Article Number: 000202650
DSA-2022-105: Dell Avamar Server and Avamar Virtual Edition Security Update for Apache Struts2 Vulnerability
Summary: Dell Avamar Server and Avamar Virtual Edition remediation is available for the Apache Struts2 Vulnerability that may be exploited by malicious users to compromise the affected system.
Article Content
Impact
Critical
Details
| Third-party Component | CVE | More information |
| Apache Struts2 | CVE-2020-17530 | https://nvd.nist.gov/vuln/detail/CVE-2020-17530 |
| Third-party Component | CVE | More information |
| Apache Struts2 | CVE-2020-17530 | https://nvd.nist.gov/vuln/detail/CVE-2020-17530 |
Affected Products and Remediation
| Product | Affected Versions | Updated Versions | Update Link |
| Avamar Server, Avamar Virtual Edition | 19.3 and 19.4 | 19.7 | Support for Avamar Server | Drivers & Downloads |
| PowerProtect DP Series Appliance and Integrated Data Protection Appliance | 2.7.x (Includes Protection Software Avamar version 19.4). | 2.7.2 or later with 19.4 MC Hotfix | Avamar 19.4 MC Cumulative Hotfix for Avamar Server and Avamar Virtual Edition November 2022 (Hotfix 337055) |
| 2.6.x (Includes Protection Software Avamar 19.3). | Apply Protection Software Avamar MC hotfix that is expected to be available for 19.3. | Links will be available once the hotfix is released. |
NOTE: The next Avamar 19.3 MC hotfix will include a fix for the Apache struts vulnerability issue.
For Integration Data Protection Appliance systems, update to Integration Data Protection Appliance 2.7.2 first before applying the MC Hotfix on Backup Server.
For Integration Data Protection Appliance systems, update to Integration Data Protection Appliance 2.7.2 first before applying the MC Hotfix on Backup Server.
| Product | Affected Versions | Updated Versions | Update Link |
| Avamar Server, Avamar Virtual Edition | 19.3 and 19.4 | 19.7 | Support for Avamar Server | Drivers & Downloads |
| PowerProtect DP Series Appliance and Integrated Data Protection Appliance | 2.7.x (Includes Protection Software Avamar version 19.4). | 2.7.2 or later with 19.4 MC Hotfix | Avamar 19.4 MC Cumulative Hotfix for Avamar Server and Avamar Virtual Edition November 2022 (Hotfix 337055) |
| 2.6.x (Includes Protection Software Avamar 19.3). | Apply Protection Software Avamar MC hotfix that is expected to be available for 19.3. | Links will be available once the hotfix is released. |
NOTE: The next Avamar 19.3 MC hotfix will include a fix for the Apache struts vulnerability issue.
For Integration Data Protection Appliance systems, update to Integration Data Protection Appliance 2.7.2 first before applying the MC Hotfix on Backup Server.
For Integration Data Protection Appliance systems, update to Integration Data Protection Appliance 2.7.2 first before applying the MC Hotfix on Backup Server.
Revision History
| Revision | Date | Description | |
| 1.0 | 2022-08-12 | Initial Release | |
| 2.0 | 2022-09-01 | Added prior releases note and added TBD for affected version. | |
| 3.0 | 2022-09-07 | Note about next MC ETA | |
| 4.0 | 2022-11-09 | Minor Change (Affected Version Column and Note) | |
| 5.0 | 2022-12-12 | Changes in Updated Links Column and Notes Section | |
| 6.0 | 2023-03-01 | Minor Changes in Summary and Title |
Related Information
Legal Information
Article Properties
Affected Product
PowerProtect Data Protection Appliance, Avamar Server, Avamar Virtual Edition, PowerProtect Data Protection Software, Integrated Data Protection Appliance Family, PowerProtect Data Protection Hardware, Integrated Data Protection Appliance Software
, PowerProtect Software, Product Security Information
...
Last Published Date
10 Mar 2023
Version
8
Article Type
Dell Security Advisory