DSA-2023-127: Dell PowerProtect Data Manager Security Update for Multiple Security Vulnerabilities
Summary: Dell PowerProtect Data Manager remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Impact
Critical
Details
Operating System Components CVE Details:
PPDM Core
PPDM-UI
PPDM Cloud Disaster Recovery
PPDM Kubernetes cProxy
PPDM Native Reporting
Cloud Snapshot Manager
PPDM AppAgents
| Third Party Component | CVEs | More Information |
| libpython3_6m1_0=3.6.15-32.2 python36-base=3.6.15-32.2 python36=3.6.15-32.2 |
CVE-2022-37454 | See NVD ( http://nvd.nist.gov/)  for individual scores for Each CVE |
| bind-utils=9.11.22-3.43.1 libbind9-161=9.11.22-3.43.1 libdns1110=9.11.22-3.43.1 libirs161=9.11.22-3.43.1 libisc1107=9.11.22-3.43.1 libisccc161=9.11.22-3.43.1 libisccfg163=9.11.22-3.43.1 liblwres161=9.11.22-3.43.1 python-bind=9.11.22-3.43.1 |
CVE-2022-2795 CVE-2022-38177 CVE-2022-38178 |
|
| tar-lang=1.27.1-15.18.1 tar=1.27.1-15.18.1 |
CVE-2022-48303 | |
| samba-client-libs=4.15.13+git.534.0d9f8ece26-3.77.1 samba-libs-python3=4.15.13+git.534.0d9f8ece26-3.77.1 samba-libs=4.15.13+git.534.0d9f8ece26-3.77.1 |
CVE-2021-20251 CVE-2022-38023 |
|
| libtirpc-netconfig=1.0.1-17.24.1 libtirpc3=1.0.1-17.24.1 |
CVE-2021-46828 | |
| dbus-1-x11=1.8.22-41.1 dbus-1=1.8.22-41.1 libdbus-1-3=1.8.22-41.1 |
CVE-2022-42010 | |
| libopenssl1_0_0=1.0.2p-3.64.1 libopenssl1_1=1.1.1d-2.75.1 openssl-1_0_0=1.0.2p-3.64.1 |
CVE-2023-0286 | |
| libsqlite3-0=3.39.3-9.26.1 sqlite3-tcl=3.39.3-9.26.1 |
CVE-2022-46908 | |
| libmspack0=0.4-15.13.1 | CVE-2018-18586 | |
| glibc-i18ndata=2.22-114.22.1 glibc-locale=2.22-114.22.1 glibc=2.22-114.22.1 |
CVE-2015-8985 | |
| emacs-info=24.3-25.9.1 emacs-nox=24.3-25.9.1 emacs=24.3-25.9.1 etags=24.3-25.9.1 |
CVE-2022-45939 | |
| git-core=2.26.2-27.66.1 | CVE-2023-22490 | |
| grub2-i386-pc=2.02-156.1 grub2-snapper-plugin=2.02-156.1 grub2-systemd-sleep-plugin=2.02-156.1 grub2=2.02-156.1 |
CVE-2022-2601 CVE-2022-3775 |
|
| expat=2.1.0-21.28.1 libexpat1=2.1.0-21.28.1 |
CVE-2022-43680 | |
| libxml2-2=2.9.4-46.59.2 libxml2-tools=2.9.4-46.59.2 |
CVE-2022-40303 | |
| python3-setuptools=40.6.2-4.21.1 python36-setuptools=44.1.1-8.6.1 |
CVE-2022-40897 | |
| libpython3_4m1_0=3.4.10-25.105.1 python3-base=3.4.10-25.105.1 |
CVE-2022-40899 | |
| w3m=0.5.3.git20161120-161.6.1 | CVE-2022-38223 | |
| containerd=1.6.12-16.68.1 | CVE-2022-23471 CVE-2022-27191 |
|
| libX11-6=1.6.2-12.24.1 libX11-data=1.6.2-12.24.1 |
CVE-2022-3554 CVE-2022-3555 |
|
