Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.

Article Number: 000218619


DSA-2023-389: Security Update for Dell Technologies PowerProtect DataDomain Vulnerabilities

Summary: Dell Technologies PowerProtect DataDomain remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Article Content


Impact

Critical

Details

Third-party Component CVEs More Information
Apache CVE-2022-28331, CVE-2022-24963, CVE-2021-35940, CVE-2023-24998, CVE-2023-27522, CVE-2023-25690, CVE-2022-37436, CVE-2022-36760, CVE-2022-31813, CVE-2022-30556, CVE-2022-30522, CVE-2022-29404, CVE-2022-28615, CVE-2022-28614, CVE-2022-28330, CVE-2022-26377, CVE-2006-20001, CVE-2023-27522, CVE-2023-25690, CVE-2022-45143 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Postgres CVE-2023-0215, CVE-2022-41862 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Linux CVE-2023-26545, CVE-2023-26242, CVE-2023-25012, CVE-2023-23559, CVE-2023-23455, CVE-2023-23454, CVE-2023-22998, CVE-2023-0615, CVE-2023-0469, CVE-2023-0468, CVE-2023-0394, CVE-2023-0266, CVE-2023-0240, CVE-2022-47929, CVE-2022-47521, CVE-2022-47520, CVE-2022-47519, CVE-2022-47518, CVE-2022-4662, CVE-2022-45934, CVE-2022-45919, CVE-2022-45888, CVE-2022-45887, CVE-2022-45886, CVE-2022-45885, CVE-2022-45884 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
rsyslog CVE-2022-24903 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
p11-kit CVE-2020-29362 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
PCRE2 CVE-2022-1586 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
containerd, docker CVE-2022-23648, CVE-2022-24769, CVE-2022-27191, CVE-2021-43565, CVE-2021-41190, CVE-2022-23648, CVE-2022-27191, CVE-2022-23471, CVE-2022-31030, CVE-2022-29162, CVE-2021-41190, CVE-2021-41103, CVE-2021-41092, CVE-2021-41091, CVE-2021-41089, CVE-2022-36109 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Runc CVE-2023-28642, CVE-2023-27561, CVE-2023-25809 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Unzip CVE-2022-0529, CVE-2022-0530 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
udisks2 CVE-2022-21233 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Libtasb1 CVE-2021-46848 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Bind CVE-2022-2795, CVE-2022-38177, CVE-2022-38178 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Python CVE-2023-24329, CVE-2022-40899, CVE-2022-45061, CVE-2022-42919, CVE-2022-37454 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
libxml2 CVE-2022-40304, CVE-2022-40303, CVE-2022-29824, CVE-2022-23308, CVE-2021-3541, CVE-2021-3537, CVE-2021-3518, CVE-2021-3517, CVE-2022-40304, CVE-2022-40303 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
OpenSSL CVE-2023-0464, CVE-2023-0465, CVE-2023-0466 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Java CVE-2022-31129, CVE-2021-23337 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
c-ares CVE-2020-8277, CVE-2021-3672 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Certifi CVE-2022-23491 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Curl CVE-2023-23916, CVE-2023-27538, CVE-2023-27536, CVE-2023-27535, CVE-2023-27534, CVE-2023-27533 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Systemd CVE-2023-26604 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Tar CVE-2022-48303 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Libxslt CVE-2021-30560 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
glib2 CVE-2023-24593, CVE-2023-25180 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Libpq5 CVE-2022-41862 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

CVEs Addressed Product Affected Versions Remediated Versions Link
CVE-2022-28331, CVE-2022-24963, CVE-2021-35940, CVE-2023-24998, CVE-2023-27522, CVE-2023-25690, CVE-2022-37436, CVE-2022-36760, CVE-2022-31813, CVE-2022-30556, CVE-2022-30522, CVE-2022-29404, CVE-2022-28615, CVE-2022-28614, CVE-2022-28330, CVE-2022-26377, CVE-2006-20001, CVE-2022-31129, CVE-2020-8277, CVE-2021-3672, CVE-2023-27522, CVE-2023-25690, CVE-2022-45143, CVE-2021-23337  PowerProtect DD DDOS, DDMC, and SmartScale.


