DSA-2019-201: Dell Avamar and NetWorker Security Update for Multiple Third Component Vulnerabilities
Summary: Multiple components within Dell Avamar and NetWorker require a security update to address various vulnerabilities.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Impact
Critical
Details
Summary:
Multiple components within Dell Avamar and NetWorker require a security update to address various vulnerabilities.
Note:
The CVEs addressed by this security update are listed in the Release Notes. The Release Notes list not only the new CVEs addressed by this update, but all the past CVEs in this cumulative update
For Dell Avamar Servers running SUSE Linux Enterprise 11 SP1 or SP3, that the OS versions are end of life, the security update only addresses CVEs which SUSE addresses and updates some third party packages, such as JRE and Tomcat. It is recommended to upgrade Avamar servers to SUSE Linux Enterprise 11 SP4 prior to applying the OS Security Update.
This security patch is security updates for various third-party software components installed on the Avamar and NetWorker nodes. The patch addresses multiple security vulnerabilities in those components. The patch applies to all Avamar and NetWorker Products running on the SLES platforms listed above. The products include Avamar single-node servers, multi-node servers, accelerator nodes, Avamar Virtual Edition systems, NetWorker Virtual Edition systems, Avamar Combined Proxy, Avamar Plug-in for vCloud Director.
This security patch also updates Java JRE to version 8u231 for Avamar Server 7.3 and later, Avamar Proxy 7.5.0 and later, NetWorker Virtual Edition 9.0 and later, Dell vCloud Director Data Protection Extension versions 2.0.4 (Deprecated since 2019 R4) and later, Dell Avamar NDMP Accelerator 7.3 and later.
This security patch also updates Tomcat to version 8.5.46 for Avamar Server 7.3 and later.
See NVD (http://nvd.nist.gov/) for individual scores for each CVE.
This security patch also updates Java JRE to version 8u231 for Avamar Server 7.3 and later, Avamar Proxy 7.5.0 and later, NetWorker Virtual Edition 9.0 and later, Dell vCloud Director Data Protection Extension versions 2.0.4 (Deprecated since 2019 R4) and later, Dell Avamar NDMP Accelerator 7.3 and later.
This security patch also updates Tomcat to version 8.5.46 for Avamar Server 7.3 and later.
See NVD (http://nvd.nist.gov/) for individual scores for each CVE.
This security patch is security updates for various third-party software components installed on the Avamar and NetWorker nodes. The patch addresses multiple security vulnerabilities in those components. The patch applies to all Avamar and NetWorker Products running on the SLES platforms listed above. The products include Avamar single-node servers, multi-node servers, accelerator nodes, Avamar Virtual Edition systems, NetWorker Virtual Edition systems, Avamar Combined Proxy, Avamar Plug-in for vCloud Director.
This security patch also updates Java JRE to version 8u231 for Avamar Server 7.3 and later, Avamar Proxy 7.5.0 and later, NetWorker Virtual Edition 9.0 and later, Dell vCloud Director Data Protection Extension versions 2.0.4 (Deprecated since 2019 R4) and later, Dell Avamar NDMP Accelerator 7.3 and later.
This security patch also updates Tomcat to version 8.5.46 for Avamar Server 7.3 and later.
See NVD (http://nvd.nist.gov/) for individual scores for each CVE.
This security patch also updates Java JRE to version 8u231 for Avamar Server 7.3 and later, Avamar Proxy 7.5.0 and later, NetWorker Virtual Edition 9.0 and later, Dell vCloud Director Data Protection Extension versions 2.0.4 (Deprecated since 2019 R4) and later, Dell Avamar NDMP Accelerator 7.3 and later.
This security patch also updates Tomcat to version 8.5.46 for Avamar Server 7.3 and later.
See NVD (http://nvd.nist.gov/) for individual scores for each CVE.
Affected Products & Remediation
Affected products:
-
Dell Avamar Server hardware appliance Gen4S with versions 7.3 and later running SUSE Linux Enterprise 11 SP1
-
Dell Avamar Server hardware appliance Gen4T with versions 7.3 and later running SUSE Linux Enterprise 11 SP3
-
Dell Avamar Server hardware appliance Gen4S or Gen4T with versions 7.3 and later running SUSE Linux Enterprise 11 SP4
-
Dell Avamar Virtual Edition versions 7.3 and later running SUSE Linux Enterprise 11 SP3
-
Dell Avamar Virtual Edition versions 7.3 and later running SUSE Linux Enterprise 11 SP4 (including Azure and AWS deployments since 7.5.1)
-
Dell Avamar Virtual Edition versions 19.2 and later running SUSE Linux Enterprise 12 SP4 (including Azure and AWS deployments)
-
Dell Avamar NDMP Accelerator 7.3 and later running SUSE Linux Enterprise 11 SP1, SP3, and SUSE Linux Enterprise 12 SP4
-
Dell Avamar VMware Image Proxy versions 7.3 and later running SUSE Linux Enterprise 11 SP1 or SUSE Linux Enterprise 11 SP3
-
Dell Avamar VMware Image Proxy versions 7.5.1 and later running SUSE Linux Enterprise 12 SP1
-
Dell NetWorker Virtual Edition (NVE) versions 9.0.x, 9.1.x, 9.2.x, and 18.x and later running SUSE Linux Enterprise 11 SP3 or SP4
-
Dell vCloud Director Data Protection Extension versions 2.0.3 and later running SUSE Linux Enterprise 11 SP3
-
Dell Integrated Data Protection Appliance (IDPA) 2.0, 2.1, 2.2, 2.3, and 2.4
Resolution:
Apply the platform security patch to Avamar software version 7.3 and later and NetWorker Virtual Edition. The following platform security patch packages are now available to be installed:
Avamar SW:
SLES11 SP3 or SP4 NVE:
The Security Update for Avamar Virtual Edition and NetWorker Virtual Edition is customer installable. See Link to Remedies below for download and installation instructions.