| libsnmp30=5.7.3-11.6.1 net-snmp=5.7.3-11.6.1 perl-SNMP=5.7.3-11.6.1 snmp-mibs=5.7.3-11.6.1 |
CVE-2022-44793 | |
| vim-data-common=9.0.1234-17.12.1 vim-data=9.0.1234-17.12.1 vim=9.0.1234-17.12.1 |
CVE-2021-3928 CVE-2022-3234 CVE-2022-3235 CVE-2022-3324 CVE-2022-3491 CVE-2022-3520 CVE-2022-3591 CVE-2022-3705 CVE-2022-4141 CVE-2022-4292 CVE-2022-4293 CVE-2023-0049 CVE-2023-0051 CVE-2023-0054 CVE-2023-0288 CVE-2023-0433 |
|
| rpm=4.11.2-16.26.1 | CVE-2021-20271 CVE-2021-3421 |
|
| java-11-openjdk-headless=11.0.18.0-3.52.1 | CVE-2022-21618 CVE-2022-21619 CVE-2022-21624 CVE-2022-21626 CVE-2022-21628 CVE-2022-39399 CVE-2023-21835 CVE-2023-21843 |
|
| libfreebl3-hmac=3.79.4-58.94.1 libfreebl3=3.79.4-58.94.1 libsoftokn3-hmac=3.79.4-58.94.1 libsoftokn3=3.79.4-58.94.1 mozilla-nss-certs=3.79.4-58.94.1 mozilla-nss=3.79.4-58.94.1 |
CVE-2022-23491 CVE-2022-3479 CVE-2023-0767 |
|
| krb5=1.12.5-40.46.1 | CVE-2022-42898 | |
| sudo=1.8.27-4.33.1 | CVE-2023-22809 | |
| libpython2_7-1_0=2.7.18-33.17.1 python-base=2.7.18-33.17.1 python-xml=2.7.18-33.17.1 python3=3.4.10-25.105.1 |
CVE-2022-45061 | |
| libksba8=1.3.0-24.6.1 | CVE-2022-47629 | |
| curl=7.60.0-11.55.1 libcurl4=7.60.0-11.55.1 |
CVE-2023-23916 | |
| libsystemd0=228-157.49.1 libudev1=228-157.49.1 systemd-bash-completion=228-157.49.1 systemd-sysvinit=228-157.49.1 systemd=228-157.49.1 udev=228-157.49.1 |
CVE-2022-4415 | |
| ucode-intel=20230214-3.49.1 | CVE-2022-21216 CVE-2022-33196 CVE-2022-38090 |
|
| libtasn1-6=4.9-3.13.1 libtasn1=4.9-3.13.1 |
CVE-2021-46848 | |
| python3-py=1.8.1-11.15.2 | CVE-2020-29651 CVE-2022-42969 |
|
| kernel-default=4.12.14-122.147.1 | CVE-2023-23454 | |
| libdb-4_8=4.8.30-33.1 | CVE-2019-2708 | |
| dhcp-client=4.3.3-10.28.1 dhcp=4.3.3-10.28.1 |
CVE-2022-2928 CVE-2022-2929 |
|
| kpartx=0.7.9+232+suse.cbc3754-3.14.1 | CVE-2022-41973 | |
| libpq5=15.2-3.6.1 postgresql14-server=14.7-3.20.1 postgresql14=14.7-3.20.1 |
CVE-2022-41862 |
PPDM Core
| Third Party Component | CVEs | More Information |
| jettison-1.1/jettison-1.4 Jettison - Json Stax implementation1.1 |
CVE-2022-40149 CVE-2022-40150 |
See NVD ( http://nvd.nist.gov/) for individual scores for Each CVE |
| XStream1.4.19 | CVE-2022-40151 CVE-2022-40152 CVE-2022-41966 |
|
| snakeyaml-1.30 | CVE-2022-25857 | |
| jackson-databind2.13.4 | CVE-2022-42003 | |
| Apache Commons JXPath1.3 | CVE-2022-41852 CVE-2022-40159 CVE-2022-40157 CVE-2022-40160 CVE-2022-40161 CVE-2022-40158 |
|
| Apache Commons Text1.9 | CVE-2022-42889 | |
| Spring Security5.7.4 | CVE-2022-31692 CVE-2022-31690 |
