DSA-2024-280: Security Update for Dell Avamar and Dell Avamar Virtual Edition Multiple Security Vulnerabilities.

Table of Contents

Detailed Article

Impact

Affected Products & Remediation

Revision History

Related Info

Legal Disclaimer

Affected Products

Provide Feedback

Summary: Dell Avamar and Dell Avamar Virtual Edition remediation is available for multiple vulnerabilities that could be exploited by malicious users to compromise the affected system.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.

Check out other resources

Impact

Critical

Details

Third-party Component	CVEs	More Information
Apache Ant	CVE-2020-11979, CVE-2021-36374	See NVD link below for individual scores for each CVE. https://nvd.nist.gov/
Apache Struts	CVE-2023-34149, CVE-2023-34396, CVE-2023-41835, CVE-2023-50164	See NVD link below for individual scores for each CVE. https://nvd.nist.gov/
Jetty: Java based HTTP/1.x, HTTP/2, Servlet, WebSocket Server	CVE-2023-41900	See NVD link below for individual scores for each CVE. https://nvd.nist.gov/
SnakeYAML	CVE-2017-18640	See NVD link below for individual scores for each CVE. https://nvd.nist.gov/
Dozer	CVE-2014-9515	See NVD link below for individual scores for each CVE. https://nvd.nist.gov/

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

CVEs Addressed	Product	Software/Firmware	Affected Version(s)	Remediated Version	Link
CVE-2020-11979, CVE-2021-36374, CVE-2023-34149, CVE-2023-34396, CVE-2023-41835, CVE-2023-50164, CVE-2023-41900, CVE-2017-18640, CVE-2014-9515	Dell Avamar Data Store Gen5A, Gen4T	Dell Avamar operating system	Versions 19.4, 19.7,19.8,19.9 and 19.10	Avamar 19.10 SP1	https://dl.dell.com/downloads/KYC7K_Avamar-19.10-SP1-for-Server-and-AVE-Upgrades.avp
CVE-2020-11979, CVE-2021-36374, CVE-2023-34149, CVE-2023-34396, CVE-2023-41835, CVE-2023-50164, CVE-2023-41900, CVE-2017-18640, CVE-2014-9515	Avamar Virtual Edition for VMware ESXi and vSphere	Dell Avamar operating system	Versions 19.4, 19.7,19.8,19.9 and 19.10	Avamar 19.10 SP1	https://dl.dell.com/downloads/NRDN1_Avamar-19.10-SP1-Virtual-Edition-for-VMware-ESXi-and-vSphere.7z
CVE-2020-11979, CVE-2021-36374, CVE-2023-34149, CVE-2023-34396, CVE-2023-41835, CVE-2023-50164, CVE-2023-41900, CVE-2017-18640, CVE-2014-9515	Avamar Virtual Edition for VMware vSphere only	Dell Avamar operating system	Versions 19.4, 19.7,19.8,19.9 and 19.10	Avamar 19.10 SP1	https://dl.dell.com/downloads/V0RPW_Avamar-19.10-SP1-Virtual-Edition-for-VMware-vSphere-only.ova
CVE-2020-11979, CVE-2021-36374, CVE-2023-34149, CVE-2023-34396, CVE-2023-41835, CVE-2023-50164, CVE-2023-41900, CVE-2017-18640, CVE-2014-9515	Avamar Virtual Edition for Hyper-V 2012	Dell Avamar operating system	Versions 19.4, 19.7,19.8,19.9 and 19.10	Avamar 19.10 SP1	https://dl.dell.com/downloads/X59J2_Avamar-19.10-SP1-Virtual-Edition-for-Hyper-V-2012.7z
CVE-2020-11979, CVE-2021-36374, CVE-2023-34149, CVE-2023-34396, CVE-2023-41835, CVE-2023-50164, CVE-2023-41900, CVE-2017-18640, CVE-2014-9515	Avamar Virtual Edition for Hyper-V 2012R2, Hyper-V 2016, and Hyper-V 2019	Dell Avamar operating system	Versions 19.4, 19.7,19.8,19.9 and 19.10	Avamar 19.10 SP1	https://dl.dell.com/downloads/163H4_Avamar-19.10-SP1-Virtual-Edition-for-Hyper-V-2012R2,-Hyper-V-2016,-and-Hyper-V-2019.7z
CVE-2020-11979, CVE-2021-36374, CVE-2023-34149, CVE-2023-34396, CVE-2023-41835, CVE-2023-50164, CVE-2023-41900, CVE-2017-18640, CVE-2014-9515	Avamar Virtual Edition for KVM/Open Stack KVM	Dell Avamar operating system	Versions 19.4, 19.7,19.8,19.9 and 19.10	Avamar 19.10 SP1	https://dl.dell.com/downloads/D3F1V_Avamar-19.10-SP1-Virtual-Edition-for-KVM-OpenStack-KVM.7z
CVE-2020-11979, CVE-2021-36374, CVE-2023-34149, CVE-2023-34396, CVE-2023-41835, CVE-2023-50164, CVE-2023-41900, CVE-2017-18640, CVE-2014-9515	Dell PowerProtect DP Series Appliance (Integrated Data Protection Appliance)	Dell Avamar operating system	Versions 2.7.0 through 2.7.6	Version 2.7.7	https://dl.dell.com/downloads/NGXWR_PowerProtect-DP-Series-IDPA-2.7.7-Upgrade-for-DP4400-and-DP5900-Appliances.gz

