DSA-2022-105: Dell Avamar Server and Avamar Virtual Edition Security Update for Apache Struts2 Vulnerability

Summary: Dell Avamar Server and Avamar Virtual Edition remediation is available for the Apache Struts2 Vulnerability that may be exploited by malicious users to compromise the affected system.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Impact

Critical

Details

Third-party Component CVE More information
Apache Struts2 CVE-2020-17530 https://nvd.nist.gov/vuln/detail/CVE-2020-17530This hyperlink is taking you to a website outside of Dell Technologies.
Third-party Component CVE More information
Apache Struts2 CVE-2020-17530 https://nvd.nist.gov/vuln/detail/CVE-2020-17530This hyperlink is taking you to a website outside of Dell Technologies.
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

Product Affected Versions Updated Versions Update Link
Avamar Server, Avamar Virtual Edition 19.3 and 19.4 19.7 Support for Avamar Server | Drivers & Downloads 
PowerProtect DP Series Appliance and Integrated Data Protection Appliance 2.7.x (Includes Protection Software Avamar version 19.4). 2.7.2 or later with 19.4 MC Hotfix Avamar 19.4 MC Cumulative Hotfix for Avamar Server and Avamar Virtual Edition November 2022 (Hotfix 337055)
2.6.x (Includes Protection Software Avamar 19.3). Apply Protection Software Avamar MC hotfix that is expected to be available for 19.3. Links will be available once the hotfix is released.
 
NOTE: The next Avamar 19.3 MC hotfix will include a fix for the Apache struts vulnerability issue. 
For Integration Data Protection Appliance systems, update to Integration Data Protection Appliance 2.7.2 first before applying the MC Hotfix on Backup Server.
Product Affected Versions Updated Versions Update Link
Avamar Server, Avamar Virtual Edition 19.3 and 19.4 19.7 Support for Avamar Server | Drivers & Downloads 
PowerProtect DP Series Appliance and Integrated Data Protection Appliance 2.7.x (Includes Protection Software Avamar version 19.4). 2.7.2 or later with 19.4 MC Hotfix Avamar 19.4 MC Cumulative Hotfix for Avamar Server and Avamar Virtual Edition November 2022 (Hotfix 337055)
2.6.x (Includes Protection Software Avamar 19.3). Apply Protection Software Avamar MC hotfix that is expected to be available for 19.3. Links will be available once the hotfix is released.
 
NOTE: The next Avamar 19.3 MC hotfix will include a fix for the Apache struts vulnerability issue. 
For Integration Data Protection Appliance systems, update to Integration Data Protection Appliance 2.7.2 first before applying the MC Hotfix on Backup Server.

Revision History

RevisionDateDescription 
1.02022-08-12Initial Release 
2.02022-09-01Added prior releases note and added TBD for affected version. 
3.02022-09-07Note about next MC ETA 
4.02022-11-09Minor Change (Affected Version Column and Note) 
5.02022-12-12Changes in Updated Links Column and Notes Section 
6.02023-03-01Minor Changes in Summary and Title 

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Disclaimer

Affected Products

PowerProtect Data Protection Appliance, Avamar Server, Avamar Virtual Edition, PowerProtect Data Protection Software, Integrated Data Protection Appliance Family, PowerProtect Data Protection Hardware, Integrated Data Protection Appliance Software , PowerProtect Software, Product Security Information ...
Article Properties
Article Number: 000202650
Article Type: Dell Security Advisory
Last Modified: 19 Sep 2025
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.