|
| PostgreSQL JDBC Driver (pgjdbc)42.4.2 | CVE-2022-41946 | |
| zip4j 2.10.0/zip4j 2.11.2 | CVE-2023-22899 |
PPDM-UI
| Third-Party Component | CVEs | More Information |
| engine io 6.2.0 | CVE-2022-41940 | See NVD ( http://nvd.nist.gov/) for individual scores for Each CVE |
| glob-parent 5.1.2 | CVE-2020-28469 | |
| jszip 3.7.1 | CVE-2022-48285 | |
| minimatch 3.0.4 | CVE-2022-3517 | |
| qs 6.5.2 | CVE-2022-24999 | |
| sindresorhus/got 9.6.0 | CVE-2021-33502 | |
| socket io-parser 4.0.4 | CVE-2022-2421 | |
| terser 5.11.0 | CVE-2022-25858 |
PPDM Cloud Disaster Recovery
| Third Party Component | CVEs | More Information |
| Spring Security 5.5.7 | CVE-2022-31690 | See NVD ( http://nvd.nist.gov/) for individual scores for Each CVE |
| jackson-databind 2.13.4 | CVE-2022-42003 | |
| spring_framework_version 5.3.23 | CVE-2016-1000027 | |
| snake_yaml_version 1.31 | CVE-2022-41854 CVE-2022-38752 |
|
| jettison_version 1.5.1 | CVE-2022-45693 CVE-2022-45685 |
|
| hsql 2.6.1 | CVE-2022-41853 |
PPDM Kubernetes cProxy
| Third Party Component | CVEs | More Information |
| curl <v7.88.0 | CVE-2023-23916 | See NVD ( http://nvd.nist.gov/) for individual scores for Each CVE |
| GNU Tar 1.27.1-15.15.1 | CVE-2022-48303 |
PPDM Native Reporting
| Third Party Component | CVEs | More Information |
| Apache POI 2.5.1/Apache POI 3.10-beta2 | CVE-2017-12626 CVE-2019-12415 CVE-2016-5000 CVE-2022-26336 CVE-2017-5644 CVE-2012-0213 CVE-2014-9527 CVE-2014-3574 CVE-2014-3529 |
See NVD ( http://nvd.nist.gov/) for individual scores for Each CVE |
| BeanShell 2.0b4 | CVE-2016-2510 | |
| Jsoup 1.7.3 | CVE-2021-37714 CVE-2022-36033 CVE-2015-6748 |
|
| libplexus-utils 2.0.5/ libplexus-utils 1.5.15 | CVE-2017-1000487 | |
| Maven Shared Utils 0.1 Maven Shared Utils 0.4 Maven Shared Utils 0.7 |
CVE-2022-29599 | |
| XMLBeans 2.3.0 | CVE-2021-23926 |
Cloud Snapshot Manager
| Third Party Component | CVEs | More Information |
| cryptiles 3.1.2 | CVE-2018-1000620 | See NVD ( http://nvd.nist.gov/) for individual scores for Each CVE |
| deep-extend 0.4.2 | CVE-2018-3750 | |
| extend 3.0.1 | CVE-2018-16492 CVE-2018-16492 |
|
| Handlebars.js 4.0.11 | CVE-2021-23369 CVE-2021-23383 CVE-2019-19919 |
|
| json-schema 0.2.3 | CVE-2021-3918 | |
| knex 0.14.6 | CVE-2019-10757 CVE-2019-10757 |
|
| Lodash 4.17.10 | CVE-2019-10744 CVE-2021-23337 |
|
| minimist 1.2.0 | CVE-2021-44906 | |
| mixin-deep 1.3.1 | CVE-2019-10746 | |
| set-value 0.4.3 | CVE-2021-23440 CVE-2019-10747 |
|