CVEs Addressed	Product	Software/Firmware	Affected Version(s)	Remediated Version	Link
CVE-2020-11979, CVE-2021-36374, CVE-2023-34149, CVE-2023-34396, CVE-2023-41835, CVE-2023-50164, CVE-2023-41900, CVE-2017-18640, CVE-2014-9515	Dell Avamar Data Store Gen5A, Gen4T	Dell Avamar operating system	Versions 19.4, 19.7,19.8,19.9 and 19.10	Avamar 19.10 SP1	https://dl.dell.com/downloads/KYC7K_Avamar-19.10-SP1-for-Server-and-AVE-Upgrades.avp
CVE-2020-11979, CVE-2021-36374, CVE-2023-34149, CVE-2023-34396, CVE-2023-41835, CVE-2023-50164, CVE-2023-41900, CVE-2017-18640, CVE-2014-9515	Avamar Virtual Edition for VMware ESXi and vSphere	Dell Avamar operating system	Versions 19.4, 19.7,19.8,19.9 and 19.10	Avamar 19.10 SP1	https://dl.dell.com/downloads/NRDN1_Avamar-19.10-SP1-Virtual-Edition-for-VMware-ESXi-and-vSphere.7z
CVE-2020-11979, CVE-2021-36374, CVE-2023-34149, CVE-2023-34396, CVE-2023-41835, CVE-2023-50164, CVE-2023-41900, CVE-2017-18640, CVE-2014-9515	Avamar Virtual Edition for VMware vSphere only	Dell Avamar operating system	Versions 19.4, 19.7,19.8,19.9 and 19.10	Avamar 19.10 SP1	https://dl.dell.com/downloads/V0RPW_Avamar-19.10-SP1-Virtual-Edition-for-VMware-vSphere-only.ova
CVE-2020-11979, CVE-2021-36374, CVE-2023-34149, CVE-2023-34396, CVE-2023-41835, CVE-2023-50164, CVE-2023-41900, CVE-2017-18640, CVE-2014-9515	Avamar Virtual Edition for Hyper-V 2012	Dell Avamar operating system	Versions 19.4, 19.7,19.8,19.9 and 19.10	Avamar 19.10 SP1	https://dl.dell.com/downloads/X59J2_Avamar-19.10-SP1-Virtual-Edition-for-Hyper-V-2012.7z
CVE-2020-11979, CVE-2021-36374, CVE-2023-34149, CVE-2023-34396, CVE-2023-41835, CVE-2023-50164, CVE-2023-41900, CVE-2017-18640, CVE-2014-9515	Avamar Virtual Edition for Hyper-V 2012R2, Hyper-V 2016, and Hyper-V 2019	Dell Avamar operating system	Versions 19.4, 19.7,19.8,19.9 and 19.10	Avamar 19.10 SP1	https://dl.dell.com/downloads/163H4_Avamar-19.10-SP1-Virtual-Edition-for-Hyper-V-2012R2,-Hyper-V-2016,-and-Hyper-V-2019.7z
CVE-2020-11979, CVE-2021-36374, CVE-2023-34149, CVE-2023-34396, CVE-2023-41835, CVE-2023-50164, CVE-2023-41900, CVE-2017-18640, CVE-2014-9515	Avamar Virtual Edition for KVM/Open Stack KVM	Dell Avamar operating system	Versions 19.4, 19.7,19.8,19.9 and 19.10	Avamar 19.10 SP1	https://dl.dell.com/downloads/D3F1V_Avamar-19.10-SP1-Virtual-Edition-for-KVM-OpenStack-KVM.7z
CVE-2020-11979, CVE-2021-36374, CVE-2023-34149, CVE-2023-34396, CVE-2023-41835, CVE-2023-50164, CVE-2023-41900, CVE-2017-18640, CVE-2014-9515	Dell PowerProtect DP Series Appliance (Integrated Data Protection Appliance)	Dell Avamar operating system	Versions 2.7.0 through 2.7.6	Version 2.7.7	https://dl.dell.com/downloads/NGXWR_PowerProtect-DP-Series-IDPA-2.7.7-Upgrade-for-DP4400-and-DP5900-Appliances.gz

