DSA-2021-105: Dell PowerProtect Data Manager Update for Multiple Third-Party Components Vulnerabilities

Summary: Dell PowerProtect Data Manager remediation is available for multiple third-party components vulnerabilities that may be exploited by malicious users to compromise the affected system.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Impact

High

Details

Third-party Component  CVE(s) More information
json-sanitizer CVE-2021-23899
CVE-2021-23900
 		 OWASP json-sanitizer before 1.2.2 may emit closing SCRIPT tags and CDATA section delimiters for crafted input. This allows an attacker to inject arbitrary HTML or XML into embedding documents.

OWASP json-sanitizer before 1.2.2 can output invalid JSON or throw an undeclared exception for crafted input. This may lead to denial of service if the application is not prepared to handle these situations
OpenSSL CVE-2020-1971  
SuSE CVE-2020-28374
CVE-2020-36158
CVE-2020-27825
CVE-2020-0466
CVE-2020-27068
CVE-2020-0465
CVE-2020-0444
CVE-2020-29660
CVE-2020-29661
CVE-2020-27777
CVE-2019-20934
CVE-2020-27786
CVE-2020-4788
CVE-2018-20669		  
Open JDK JRE CVE-2020-14803 (JDK-8247619)
 		 https://mail.openjdk.java.net/pipermail/jdk8u-dev/2021-January/013337.html
 
Third-party Component  CVE(s) More information
json-sanitizer CVE-2021-23899
CVE-2021-23900
 		 OWASP json-sanitizer before 1.2.2 may emit closing SCRIPT tags and CDATA section delimiters for crafted input. This allows an attacker to inject arbitrary HTML or XML into embedding documents.

OWASP json-sanitizer before 1.2.2 can output invalid JSON or throw an undeclared exception for crafted input. This may lead to denial of service if the application is not prepared to handle these situations
OpenSSL CVE-2020-1971  
SuSE CVE-2020-28374
CVE-2020-36158
CVE-2020-27825
CVE-2020-0466
CVE-2020-27068
CVE-2020-0465
CVE-2020-0444
CVE-2020-29660
CVE-2020-29661
CVE-2020-27777
CVE-2019-20934
CVE-2020-27786
CVE-2020-4788
CVE-2018-20669		  
Open JDK JRE CVE-2020-14803 (JDK-8247619)
 		 https://mail.openjdk.java.net/pipermail/jdk8u-dev/2021-January/013337.html
 
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

Product Affected Version(s) Updated Version(s) Link to Update  
Dell PowerProtect Data Manager 19.7 and earlier  19.8    
 
 
Product Affected Version(s) Updated Version(s) Link to Update  
Dell PowerProtect Data Manager 19.7 and earlier  19.8    
 
 

Workarounds & Mitigations

None

Revision History

RevisionDateDescription
1.02021-05-24Initial Release

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Disclaimer

Affected Products

PowerProtect Data Manager, Product Security Information
Article Properties
Article Number: 000187283
Article Type: Dell Security Advisory
Last Modified: 28 Aug 2025
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.