| y18n 4.0.0 | CVE-2020-7774 | |
| yeikos/js.merge 1.2.0 | CVE-2020-28499 | |
| ansi-regex 4.1.0 | CVE-2021-3807 | |
| Async 2.6.0 | CVE-2021-43138 | |
| axios 0.18.1 | CVE-2021-3749 | |
| dicer 0.2.5 | CVE-2022-24434 | |
| dot-prop 4.2.0 | CVE-2020-8116 | |
| doTJS v1.1.2 | CVE-2020-8141 | |
| glob-parent 2.0.0 | CVE-2020-28469 | |
| hueniverse/hawk 6.0.2 | CVE-2022-29167 | |
| ini 1.3.5 | CVE-2020-7788 | |
| kind-of 6.0.2 | CVE-2019-20149 | |
| knowledgecode/date-and-time 0.11.1 | CVE-2020-26289 | |
| moment/moment 2.24.0 | CVE-2022-24785 CVE-2022-31129 |
|
| node-forge 0.8.4 | CVE-2022-24771 CVE-2022-24772 CVE-2020-7720 |
|
| Nodemailerv 6.4.18 | CVE-2021-23400 | |
| path-parse 1.0.5 | CVE-2021-23343 | |
| pathval 1.1.0 | CVE-2020-7751 | |
| redis 2.8.0 | CVE-2021-29469 | |
| simple-getv 3.1.0 | CVE-2022-0355 | |
| tar v4.4.10 | CVE-2021-32803 CVE-2021-32804 CVE-2021-37701 CVE-2021-37712 CVE-2021-37713 |
|
| tmpl 1.0.4 | CVE-2021-3777 | |
| Underscore.js 1.9.1 | CVE-2021-23358 | |
| validator.js 9.4.1 | CVE-2021-3765 | |
| ajv 5.5.2 | CVE-2020-15366 | |
| bl 4.0.2 | CVE-2020-8244 | |
| debug-js/debug 2.2.0 | CVE-2017-16137 | |
| follow-redirects 1.7.0 | CVE-2022-0155 CVE-2022-0536 |
|
| hosted-git-info 2.7.1 | CVE-2021-23362 | |
| jszip 3.2.2 | CVE-2021-21366 CVE-2021-32796 |
|
| micromatch/braces 1.8.5 | CVE-2018-1109 | |
| mikaelbr/node-notifier 5.2.1 | CVE-2020-7789 | |
| node-fetch 2.6.0 | CVE-2020-15168 CVE-2022-0235 |
|
| Passport.js 0.3.2 | CVE-2022-25896 | |
| randomatic 1.1.7 | CVE-2017-16028 | |
| stringstream 0.0.5 | CVE-2018-21270 | |
| undefsafe 2.0.2 | CVE-2019-10795 | |
| xmldom 0.1.27 | CVE-2021-21366 CVE-2021-32796 |
|
| yargs-parser 2.4.1 | CVE-2020-7608 | |
| Chownr 1.0.1 | CVE-2017-18869 |
PPDM AppAgents
| Third Party Component | CVEs | More Information |
| SQLite 3.38.1 SQLite 3.39.4 |
CVE-2022-35737 CVE-2022-46908 |
See NVD ( http://nvd.nist.gov/) for individual scores for Each CVE |
| Zlib 1.2.11 | CVE-2022-37434 CVE-2018-25032 |
|
| Libxml 2.9.14 | CVE-2022-40304 CVE-2022-40303 |
|
| Libcurl 7.86 | CVE-2022-43551 CVE-2022-43552 |
Operating System Components CVE Details:
PPDM Core
PPDM-UI
PPDM Cloud Disaster Recovery
PPDM Kubernetes cProxy
PPDM Native Reporting
Cloud Snapshot Manager
PPDM AppAgents
| Third Party Component | CVEs | More Information |
| libpython3_6m1_0=3.6.15-32.2 python36-base=3.6.15-32.2 python36=3.6.15-32.2 |
CVE-2022-37454 | See NVD ( http://nvd.nist.gov/) for individual scores for Each CVE |