Installation for all other Avamar affected products should be performed by qualified Avamar Support Engineers.
The installation process requires shutting down the server software, rebooting all the nodes, and restarting the server software, and so appropriate time must be scheduled and allocated to perform this full process.
Dell strongly recommends that all customers upgrade at the earliest opportunity.
To schedule platform security patch installation, or to upgrade your server, contact Dell Customer Support at https://www.dell.com/support/home/.
See the following Dell articles for Security Update (Rollup) Installation instructions:
-
169784: Avamar Virtual Edition, NetWorker Virtual Appliance: How to Install the Avamar Platform Security Rollup for Avamar Virtual Edition. (Only registered Dell Customers can access the content on the article link using Dell.com/support)
-
52627: NetWorker Virtual Edition (NVE): How to Install the Platform Security Rollup for NetWorker Virtual Edition.
Read more in the Release Notes:
Affected products:
-
Dell Avamar Server hardware appliance Gen4S with versions 7.3 and later running SUSE Linux Enterprise 11 SP1
-
Dell Avamar Server hardware appliance Gen4T with versions 7.3 and later running SUSE Linux Enterprise 11 SP3
-
Dell Avamar Server hardware appliance Gen4S or Gen4T with versions 7.3 and later running SUSE Linux Enterprise 11 SP4
-
Dell Avamar Virtual Edition versions 7.3 and later running SUSE Linux Enterprise 11 SP3
-
Dell Avamar Virtual Edition versions 7.3 and later running SUSE Linux Enterprise 11 SP4 (including Azure and AWS deployments since 7.5.1)
-
Dell Avamar Virtual Edition versions 19.2 and later running SUSE Linux Enterprise 12 SP4 (including Azure and AWS deployments)
-
Dell Avamar NDMP Accelerator 7.3 and later running SUSE Linux Enterprise 11 SP1, SP3, and SUSE Linux Enterprise 12 SP4
-
Dell Avamar VMware Image Proxy versions 7.3 and later running SUSE Linux Enterprise 11 SP1 or SUSE Linux Enterprise 11 SP3
-
Dell Avamar VMware Image Proxy versions 7.5.1 and later running SUSE Linux Enterprise 12 SP1
-
Dell NetWorker Virtual Edition (NVE) versions 9.0.x, 9.1.x, 9.2.x, and 18.x and later running SUSE Linux Enterprise 11 SP3 or SP4
-
Dell vCloud Director Data Protection Extension versions 2.0.3 and later running SUSE Linux Enterprise 11 SP3
-
Dell Integrated Data Protection Appliance (IDPA) 2.0, 2.1, 2.2, 2.3, and 2.4
Resolution:
Apply the platform security patch to Avamar software version 7.3 and later and NetWorker Virtual Edition. The following platform security patch packages are now available to be installed:
Avamar SW:
SLES11 SP3 or SP4 NVE:
The Security Update for Avamar Virtual Edition and NetWorker Virtual Edition is customer installable. See Link to Remedies below for download and installation instructions.
Installation for all other Avamar affected products should be performed by qualified Avamar Support Engineers.
The installation process requires shutting down the server software, rebooting all the nodes, and restarting the server software, and so appropriate time must be scheduled and allocated to perform this full process.
Dell strongly recommends that all customers upgrade at the earliest opportunity.
To schedule platform security patch installation, or to upgrade your server, contact Dell Customer Support at https://www.dell.com/support/home/.
See the following Dell articles for Security Update (Rollup) Installation instructions:
-
169784: Avamar Virtual Edition, NetWorker Virtual Appliance: How to Install the Avamar Platform Security Rollup for Avamar Virtual Edition. (Only registered Dell Customers can access the content on the article link using Dell.com/support)
-
52627: NetWorker Virtual Edition (NVE): How to Install the Platform Security Rollup for NetWorker Virtual Edition.
Read more in the Release Notes:
Workarounds & Mitigations
None
Revision History
|
Revision |
Date |
Description |
|
1.0 |
2019-12-18 |
Initial Release |
| 1.1 | 2021-11-03 | Updated Product Tagging |
Related Information
Legal Disclaimer
Affected Products
Avamar, Avamar Client, Avamar Client for VMware, Avamar Client for Windows, Avamar Data Migration Enabler, Avamar Data Store, Avamar Data Transport, Avamar Desktop/Laptop Option, Avamar Extended Retention, Avamar Media Access Node, Avamar Plug-in
, Avamar REST API, Avamar Server, Avamar Virtual Edition, Backup & Recovery Manager Avamar, PowerProtect Data Protection Software, Integrated Data Protection Appliance Family, PowerProtect Data Protection Hardware, Integrated Data Protection Appliance Software, Multiple Systems Management, NetWorker, OpenStack Data Protection Extension, Product Security Information, vRealize Data Protection Extension for Avamar
...
Article Properties
Article Number: 000153697
Article Type: Dell Security Advisory
Last Modified: 19 Sept 2025
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.