The CVEs remedied by this security update are listed. The list not only have the new CVEs remedied by this update, but all the past CVEs included in this cumulative update.
The OS Rollup 2024 R1 CVE are also remediated by this release. DSA-2024-198
Dell recommends that you always upgrade to the latest release/version for your product.
To schedule platform security patch installation, or to upgrade your server, contact Dell Customer Support at https://www.dell.com/support/home/product-support/product/avamar/drivers
Version19.10 SP1 will resolve the issues on proxy as well as AVE and ADS

Revision History

Revision	Date	Description
1.0	2024-06-26	Initial Release
2.0	2024-08-20	Updated Advisory stating that version 19.10 SP1 will address issues related to the proxy, AVE, and ADS.
3.0	2024-08-28	Updated Advisory as IDPA has announced the release of Version 2.7.7, which includes fixes for the disclosed vulnerability
4.0	2025-02-24	Updated the advisory with Third-Party component details for CVE-2014-9515

Related Information

Legal Disclaimer

Affected Products

Avamar, PowerProtect Data Protection Appliance, Avamar, Avamar Data Store, Avamar Data Store Gen4T, Avamar Data Store Gen5A, Avamar Server, Avamar Virtual Edition, PowerProtect Data Protection Software, Integrated Data Protection Appliance Family , PowerProtect Data Protection Hardware, Integrated Data Protection Appliance Software, Product Security Information ...

Article Number: 000226407

Article Type: Dell Security Advisory

Last Modified: 09 Sept 2025

Check if your device is covered by Support Services.

DSA-2024-280: Security Update for Dell Avamar and Dell Avamar Virtual Edition Multiple Security Vulnerabilities.

Summary: Dell Avamar and Dell Avamar Virtual Edition remediation is available for multiple vulnerabilities that could be exploited by malicious users to compromise the affected system.

Impact

Details

Affected Products & Remediation

Revision History

Related Information

Legal Disclaimer

Affected Products

Article Properties

Find answers to your questions from other Dell users

Support Services

Article Properties

Find answers to your questions from other Dell users

Support Services