DSA-2022-296: Dell PowerProtect Data Manager Update for Multiple Security Vulnerabilities
Summary: Dell PowerProtect Data Manager remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Impact
Critical
Details
Operating System Components CVEs Details:
Third-party Open-Source Components CVEs Details:
| Operating System Components | CVEs | More Information |
| puppet=3.8.5-15.18.1 | CVE-2021-27023 | See NVD (http://nvd.nist.gov/) for individual scores for each CVE. |
| rsyslog-module-gtls=8.2106.0-8.11.2 rsyslog=8.2106.0-8.11.2 |
CVE-2022-24903 | |
| libz1=1.2.11-11.22.1 | CVE-2022-37434 | |
| libvmtools0=12.1.0-4.45.1 open-vm-tools=12.1.0-4.45.1 |
CVE-2022-31676 | |
| libnl-config=3.2.23-4.7.1 libnl3-200=3.2.23-4.7.1 |
CVE-2017-0386 | |
| unzip=6.00-33.16.1 | CVE-2022-0530 | |
| samba-client-libs=4.15.8+git.473.1a1018e0a0b-3.71.2 | CVE-2022-1615 CVE-2022-2031 CVE-2022-32742 CVE-2022-32744 CVE-2022-32745 CVE-2022-32746 | |
| libpcre1=8.45-8.12.1 | CVE-2022-1586 | |
| runc=1.1.3-16.21.1 | CVE-2022-29162 | |
| libpython2_7-1_0=2.7.18-33.11.1 libpython3_4m1_0=3.4.10-25.93.1 python-base=2.7.18-33.11.1 python-xml=2.7.18-33.11.1 python3-base=3.4.10-25.93.1 python3=3.4.10-25.93.1 |
CVE-2015-20107 | |
| rsync=3.1.3-3.9.1 | CVE-2022-29154 | |
| grub2-i386-pc=2.02-143.2 grub2-snapper-plugin=2.02-143.2 grub2-systemd-sleep-plugin=2.02-143.2 grub2=2.02-143.2 |
CVE-2021-3695 CVE-2021-3696 CVE-2021-3697 CVE-2022-28733 CVE-2022-28734 CVE-2022-28736 |
|
| libp11-kit0=0.23.2-8.10.1 p11-kit-tools=0.23.2-8.10.1 p11-kit=0.23.2-8.10.1 |
CVE-2020-29362 | |
| kernel-default=4.12.14-122.133.1 | CVE-2022-21385 CVE-2022-3028 |
|
| containerd=1.6.6-16.62.1 | CVE-2022-31030 | |
| ucode-intel=20220809-3.46.1 | CVE-2022-21233 | |
| libjson-c2=0.12.1-4.3.1 | CVE-2013-6371 CVE-2020-12762 |
|
| perl-HTTP-Daemon=6.01-9.5.1 | CVE-2022-31081 | |
| libopenssl1_1=1.1.1d-2.69.1 | CVE-2022-2097 | |
| libicu52_1-data=52.1-8.13.1 libicu52_1=52.1-8.13.1 |
CVE-2020-21913 | |
| java-11-openjdk-headless=11.0.16.0-3.46.1 | CVE-2022-21540 CVE-2022-21541 CVE-2022-34169 |
|
| libcroco-0_6-3=0.6.11-12.6.45 | CVE-2020-12825 | |
| logrotate=3.11.0-2.20.1 | CVE-2021-3864 | |
| libpq5=14.5-3.14.9 postgresql10-server=10.22-4.31.1 postgresql10=10.22-4.31.1 postgresql14-server=14.5-3.14.9 postgresql14=14.5-3.14.9 |
CVE-2022-2625 | |
| libncurses5=5.9-78.1 libncurses6=5.9-78.1 ncurses-utils=5.9-78.1 terminfo-base=5.9-78.1 terminfo=5.9-78.1 |
CVE-2022-29458 | |
| expat=2.1.0-21.25.1 libexpat1=2.1.0-21.25.1 |
CVE-2022-40674 | |
| cifs-utils=6.9-13.23.1 | CVE-2022-29869 | |
| libpython3_6m1_0=3.6.15-27.1 python36-base=3.6.15-27.1 python36=3.6.15-27.1 |
CVE-2021-28861 | |
| python3-PyJWT=1.5.3-3.16.1 | CVE-2022-29217 | |
| permissions=20170707-6.10.1 | CVE-2022-31252 | |
| curl=7.60.0-11.46.1 libcurl4=7.60.0-11.46.1 |
CVE-2022-35252 | |
| libsqlite3-0=3.39.3-9.23.1 | CVE-2021-36690 CVE-2022-35737 |
|
| libjpeg8=8.1.2-31.28.1 | CVE-2020-35538 | |
| libpcre2-8-0=10.34-1.10.1 | CVE-2022-1587 | |
| gpg2-lang=2.0.24-9.11.1 gpg2=2.0.24-9.11.1 |
CVE-2022-34903 | |
| git-core=2.26.2-27.57.1 | CVE-2022-29187 | |
