DSA-2021-181: Dell EMC PowerProtect Data Manager Update for Multiple Security Vulnerabilities

Summary: Dell EMC PowerProtect Data Manager remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected systems.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Impact

Critical

Details

Third-party Component  CVE(s) More Information
MyBatis 3.4.4 CVE-2020-26945 See NVD (http://nvd.nist.gov/) for individual scores for each CVE.
Spring Cloud Netflix Zuul2.2.6.RELEASE CVE-2021-22113
json-smart 2.3 CVE-2021-27568
AWS SDK for Node.js v2.596.0 CVE-2020-28472
css-whatv4.0.0/css-whatv3.4.2 CVE-2021-33587
einaros/ws 6.2.2 CVE-2021-32640
engine.io 3.5.0  CVE-2020-36048 
glob-parent 3.1.0 CVE-2020-28469
normalize_url v4.5.0/ normalize_url3.3.0 CVE-2021-33502
path-parse 1.0.6 CVE-2021-23343
PostCSS 7.0.35 CVE-2021-23382
CVE-2021-23368
Socket.IO Parser 3.3.2 CVE-2020-36049
UAParser.js 0.7.21 CVE-2021-27292
CVE-2020-7793
 
CVE-2020-7733 
Apache Commons Compress 1.20 CVE-2021-36090
CVE-2021-35517
CVE-2021-35516
CVE-2021-35515
Expression Language 3.03.0.3 CVE-2021-28170
HashiCorp Consul v1.1.0 CVE-2020-7219
GoLang 1.16 CVE-2021-34558
CVE-2021-33198
CVE-2021-33197
CVE-2021-33196
CVE-2021-33195
CVE-2021-33194
CVE-2021-31525
CVE-2021-27919
CVE-2021-27918
CVE-2021-3121
CVE-2020-29652
CVE-2020-29511
CVE-2020-29510
CVE-2020-29509
CVE-2020-28852
CVE-2020-28851
libgcrypt20=1.6.1-16.77.1 CVE-2021-33560
libsystemd0=228-157.30.1
libudev1=228-157.30.1
systemd-bash-completion=228-157.30.1
systemd-sysvinit=228-157.30.1
systemd=228-157.30.1
udev=228-157.30.1		 CVE-2021-33910
containerd=1.4.4-16.42.1 CVE-2021-21334
CVE-2021-32760
python3-urllib3=1.25.10-3.29.1 CVE-2021-33503
bind-utils=9.11.22-3.34.1
libbind9-161=9.11.22-3.34.1
libdns1110=9.11.22-3.34.1
libirs161=9.11.22-3.34.1
libisc1107=9.11.22-3.34.1
libisccc161=9.11.22-3.34.1
libisccfg163=9.11.22-3.34.1
liblwres161=9.11.22-3.34.1
python-bind=9.11.22-3.34.1		 CVE-2021-25214
CVE-2021-25215
CVE-2021-25216
dhcp-client=4.3.3-10.22.1
dhcp=4.3.3-10.22.1		 CVE-2021-25217
libX11-6=1.6.2-12.21.1
libX11-data=1.6.2-12.21.1		 CVE-2021-31535
kernel-default=4.12.14-122.83.1 CVE-2020-0429
CVE-2021-3659
libmspack0=0.4-15.10.1 CVE-2018-14681
glibc-i18ndata=2.22-114.12.1
glibc-locale=2.22-114.12.1
glibc=2.22-114.12.1		 CVE-2016-10228
CVE-2020-27618
CVE-2020-29562
CVE-2020-29573
CVE-2021-35942
libpython3_6m1_0=3.6.13-4.42.1
python36-base=3.6.13-4.42.1
python36=3.6.13-4.42.1		 CVE-2021-3426
ucode-intel=20210525-3.35.1 CVE-2020-24489
CVE-2020-24511
CVE-2020-24512
CVE-2020-24513
libpolkit0=0.113-5.21.1
polkit=0.113-5.21.1		 CVE-2021-3560
libxml2-2=2.9.4-46.46.1
libxml2-tools=2.9.4-46.46.1		 CVE-2021-3541
libhogweed2=2.7.1-13.6.1
libnettle4=2.7.1-13.6.1		 CVE-2021-3580
libjpeg8=8.1.2-31.25.1 CVE-2020-17541
python3-PyYAML=5.3.1-28.4.3 CVE-2020-14343
postgresql10-server=10.17-4.16.4
postgresql10=10.17-4.16.4		 CVE-2021-32027
CVE-2021-32028
dbus-1-x11=1.8.22-35.2
dbus-1=1.8.22-35.2
libdbus-1-3=1.8.22-35.2		 CVE-2020-35512
java-1_8_0-openjdk-headless=1.8.0.292-27.60.1 CVE-2021-2163
libpq5=13.3-3.9.3 CVE-2021-32027
CVE-2021-32028
CVE-2021-32029
curl=7.60.0-11.23.1
libcurl4=7.60.0-11.23.1		 CVE-2021-22925
cpio-lang=2.11-36.9.2
cpio=2.11-36.9.2		 CVE-2021-38185
libsolv-tools=0.6.37-2.33.1 CVE-2019-20387
CVE-2021-3200
sudo >= 1.8.27-4.15.1 CVE-2021-3156
Third-party Component  CVE(s) More Information
MyBatis 3.4.4 CVE-2020-26945 See NVD (http://nvd.nist.gov/) for individual scores for each CVE.
Spring Cloud Netflix Zuul2.2.6.RELEASE CVE-2021-22113
json-smart 2.3 CVE-2021-27568
AWS SDK for Node.js v2.596.0 CVE-2020-28472
css-whatv4.0.0/css-whatv3.4.2 CVE-2021-33587
einaros/ws 6.2.2 CVE-2021-32640
engine.io 3.5.0  CVE-2020-36048 
glob-parent 3.1.0 CVE-2020-28469
normalize_url v4.5.0/ normalize_url3.3.0 CVE-2021-33502
path-parse 1.0.6 CVE-2021-23343
PostCSS 7.0.35 CVE-2021-23382
CVE-2021-23368
Socket.IO Parser 3.3.2 CVE-2020-36049
UAParser.js 0.7.21 CVE-2021-27292
CVE-2020-7793
 
