Some article numbers may have changed. If this isn't what you're looking for, try searching all articles. Search articles

Article Number: 000204973

DSA-2022-296: Dell PowerProtect Data Manager Update for Multiple Security Vulnerabilities

Summary: Dell PowerProtect Data Manager remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

Article Content

Impact

Critical

Details

Operating System Components CVEs Details:

Operating System Components	CVEs	More Information
puppet=3.8.5-15.18.1	CVE-2021-27023	See NVD (http://nvd.nist.gov/) for individual scores for each CVE.
rsyslog-module-gtls=8.2106.0-8.11.2 rsyslog=8.2106.0-8.11.2	CVE-2022-24903
libz1=1.2.11-11.22.1	CVE-2022-37434
libvmtools0=12.1.0-4.45.1 open-vm-tools=12.1.0-4.45.1	CVE-2022-31676
libnl-config=3.2.23-4.7.1 libnl3-200=3.2.23-4.7.1	CVE-2017-0386
unzip=6.00-33.16.1	CVE-2022-0530
samba-client-libs=4.15.8+git.473.1a1018e0a0b-3.71.2	CVE-2022-1615 CVE-2022-2031 CVE-2022-32742 CVE-2022-32744 CVE-2022-32745 CVE-2022-32746
libpcre1=8.45-8.12.1	CVE-2022-1586
runc=1.1.3-16.21.1	CVE-2022-29162
libpython2_7-1_0=2.7.18-33.11.1 libpython3_4m1_0=3.4.10-25.93.1 python-base=2.7.18-33.11.1 python-xml=2.7.18-33.11.1 python3-base=3.4.10-25.93.1 python3=3.4.10-25.93.1	CVE-2015-20107
rsync=3.1.3-3.9.1	CVE-2022-29154
grub2-i386-pc=2.02-143.2 grub2-snapper-plugin=2.02-143.2 grub2-systemd-sleep-plugin=2.02-143.2 grub2=2.02-143.2	CVE-2021-3695 CVE-2021-3696 CVE-2021-3697 CVE-2022-28733 CVE-2022-28734 CVE-2022-28736
libp11-kit0=0.23.2-8.10.1 p11-kit-tools=0.23.2-8.10.1 p11-kit=0.23.2-8.10.1	CVE-2020-29362
kernel-default=4.12.14-122.133.1	CVE-2022-21385 CVE-2022-3028
containerd=1.6.6-16.62.1	CVE-2022-31030
ucode-intel=20220809-3.46.1	CVE-2022-21233
libjson-c2=0.12.1-4.3.1	CVE-2013-6371 CVE-2020-12762
perl-HTTP-Daemon=6.01-9.5.1	CVE-2022-31081
libopenssl1_1=1.1.1d-2.69.1	CVE-2022-2097
libicu52_1-data=52.1-8.13.1 libicu52_1=52.1-8.13.1	CVE-2020-21913
java-11-openjdk-headless=11.0.16.0-3.46.1	CVE-2022-21540 CVE-2022-21541 CVE-2022-34169
libcroco-0_6-3=0.6.11-12.6.45	CVE-2020-12825
logrotate=3.11.0-2.20.1	CVE-2021-3864
libpq5=14.5-3.14.9 postgresql10-server=10.22-4.31.1 postgresql10=10.22-4.31.1 postgresql14-server=14.5-3.14.9 postgresql14=14.5-3.14.9	CVE-2022-2625
libncurses5=5.9-78.1 libncurses6=5.9-78.1 ncurses-utils=5.9-78.1 terminfo-base=5.9-78.1 terminfo=5.9-78.1	CVE-2022-29458
expat=2.1.0-21.25.1 libexpat1=2.1.0-21.25.1	CVE-2022-40674
cifs-utils=6.9-13.23.1	CVE-2022-29869
libpython3_6m1_0=3.6.15-27.1 python36-base=3.6.15-27.1 python36=3.6.15-27.1	CVE-2021-28861
python3-PyJWT=1.5.3-3.16.1	CVE-2022-29217
permissions=20170707-6.10.1	CVE-2022-31252
curl=7.60.0-11.46.1 libcurl4=7.60.0-11.46.1	CVE-2022-35252
libsqlite3-0=3.39.3-9.23.1	CVE-2021-36690 CVE-2022-35737
libjpeg8=8.1.2-31.28.1	CVE-2020-35538
libpcre2-8-0=10.34-1.10.1	CVE-2022-1587
gpg2-lang=2.0.24-9.11.1 gpg2=2.0.24-9.11.1	CVE-2022-34903
git-core=2.26.2-27.57.1	CVE-2022-29187
libopenssl1_0_0=1.0.2p-3.56.1 openssl-1_0_0=1.0.2p-3.56.1	CVE-2022-1292 CVE-2022-2068