| libopenssl1_0_0=1.0.2p-3.56.1 openssl-1_0_0=1.0.2p-3.56.1 |
CVE-2022-1292 CVE-2022-2068 |
Third-party Open-Source Components CVEs Details:
Third-party Component |
CVEs | More Information |
|
moment/moment 2.29.3 |
CVE-2022-31129 | See NVD (http://nvd.nist.gov/) for individual scores for each CVE. |
| Passport.js0.5.2 | CVE-2022-25896 | |
| Apache Commons Configuration2.7 | CVE-2022-33980 | |
| Apache Tomcat9.0.64 | CVE-2022-34305 | |
| Spring Framework5.3.21 | CVE-2016-1000027 | |
| gson-2.8.5 | CVE-2022-25647 | |
| jackson-databind-2.10.4 | CVE-2020-25649 CVE-2020-36518 CVE-2020-28491 |
|
| netty-tcnative-boringssl-static-2.0.52.Final | CVE-2011-1797 | |
| netty-transport-4.1.66.Final | CVE-2021-37136 CVE-2021-37137 |
|
| okhttp-2.7.5 | CVE-2021-0341 | |
| postgresql-42.3.5 | CVE-2022-31197 | |
| Reactor RabbitMQ: A reactive API for RabbitMQ1.5.4 | CVE-2021-22116 | |
| snakeyaml-1.28 | CVE-2022-25857 | |
| tomcat-embed-core-9.0.62 | CVE-2022-29885 | |
| logback-classic 1.2.3 | CVE-2021-42550 | |
| Golang | CVE-2022-30629 CVE-2022-30580 CVE-2022-1962 CVE-2022-32148 CVE-2022-30635 CVE-2022-30633 CVE-2022-30632 CVE-2022-30631 CVE-2022-32189 |
Operating System Components CVEs Details:
Third-party Open-Source Components CVEs Details:
| Operating System Components | CVEs | More Information |
| puppet=3.8.5-15.18.1 | CVE-2021-27023 | See NVD (http://nvd.nist.gov/) for individual scores for each CVE. |
| rsyslog-module-gtls=8.2106.0-8.11.2 rsyslog=8.2106.0-8.11.2 |
CVE-2022-24903 | |
| libz1=1.2.11-11.22.1 | CVE-2022-37434 | |
| libvmtools0=12.1.0-4.45.1 open-vm-tools=12.1.0-4.45.1 |
CVE-2022-31676 | |
| libnl-config=3.2.23-4.7.1 libnl3-200=3.2.23-4.7.1 |
CVE-2017-0386 | |
| unzip=6.00-33.16.1 | CVE-2022-0530 | |
| samba-client-libs=4.15.8+git.473.1a1018e0a0b-3.71.2 | CVE-2022-1615 CVE-2022-2031 CVE-2022-32742 CVE-2022-32744 CVE-2022-32745 CVE-2022-32746 | |
| libpcre1=8.45-8.12.1 | CVE-2022-1586 | |
| runc=1.1.3-16.21.1 | CVE-2022-29162 | |
| libpython2_7-1_0=2.7.18-33.11.1 libpython3_4m1_0=3.4.10-25.93.1 python-base=2.7.18-33.11.1 python-xml=2.7.18-33.11.1 python3-base=3.4.10-25.93.1 python3=3.4.10-25.93.1 |
CVE-2015-20107 | |
| rsync=3.1.3-3.9.1 | CVE-2022-29154 | |
| grub2-i386-pc=2.02-143.2 grub2-snapper-plugin=2.02-143.2 grub2-systemd-sleep-plugin=2.02-143.2 grub2=2.02-143.2 |
CVE-2021-3695 CVE-2021-3696 CVE-2021-3697 CVE-2022-28733 CVE-2022-28734 CVE-2022-28736 |
|
| libp11-kit0=0.23.2-8.10.1 p11-kit-tools=0.23.2-8.10.1 p11-kit=0.23.2-8.10.1 |
CVE-2020-29362 | |
| kernel-default=4.12.14-122.133.1 | CVE-2022-21385 CVE-2022-3028 |
|
| containerd=1.6.6-16.62.1 | CVE-2022-31030 | |
| ucode-intel=20220809-3.46.1 | CVE-2022-21233 | |
| libjson-c2=0.12.1-4.3.1 | CVE-2013-6371 CVE-2020-12762 |
|
| perl-HTTP-Daemon=6.01-9.5.1 | CVE-2022-31081 | |
| libopenssl1_1=1.1.1d-2.69.1 | CVE-2022-2097 | |
| libicu52_1-data=52.1-8.13.1 libicu52_1=52.1-8.13.1 |
CVE-2020-21913 | |
| java-11-openjdk-headless=11.0.16.0-3.46.1 | CVE-2022-21540 CVE-2022-21541 CVE-2022-34169 |
|
| libcroco-0_6-3=0.6.11-12.6.45 | CVE-2020-12825 | |
| logrotate=3.11.0-2.20.1 | CVE-2021-3864 | |