CVE-2020-7733 
Apache Commons Compress 1.20 CVE-2021-36090
CVE-2021-35517
CVE-2021-35516
CVE-2021-35515
Expression Language 3.03.0.3 CVE-2021-28170
HashiCorp Consul v1.1.0 CVE-2020-7219
GoLang 1.16 CVE-2021-34558
CVE-2021-33198
CVE-2021-33197
CVE-2021-33196
CVE-2021-33195
CVE-2021-33194
CVE-2021-31525
CVE-2021-27919
CVE-2021-27918
CVE-2021-3121
CVE-2020-29652
CVE-2020-29511
CVE-2020-29510
CVE-2020-29509
CVE-2020-28852
CVE-2020-28851
libgcrypt20=1.6.1-16.77.1 CVE-2021-33560
libsystemd0=228-157.30.1
libudev1=228-157.30.1
systemd-bash-completion=228-157.30.1
systemd-sysvinit=228-157.30.1
systemd=228-157.30.1
udev=228-157.30.1		 CVE-2021-33910
containerd=1.4.4-16.42.1 CVE-2021-21334
CVE-2021-32760
python3-urllib3=1.25.10-3.29.1 CVE-2021-33503
bind-utils=9.11.22-3.34.1
libbind9-161=9.11.22-3.34.1
libdns1110=9.11.22-3.34.1
libirs161=9.11.22-3.34.1
libisc1107=9.11.22-3.34.1
libisccc161=9.11.22-3.34.1
libisccfg163=9.11.22-3.34.1
liblwres161=9.11.22-3.34.1
python-bind=9.11.22-3.34.1		 CVE-2021-25214
CVE-2021-25215
CVE-2021-25216
dhcp-client=4.3.3-10.22.1
dhcp=4.3.3-10.22.1		 CVE-2021-25217
libX11-6=1.6.2-12.21.1
libX11-data=1.6.2-12.21.1		 CVE-2021-31535
kernel-default=4.12.14-122.83.1 CVE-2020-0429
CVE-2021-3659
libmspack0=0.4-15.10.1 CVE-2018-14681
glibc-i18ndata=2.22-114.12.1
glibc-locale=2.22-114.12.1
glibc=2.22-114.12.1		 CVE-2016-10228
CVE-2020-27618
CVE-2020-29562
CVE-2020-29573
CVE-2021-35942
libpython3_6m1_0=3.6.13-4.42.1
python36-base=3.6.13-4.42.1
python36=3.6.13-4.42.1		 CVE-2021-3426
ucode-intel=20210525-3.35.1 CVE-2020-24489
CVE-2020-24511
CVE-2020-24512
CVE-2020-24513
libpolkit0=0.113-5.21.1
polkit=0.113-5.21.1		 CVE-2021-3560
libxml2-2=2.9.4-46.46.1
libxml2-tools=2.9.4-46.46.1		 CVE-2021-3541
libhogweed2=2.7.1-13.6.1
libnettle4=2.7.1-13.6.1		 CVE-2021-3580
libjpeg8=8.1.2-31.25.1 CVE-2020-17541
python3-PyYAML=5.3.1-28.4.3 CVE-2020-14343
postgresql10-server=10.17-4.16.4
postgresql10=10.17-4.16.4		 CVE-2021-32027
CVE-2021-32028
dbus-1-x11=1.8.22-35.2
dbus-1=1.8.22-35.2
libdbus-1-3=1.8.22-35.2		 CVE-2020-35512
java-1_8_0-openjdk-headless=1.8.0.292-27.60.1 CVE-2021-2163
libpq5=13.3-3.9.3 CVE-2021-32027
CVE-2021-32028
CVE-2021-32029
curl=7.60.0-11.23.1
libcurl4=7.60.0-11.23.1		 CVE-2021-22925
cpio-lang=2.11-36.9.2
cpio=2.11-36.9.2		 CVE-2021-38185
libsolv-tools=0.6.37-2.33.1 CVE-2019-20387
CVE-2021-3200
sudo >= 1.8.27-4.15.1 CVE-2021-3156
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

Product Affected Version(s) Updated Version(s) Link to Update
Dell EMC PowerProtect Data Manager 19.8 and prior 19.9 Contact Customer Support
Product Affected Version(s) Updated Version(s) Link to Update
Dell EMC PowerProtect Data Manager 19.8 and prior 19.9 Contact Customer Support

Workarounds & Mitigations

None.

Revision History

RevisionDateDescription
1.02021-09-27Initial Release

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Disclaimer

Affected Products

PowerProtect Data Manager, Product Security Information
Article Properties
Article Number: 000191930
Article Type: Dell Security Advisory
Last Modified: 27 Sep 2021
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.