Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.
Some article numbers may have changed. If this isn't what you're looking for, try searching all articles. Search articles

Article Number: 000187283


DSA-2021-105: Dell Power Protect Data Manager Update for Multiple Third-Party Components Vulnerabilities

Summary: Dell Power Protect Data Manager remediation is available for multiple third-party components vulnerabilities that may be exploited by malicious users to compromise the affected system.

Article Content


Impact

High

Details

Third-party Component  CVE(s) More information
json-sanitizer CVE-2021-23899
CVE-2021-23900
 
OWASP json-sanitizer before 1.2.2 may emit closing SCRIPT tags and CDATA section delimiters for crafted input. This allows an attacker to inject arbitrary HTML or XML into embedding documents.

OWASP json-sanitizer before 1.2.2 can output invalid JSON or throw an undeclared exception for crafted input. This may lead to denial of service if the application is not prepared to handle these situations
OpenSSL CVE-2020-1971  
SuSE CVE-2020-28374
CVE-2020-36158
CVE-2020-27825
CVE-2020-0466
CVE-2020-27068
CVE-2020-0465
CVE-2020-0444
CVE-2020-29660
CVE-2020-29661
CVE-2020-27777
CVE-2019-20934
CVE-2020-27786
CVE-2020-4788
CVE-2018-20669
 
Open JDK JRE CVE-2020-14803 (JDK-8247619)
 
https://mail.openjdk.java.net/pipermail/jdk8u-dev/2021-January/013337.html
 
Third-party Component  CVE(s) More information
json-sanitizer CVE-2021-23899
CVE-2021-23900
 
OWASP json-sanitizer before 1.2.2 may emit closing SCRIPT tags and CDATA section delimiters for crafted input. This allows an attacker to inject arbitrary HTML or XML into embedding documents.

OWASP json-sanitizer before 1.2.2 can output invalid JSON or throw an undeclared exception for crafted input. This may lead to denial of service if the application is not prepared to handle these situations
OpenSSL CVE-2020-1971  
SuSE CVE-2020-28374
CVE-2020-36158
CVE-2020-27825
CVE-2020-0466
CVE-2020-27068
CVE-2020-0465
CVE-2020-0444
CVE-2020-29660
CVE-2020-29661
CVE-2020-27777
CVE-2019-20934
CVE-2020-27786
CVE-2020-4788
CVE-2018-20669
 
Open JDK JRE CVE-2020-14803 (JDK-8247619)
 
https://mail.openjdk.java.net/pipermail/jdk8u-dev/2021-January/013337.html
 
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

Product Affected Version(s) Updated Version(s) Link to Update  
Dell Power Protect Data Manager 19.7 and earlier  19.8    
 
 
Product Affected Version(s) Updated Version(s) Link to Update  
Dell Power Protect Data Manager 19.7 and earlier  19.8    
 
 

Workarounds and Mitigations

None

Revision History

RevisionDateDescription
1.02021-05-24Initial Release

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide


Article Properties


Affected Product

PowerProtect Data Manager, Product Security Information

Last Published Date

24 May 2021

Version

1

Article Type

Dell Security Advisory