| libpq5=14.5-3.14.9 postgresql10-server=10.22-4.31.1 postgresql10=10.22-4.31.1 postgresql14-server=14.5-3.14.9 postgresql14=14.5-3.14.9 |
CVE-2022-2625 | |
| libncurses5=5.9-78.1 libncurses6=5.9-78.1 ncurses-utils=5.9-78.1 terminfo-base=5.9-78.1 terminfo=5.9-78.1 |
CVE-2022-29458 | |
| expat=2.1.0-21.25.1 libexpat1=2.1.0-21.25.1 |
CVE-2022-40674 | |
| cifs-utils=6.9-13.23.1 | CVE-2022-29869 | |
| libpython3_6m1_0=3.6.15-27.1 python36-base=3.6.15-27.1 python36=3.6.15-27.1 |
CVE-2021-28861 | |
| python3-PyJWT=1.5.3-3.16.1 | CVE-2022-29217 | |
| permissions=20170707-6.10.1 | CVE-2022-31252 | |
| curl=7.60.0-11.46.1 libcurl4=7.60.0-11.46.1 |
CVE-2022-35252 | |
| libsqlite3-0=3.39.3-9.23.1 | CVE-2021-36690 CVE-2022-35737 |
|
| libjpeg8=8.1.2-31.28.1 | CVE-2020-35538 | |
| libpcre2-8-0=10.34-1.10.1 | CVE-2022-1587 | |
| gpg2-lang=2.0.24-9.11.1 gpg2=2.0.24-9.11.1 |
CVE-2022-34903 | |
| git-core=2.26.2-27.57.1 | CVE-2022-29187 | |
| libopenssl1_0_0=1.0.2p-3.56.1 openssl-1_0_0=1.0.2p-3.56.1 |
CVE-2022-1292 CVE-2022-2068 |
Third-party Open-Source Components CVEs Details:
Third-party Component |
CVEs | More Information |
|
moment/moment 2.29.3 |
CVE-2022-31129 | See NVD (http://nvd.nist.gov/) for individual scores for each CVE. |
| Passport.js0.5.2 | CVE-2022-25896 | |
| Apache Commons Configuration2.7 | CVE-2022-33980 | |
| Apache Tomcat9.0.64 | CVE-2022-34305 | |
| Spring Framework5.3.21 | CVE-2016-1000027 | |
| gson-2.8.5 | CVE-2022-25647 | |
| jackson-databind-2.10.4 | CVE-2020-25649 CVE-2020-36518 CVE-2020-28491 |
|
| netty-tcnative-boringssl-static-2.0.52.Final | CVE-2011-1797 | |
| netty-transport-4.1.66.Final | CVE-2021-37136 CVE-2021-37137 |
|
| okhttp-2.7.5 | CVE-2021-0341 | |
| postgresql-42.3.5 | CVE-2022-31197 | |
| Reactor RabbitMQ: A reactive API for RabbitMQ1.5.4 | CVE-2021-22116 | |
| snakeyaml-1.28 | CVE-2022-25857 | |
| tomcat-embed-core-9.0.62 | CVE-2022-29885 | |
| logback-classic 1.2.3 | CVE-2021-42550 | |
| Golang | CVE-2022-30629 CVE-2022-30580 CVE-2022-1962 CVE-2022-32148 CVE-2022-30635 CVE-2022-30633 CVE-2022-30632 CVE-2022-30631 CVE-2022-32189 |
Affected Products & Remediation
| Product | Affected Versions | Updated Versions | Link to Update | |
| Dell PowerProtect Data Manager | 19.11 and earlier | 19.12 and later | PowerProtect Data Manager 19.12 drivers and downloads. | |
Note: The above table may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
| Product | Affected Versions | Updated Versions | Link to Update | |
| Dell PowerProtect Data Manager | 19.11 and earlier | 19.12 and later | PowerProtect Data Manager 19.12 drivers and downloads. | |
Note: The above table may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
Workarounds & Mitigations
Revision History
| Revision | Date | Description |
| 1.0 | 2022-11-03 | Initial Release |
Related Information
Legal Disclaimer
Affected Products
PowerProtect Data Manager, Product Security InformationArticle Properties
Article Number: 000204973
Article Type: Dell Security Advisory
Last Modified: 09 Sep 2025
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.