| bind-utils=9.11.22-3.43.1 libbind9-161=9.11.22-3.43.1 libdns1110=9.11.22-3.43.1 libirs161=9.11.22-3.43.1 libisc1107=9.11.22-3.43.1 libisccc161=9.11.22-3.43.1 libisccfg163=9.11.22-3.43.1 liblwres161=9.11.22-3.43.1 python-bind=9.11.22-3.43.1 |
CVE-2022-2795 CVE-2022-38177 CVE-2022-38178 |
|
| tar-lang=1.27.1-15.18.1 tar=1.27.1-15.18.1 |
CVE-2022-48303 | |
| samba-client-libs=4.15.13+git.534.0d9f8ece26-3.77.1 samba-libs-python3=4.15.13+git.534.0d9f8ece26-3.77.1 samba-libs=4.15.13+git.534.0d9f8ece26-3.77.1 |
CVE-2021-20251 CVE-2022-38023 |
|
| libtirpc-netconfig=1.0.1-17.24.1 libtirpc3=1.0.1-17.24.1 |
CVE-2021-46828 | |
| dbus-1-x11=1.8.22-41.1 dbus-1=1.8.22-41.1 libdbus-1-3=1.8.22-41.1 |
CVE-2022-42010 | |
| libopenssl1_0_0=1.0.2p-3.64.1 libopenssl1_1=1.1.1d-2.75.1 openssl-1_0_0=1.0.2p-3.64.1 |
CVE-2023-0286 | |
| libsqlite3-0=3.39.3-9.26.1 sqlite3-tcl=3.39.3-9.26.1 |
CVE-2022-46908 | |
| libmspack0=0.4-15.13.1 | CVE-2018-18586 | |
| glibc-i18ndata=2.22-114.22.1 glibc-locale=2.22-114.22.1 glibc=2.22-114.22.1 |
CVE-2015-8985 | |
| emacs-info=24.3-25.9.1 emacs-nox=24.3-25.9.1 emacs=24.3-25.9.1 etags=24.3-25.9.1 |
CVE-2022-45939 | |
| git-core=2.26.2-27.66.1 | CVE-2023-22490 | |
| grub2-i386-pc=2.02-156.1 grub2-snapper-plugin=2.02-156.1 grub2-systemd-sleep-plugin=2.02-156.1 grub2=2.02-156.1 |
CVE-2022-2601 CVE-2022-3775 |
|
| expat=2.1.0-21.28.1 libexpat1=2.1.0-21.28.1 |
CVE-2022-43680 | |
| libxml2-2=2.9.4-46.59.2 libxml2-tools=2.9.4-46.59.2 |
CVE-2022-40303 | |
| python3-setuptools=40.6.2-4.21.1 python36-setuptools=44.1.1-8.6.1 |
CVE-2022-40897 | |
| libpython3_4m1_0=3.4.10-25.105.1 python3-base=3.4.10-25.105.1 |
CVE-2022-40899 | |
| w3m=0.5.3.git20161120-161.6.1 | CVE-2022-38223 | |
| containerd=1.6.12-16.68.1 | CVE-2022-23471 CVE-2022-27191 |
|
| libX11-6=1.6.2-12.24.1 libX11-data=1.6.2-12.24.1 |
CVE-2022-3554 CVE-2022-3555 |
|
| libsnmp30=5.7.3-11.6.1 net-snmp=5.7.3-11.6.1 perl-SNMP=5.7.3-11.6.1 snmp-mibs=5.7.3-11.6.1 |
CVE-2022-44793 | |
| vim-data-common=9.0.1234-17.12.1 vim-data=9.0.1234-17.12.1 vim=9.0.1234-17.12.1 |
CVE-2021-3928 CVE-2022-3234 CVE-2022-3235 CVE-2022-3324 CVE-2022-3491 CVE-2022-3520 CVE-2022-3591 CVE-2022-3705 CVE-2022-4141 CVE-2022-4292 CVE-2022-4293 CVE-2023-0049 CVE-2023-0051 CVE-2023-0054 CVE-2023-0288 CVE-2023-0433 |
|
| rpm=4.11.2-16.26.1 | CVE-2021-20271 CVE-2021-3421 |
|
| java-11-openjdk-headless=11.0.18.0-3.52.1 | CVE-2022-21618 CVE-2022-21619 CVE-2022-21624 CVE-2022-21626 CVE-2022-21628 CVE-2022-39399 CVE-2023-21835 CVE-2023-21843 |
|