Third-party Open-Source Components CVEs Details:

Third-party Component	CVEs	More Information
moment/moment 2.29.3	CVE-2022-31129	See NVD (http://nvd.nist.gov/) for individual scores for each CVE.
Passport.js0.5.2	CVE-2022-25896
Apache Commons Configuration2.7	CVE-2022-33980
Apache Tomcat9.0.64	CVE-2022-34305
Spring Framework5.3.21	CVE-2016-1000027
gson-2.8.5	CVE-2022-25647
jackson-databind-2.10.4	CVE-2020-25649 CVE-2020-36518 CVE-2020-28491
netty-tcnative-boringssl-static-2.0.52.Final	CVE-2011-1797
netty-transport-4.1.66.Final	CVE-2021-37136 CVE-2021-37137
okhttp-2.7.5	CVE-2021-0341
postgresql-42.3.5	CVE-2022-31197
Reactor RabbitMQ: A reactive API for RabbitMQ1.5.4	CVE-2021-22116
snakeyaml-1.28	CVE-2022-25857
tomcat-embed-core-9.0.62	CVE-2022-29885
logback-classic 1.2.3	CVE-2021-42550
Golang	CVE-2022-30629 CVE-2022-30580 CVE-2022-1962 CVE-2022-32148 CVE-2022-30635 CVE-2022-30633 CVE-2022-30632 CVE-2022-30631 CVE-2022-32189

Operating System Components CVEs Details:

Operating System Components	CVEs	More Information
puppet=3.8.5-15.18.1	CVE-2021-27023	See NVD (http://nvd.nist.gov/) for individual scores for each CVE.
rsyslog-module-gtls=8.2106.0-8.11.2 rsyslog=8.2106.0-8.11.2	CVE-2022-24903
libz1=1.2.11-11.22.1	CVE-2022-37434
libvmtools0=12.1.0-4.45.1 open-vm-tools=12.1.0-4.45.1	CVE-2022-31676
libnl-config=3.2.23-4.7.1 libnl3-200=3.2.23-4.7.1	CVE-2017-0386
unzip=6.00-33.16.1	CVE-2022-0530
samba-client-libs=4.15.8+git.473.1a1018e0a0b-3.71.2	CVE-2022-1615 CVE-2022-2031 CVE-2022-32742 CVE-2022-32744 CVE-2022-32745 CVE-2022-32746
libpcre1=8.45-8.12.1	CVE-2022-1586
runc=1.1.3-16.21.1	CVE-2022-29162
libpython2_7-1_0=2.7.18-33.11.1 libpython3_4m1_0=3.4.10-25.93.1 python-base=2.7.18-33.11.1 python-xml=2.7.18-33.11.1 python3-base=3.4.10-25.93.1 python3=3.4.10-25.93.1	CVE-2015-20107
rsync=3.1.3-3.9.1	CVE-2022-29154
grub2-i386-pc=2.02-143.2 grub2-snapper-plugin=2.02-143.2 grub2-systemd-sleep-plugin=2.02-143.2 grub2=2.02-143.2	CVE-2021-3695 CVE-2021-3696 CVE-2021-3697 CVE-2022-28733 CVE-2022-28734 CVE-2022-28736
libp11-kit0=0.23.2-8.10.1 p11-kit-tools=0.23.2-8.10.1 p11-kit=0.23.2-8.10.1	CVE-2020-29362
kernel-default=4.12.14-122.133.1	CVE-2022-21385 CVE-2022-3028
containerd=1.6.6-16.62.1	CVE-2022-31030
ucode-intel=20220809-3.46.1	CVE-2022-21233
libjson-c2=0.12.1-4.3.1	CVE-2013-6371 CVE-2020-12762
perl-HTTP-Daemon=6.01-9.5.1	CVE-2022-31081
libopenssl1_1=1.1.1d-2.69.1	CVE-2022-2097
libicu52_1-data=52.1-8.13.1 libicu52_1=52.1-8.13.1	CVE-2020-21913
java-11-openjdk-headless=11.0.16.0-3.46.1	CVE-2022-21540 CVE-2022-21541 CVE-2022-34169
libcroco-0_6-3=0.6.11-12.6.45	CVE-2020-12825
logrotate=3.11.0-2.20.1	CVE-2021-3864
libpq5=14.5-3.14.9 postgresql10-server=10.22-4.31.1 postgresql10=10.22-4.31.1 postgresql14-server=14.5-3.14.9 postgresql14=14.5-3.14.9	CVE-2022-2625
libncurses5=5.9-78.1 libncurses6=5.9-78.1 ncurses-utils=5.9-78.1 terminfo-base=5.9-78.1 terminfo=5.9-78.1	CVE-2022-29458
expat=2.1.0-21.25.1 libexpat1=2.1.0-21.25.1	CVE-2022-40674
cifs-utils=6.9-13.23.1	CVE-2022-29869
libpython3_6m1_0=3.6.15-27.1 python36-base=3.6.15-27.1 python36=3.6.15-27.1	CVE-2021-28861
python3-PyJWT=1.5.3-3.16.1	CVE-2022-29217
permissions=20170707-6.10.1	CVE-2022-31252
curl=7.60.0-11.46.1 libcurl4=7.60.0-11.46.1	CVE-2022-35252
libsqlite3-0=3.39.3-9.23.1	CVE-2021-36690 CVE-2022-35737
libjpeg8=8.1.2-31.28.1	CVE-2020-35538
libpcre2-8-0=10.34-1.10.1	CVE-2022-1587
gpg2-lang=2.0.24-9.11.1 gpg2=2.0.24-9.11.1	CVE-2022-34903
git-core=2.26.2-27.57.1	CVE-2022-29187
libopenssl1_0_0=1.0.2p-3.56.1 openssl-1_0_0=1.0.2p-3.56.1	CVE-2022-1292 CVE-2022-2068

