc1107=9.11.22-3.37.1 libisccc161=9.11.22-3.37.1 libisccfg163=9.11.22-3.37.1 liblwres161=9.11.22-3.37.1 python-bind=9.11.22-3.37.1 |
CVE-2021-25219 | |
| libasound2=1.0.27.2-15.1 | CVE-2009-0035 | |
| aide=0.16-20.15.1 | CVE-2021-45417 | |
| libfreebl3-hmac=3.68.2-58.60.1 libfreebl3=3.68.2-58.60.1 libsoftokn3-hmac=3.68.2-58.60.1 libsoftokn3=3.68.2-58.60.1 mozilla-nss-certs=3.68.2-58.60.1 mozilla-nss=3.68.2-58.60.1 |
CVE-2021-43527 | |
| libgraphite2-3=1.3.1-10.3.1 | CVE-2018-7999 | |
| curl=7.60.0-11.34.2libcurl4=7.60.0-11.34.2 | CVE-2021-22947 | |
| libpython2_7-1_0=2.7.18-28.77.1 python-base=2.7.18-28.77.1 python-xml=2.7.18-28.77.1 |
CVE-2019-20907 | |
| containerd=1.4.12-16.49.1 | CVE-2021-41103 CVE-2021-41190 |
|
| libncurses5=5.9-75.1 libncurses6=5.9-75.1 ncurses-utils=5.9-75.1 terminfo-base=5.9-75.1 terminfo=5.9-75.1 |
CVE-2021-39537 |
Affected Products & Remediation
| Product | Affected Versions | Updated Versions | Link to Update |
| Dell EMC PowerProtect Data Manager | 19.9 and earlier | 19.10 and later | PPDM 19.10 drivers and downloads |
| Product | Affected Versions | Updated Versions | Link to Update |
| Dell EMC PowerProtect Data Manager | 19.9 and earlier | 19.10 and later | PPDM 19.10 drivers and downloads |
Workarounds & Mitigations
None.
Revision History
| Revision | Date | Description |
| 1.0 | 2022-03-29 | Initial Release |
| 2.0 | 2022-05-11 | OS CVEs added |
Related Information
Legal Disclaimer
Affected Products
PowerProtect Data Manager, Product Security InformationArticle Properties
Article Number: 000197865
Article Type: Dell Security Advisory
Last Modified: 11 May 2022
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.