| libfreebl3-hmac=3.79.4-58.94.1 libfreebl3=3.79.4-58.94.1 libsoftokn3-hmac=3.79.4-58.94.1 libsoftokn3=3.79.4-58.94.1 mozilla-nss-certs=3.79.4-58.94.1 mozilla-nss=3.79.4-58.94.1 |
CVE-2022-23491 CVE-2022-3479 CVE-2023-0767 |
|
| krb5=1.12.5-40.46.1 | CVE-2022-42898 | |
| sudo=1.8.27-4.33.1 | CVE-2023-22809 | |
| libpython2_7-1_0=2.7.18-33.17.1 python-base=2.7.18-33.17.1 python-xml=2.7.18-33.17.1 python3=3.4.10-25.105.1 |
CVE-2022-45061 | |
| libksba8=1.3.0-24.6.1 | CVE-2022-47629 | |
| curl=7.60.0-11.55.1 libcurl4=7.60.0-11.55.1 |
CVE-2023-23916 | |
| libsystemd0=228-157.49.1 libudev1=228-157.49.1 systemd-bash-completion=228-157.49.1 systemd-sysvinit=228-157.49.1 systemd=228-157.49.1 udev=228-157.49.1 |
CVE-2022-4415 | |
| ucode-intel=20230214-3.49.1 | CVE-2022-21216 CVE-2022-33196 CVE-2022-38090 |
|
| libtasn1-6=4.9-3.13.1 libtasn1=4.9-3.13.1 |
CVE-2021-46848 | |
| python3-py=1.8.1-11.15.2 | CVE-2020-29651 CVE-2022-42969 |
|
| kernel-default=4.12.14-122.147.1 | CVE-2023-23454 | |
| libdb-4_8=4.8.30-33.1 | CVE-2019-2708 | |
| dhcp-client=4.3.3-10.28.1 dhcp=4.3.3-10.28.1 |
CVE-2022-2928 CVE-2022-2929 |
|
| kpartx=0.7.9+232+suse.cbc3754-3.14.1 | CVE-2022-41973 | |
| libpq5=15.2-3.6.1 postgresql14-server=14.7-3.20.1 postgresql14=14.7-3.20.1 |
CVE-2022-41862 |
PPDM Core
| Third Party Component | CVEs | More Information |
| jettison-1.1/jettison-1.4 Jettison - Json Stax implementation1.1 |
CVE-2022-40149 CVE-2022-40150 |
See NVD ( http://nvd.nist.gov/) for individual scores for Each CVE |
| XStream1.4.19 | CVE-2022-40151 CVE-2022-40152 CVE-2022-41966 |
|
| snakeyaml-1.30 | CVE-2022-25857 | |
| jackson-databind2.13.4 | CVE-2022-42003 | |
| Apache Commons JXPath1.3 | CVE-2022-41852 CVE-2022-40159 CVE-2022-40157 CVE-2022-40160 CVE-2022-40161 CVE-2022-40158 |
|
| Apache Commons Text1.9 | CVE-2022-42889 | |
| Spring Security5.7.4 | CVE-2022-31692 CVE-2022-31690 |
|
| PostgreSQL JDBC Driver (pgjdbc)42.4.2 | CVE-2022-41946 | |
| zip4j 2.10.0/zip4j 2.11.2 | CVE-2023-22899 |
PPDM-UI
| Third-Party Component | CVEs | More Information |
| engine io 6.2.0 | CVE-2022-41940 | See NVD ( http://nvd.nist.gov/) for individual scores for Each CVE |
| glob-parent 5.1.2 | CVE-2020-28469 | |
| jszip 3.7.1 | CVE-2022-48285 | |
| minimatch 3.0.4 | CVE-2022-3517 | |
| qs 6.5.2 | CVE-2022-24999 | |
| sindresorhus/got 9.6.0 | CVE-2021-33502 | |
| socket io-parser 4.0.4 | CVE-2022-2421 | |
| terser 5.11.0 | CVE-2022-25858 |
PPDM Cloud Disaster Recovery
| Third Party Component | CVEs | More Information |