Third-party Open-Source Components CVEs Details:

Third-party Component	CVEs	More Information
moment/moment 2.29.3	CVE-2022-31129	See NVD (http://nvd.nist.gov/) for individual scores for each CVE.
Passport.js0.5.2	CVE-2022-25896
Apache Commons Configuration2.7	CVE-2022-33980
Apache Tomcat9.0.64	CVE-2022-34305
Spring Framework5.3.21	CVE-2016-1000027
gson-2.8.5	CVE-2022-25647
jackson-databind-2.10.4	CVE-2020-25649 CVE-2020-36518 CVE-2020-28491
netty-tcnative-boringssl-static-2.0.52.Final	CVE-2011-1797
netty-transport-4.1.66.Final	CVE-2021-37136 CVE-2021-37137
okhttp-2.7.5	CVE-2021-0341
postgresql-42.3.5	CVE-2022-31197
Reactor RabbitMQ: A reactive API for RabbitMQ1.5.4	CVE-2021-22116
snakeyaml-1.28	CVE-2022-25857
tomcat-embed-core-9.0.62	CVE-2022-29885
logback-classic 1.2.3	CVE-2021-42550
Golang	CVE-2022-30629 CVE-2022-30580 CVE-2022-1962 CVE-2022-32148 CVE-2022-30635 CVE-2022-30633 CVE-2022-30632 CVE-2022-30631 CVE-2022-32189

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

Product	Affected Versions	Updated Versions	Link to Update
Dell PowerProtect Data Manager	19.11 and earlier	19.12 and later	PowerProtect Data Manager 19.12 drivers and downloads.

Note: The above table may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.

Product	Affected Versions	Updated Versions	Link to Update
Dell PowerProtect Data Manager	19.11 and earlier	19.12 and later	PowerProtect Data Manager 19.12 drivers and downloads.

Note: The above table may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.

Workarounds and Mitigations

Revision History

Revision	Date	Description
1.0	2022-11-03	Initial Release

DSA-2022-296: Dell PowerProtect Data Manager Update for Multiple Security Vulnerabilities

Summary: Dell PowerProtect Data Manager remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

Article Content

Impact

Details

Third-party Component

Third-party Component

Affected Products and Remediation

Workarounds and Mitigations

Revision History

Related Information

Legal Information

Article Properties

Affected Product

Last Published Date

Version

Article Type

Welcome

Welcome to Dell

DSA-2022-296: Dell PowerProtect Data Manager Update for Multiple Security Vulnerabilities

Summary: Dell PowerProtect Data Manager remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

Article Content

Impact

Details

Third-party Component

Third-party Component

Affected Products and Remediation

Workarounds and Mitigations

Revision History

Related Information

Legal Information

Article Properties

Affected Product

Last Published Date

Version

Article Type