| Spring Security 5.5.7 | CVE-2022-31690 | See NVD ( http://nvd.nist.gov/) for individual scores for Each CVE |
| jackson-databind 2.13.4 | CVE-2022-42003 | |
| spring_framework_version 5.3.23 | CVE-2016-1000027 | |
| snake_yaml_version 1.31 | CVE-2022-41854 CVE-2022-38752 |
|
| jettison_version 1.5.1 | CVE-2022-45693 CVE-2022-45685 |
|
| hsql 2.6.1 | CVE-2022-41853 |
PPDM Kubernetes cProxy
| Third Party Component | CVEs | More Information |
| curl <v7.88.0 | CVE-2023-23916 | See NVD ( http://nvd.nist.gov/) for individual scores for Each CVE |
| GNU Tar 1.27.1-15.15.1 | CVE-2022-48303 |
PPDM Native Reporting
| Third Party Component | CVEs | More Information |
| Apache POI 2.5.1/Apache POI 3.10-beta2 | CVE-2017-12626 CVE-2019-12415 CVE-2016-5000 CVE-2022-26336 CVE-2017-5644 CVE-2012-0213 CVE-2014-9527 CVE-2014-3574 CVE-2014-3529 |
See NVD ( http://nvd.nist.gov/) for individual scores for Each CVE |
| BeanShell 2.0b4 | CVE-2016-2510 | |
| Jsoup 1.7.3 | CVE-2021-37714 CVE-2022-36033 CVE-2015-6748 |
|
| libplexus-utils 2.0.5/ libplexus-utils 1.5.15 | CVE-2017-1000487 | |
| Maven Shared Utils 0.1 Maven Shared Utils 0.4 Maven Shared Utils 0.7 |
CVE-2022-29599 | |
| XMLBeans 2.3.0 | CVE-2021-23926 |
Cloud Snapshot Manager
| Third Party Component | CVEs | More Information |
| cryptiles 3.1.2 | CVE-2018-1000620 | See NVD ( http://nvd.nist.gov/) for individual scores for Each CVE |
| deep-extend 0.4.2 | CVE-2018-3750 | |
| extend 3.0.1 | CVE-2018-16492 CVE-2018-16492 |
|
| Handlebars.js 4.0.11 | CVE-2021-23369 CVE-2021-23383 CVE-2019-19919 |
|
| json-schema 0.2.3 | CVE-2021-3918 | |
| knex 0.14.6 | CVE-2019-10757 CVE-2019-10757 |
|
| Lodash 4.17.10 | CVE-2019-10744 CVE-2021-23337 |
|
| minimist 1.2.0 | CVE-2021-44906 | |
| mixin-deep 1.3.1 | CVE-2019-10746 | |
| set-value 0.4.3 | CVE-2021-23440 CVE-2019-10747 |
|
| y18n 4.0.0 | CVE-2020-7774 | |
| yeikos/js.merge 1.2.0 | CVE-2020-28499 | |
| ansi-regex 4.1.0 | CVE-2021-3807 | |
| Async 2.6.0 | CVE-2021-43138 | |
| axios 0.18.1 | CVE-2021-3749 | |
| dicer 0.2.5 | CVE-2022-24434 | |
| dot-prop 4.2.0 | CVE-2020-8116 | |
| doTJS v1.1.2 | CVE-2020-8141 | |
| glob-parent 2.0.0 | CVE-2020-28469 | |
| hueniverse/hawk 6.0.2 | CVE-2022-29167 | |
| ini 1.3.5 | CVE-2020-7788 | |
| kind-of 6.0.2 | CVE-2019-20149 | |
| knowledgecode/date-and-time 0.11.1 | CVE-2020-26289 | |
| moment/moment 2.24.0 | CVE-2022-24785 CVE-2022-31129 |
|
| node-forge 0.8.4 | CVE-2022-24771 CVE-2022-24772 CVE-2020-7720 |
|
| Nodemailerv 6.4.18 | CVE-2021-23400 | |
| path-parse 1.0.5 | CVE-2021-23343 | |
| pathval 1.1.0 | CVE-2020-7751 | |
| redis 2.8.0 | CVE-2021-29469 | |
| simple-getv 3.1.0 | CVE-2022-0355 | |
| tar v4.4.10 | CVE-2021-32803 CVE-2021-32804 CVE-2021-37701 CVE-2021-37712 CVE-2021-37713 |
|
| tmpl 1.0.4 | CVE-2021-3777 | |
| Underscore.js 1.9.1 | CVE-2021-23358 | |
| validator.js 9.4.1 | CVE-2021-3765 | |
| ajv 5.5.2 | CVE-2020-15366 | |
| bl 4.0.2 | CVE-2020-8244 | |
| debug-js/debug 2.2.0 | CVE-2017-16137 | |
| follow-redirects 1.7.0 | CVE-2022-0155 CVE-2022-0536 |
|
| hosted-git-info 2.7.1 | CVE-2021-23362 | |
| jszip 3.2.2 | CVE-2021-21366 CVE-2021-32796 |
|
| micromatch/braces 1.8.5 | CVE-2018-1109 | |
| mikaelbr/node-notifier 5.2.1 | CVE-2020-7789 | |
| node-fetch 2.6.0 | CVE-2020-15168 CVE-2022-0235 |
|
| Passport.js 0.3.2 | CVE-2022-25896 | |
| randomatic 1.1.7 | CVE-2017-16028 | |
| stringstream 0.0.5 | CVE-2018-21270 | |
| undefsafe 2.0.2 | CVE-2019-10795 | |
| xmldom 0.1.27 | CVE-2021-21366 CVE-2021-32796 |
|
| yargs-parser 2.4.1 | CVE-2020-7608 | |
| Chownr 1.0.1 | CVE-2017-18869 |
PPDM AppAgents
| Third Party Component | CVEs | More Information |
| SQLite 3.38.1 SQLite 3.39.4 |
CVE-2022-35737 CVE-2022-46908 |
See NVD ( http://nvd.nist.gov/) for individual scores for Each CVE |
| Zlib 1.2.11 | CVE-2022-37434 CVE-2018-25032 |
|
| Libxml 2.9.14 | CVE-2022-40304 CVE-2022-40303 |
|
| Libcurl 7.86 | CVE-2022-43551 CVE-2022-43552 |
Affected Products & Remediation
| Product | Affected Versions | Updated Version | Link to Update |
| Dell PowerProtect Data Manager | 19.12 and earlier | 19.13 and later | PPDM 19.13 drivers and downloads |
| Dell PowerProtect Data Manager Appliance (DM5500) | 5.12 | 5.13 | DM5500 5.13 Downloads |
| Product | Affected Versions | Updated Version | Link to Update |
| Dell PowerProtect Data Manager | 19.12 and earlier | 19.13 and later | PPDM 19.13 drivers and downloads |
| Dell PowerProtect Data Manager Appliance (DM5500) | 5.12 | 5.13 | DM5500 5.13 Downloads |
Revision History
| Revision | Date | Description |
| 1.0 | 2023-04-03 | Initial Release |
| 2.0 | 2023-05-05 | Added New Product Under "Affected Products and Remediation" Section |
Related Information
Legal Disclaimer
Affected Products
PowerProtect Data Manager Appliance, PowerProtect Data Manager, Product Security InformationArticle Properties
Article Number: 000211965
Article Type: Dell Security Advisory
Last Modified: 19 Sept 2025
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.