 
Versions 7.0 through 7.11
 
Versions 7.12.0.0 and above
or
7.10.1.10 and above to stay on LTS2023 7.10
or
7.7.5.20 and above to stay on LTS2022 7.7
 For more details about DDOS versions available for download, see the links below (requires log in to Dell Support to view articles):
https://www.dell.com/support/kbdoc/334649
https://www.dell.com/support/kbdoc/525902
 
CVE-2022-28331, CVE-2022-24963, CVE-2021-35940, CVE-2023-24998, CVE-2023-27522, CVE-2023-25690, CVE-2022-37436, CVE-2022-36760, CVE-2022-31813, CVE-2022-30556, CVE-2022-30522, CVE-2022-29404, CVE-2022-28615, CVE-2022-28614, CVE-2022-28330, CVE-2022-26377, CVE-2006-20001, CVE-2022-31129, CVE-2020-8277, CVE-2021-3672, CVE-2023-27522, CVE-2023-25690, CVE-2022-45143, CVE-2023-24329, CVE-2022-45061, CVE-2022-42919, CVE-2022-37454, CVE-2021-23337 PowerProtect DD DDOS, DDMC



 
Versions 6.2.1.100 and below Next release  
CVE-2023-24329, CVE-2022-45061, CVE-2022-42919, CVE-2022-37454 PowerProtect DD DDOS, DDMC


 
Versions 7.0 through 7.11 Versions 7.12.0.0 and above
or
7.10.1.10 and above to stay on LTS2023 7.10
or
7.7.5.20 and above to stay on LTS2022 7.7
For more details about DDOS versions available for download, see the links below (requires log in to Dell Support to view articles):
https://www.dell.com/support/kbdoc/334649
https://www.dell.com/support/kbdoc/525902
 
CVE-2023-0215, CVE-2022-41862, CVE-2023-26545, CVE-2023-26242, CVE-2023-25012, CVE-2023-23559, CVE-2023-23455, CVE-2023-23454, CVE-2023-22998, CVE-2023-0615, CVE-2023-0469, CVE-2023-0468, CVE-2023-0394, CVE-2023-0266, CVE-2023-0240, CVE-2022-47929, CVE-2022-47521, CVE-2022-47520, CVE-2022-47519, CVE-2022-47518, CVE-2022-4662, CVE-2022-45934, CVE-2022-45919, CVE-2022-45888, CVE-2022-45887, CVE-2022-45886, CVE-2022-45885, CVE-2022-45884, CVE-2022-24903, CVE-2020-29362, CVE-2022-1586, CVE-2022-23648, CVE-2022-24769, CVE-2022-27191, CVE-2021-43565, CVE-2021-41190, CVE-2022-23648, CVE-2022-27191, CVE-2022-23471, CVE-2022-31030,CVE-2022-29162, CVE-2021-41190, CVE-2021-41103, CVE-2021-41092, CVE-2021-41091, CVE-2021-41089, CVE-2022-36109, CVE-2023-28642, CVE-2023-27561, CVE-2023-25809, CVE-2022-0529, CVE-2022-0530, CVE-2022-21233, CVE-2021-46848, CVE-2022-2795, CVE-2022-38177, CVE-2022-38178, CVE-2023-24329,CVE-2022-40899, CVE-2022-40304, CVE-2022-40303, CVE-2022-29824, CVE-2022-23308, CVE-2021-3541, CVE-2021-3537, CVE-2021-3518, CVE-2021-3517, CVE-2022-40304, CVE-2022-40303, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2022-23491, CVE-2023-23916, CVE-2023-27538, CVE-2023-27536, CVE-2023-27535, CVE-2023-27534, CVE-2023-27533, CVE-2023-26604, CVE-2022-48303, CVE-2021-30560, CVE-2023-24593, CVE-2023-25180, CVE-2022-41862 PowerProtect DD SmartScale


 
Versions 7.8 through 7.11 Versions 7.12.0.0 and above
or
7.10.1.10 and above to stay on LTS2023 7.10
For more details about DDOS versions available for download, see the links below (requires log in to Dell Support to view articles):
https://www.dell.com/support/kbdoc/334649
https://www.dell.com/support/kbdoc/525902
 
CVE-2022-28331, CVE-2022-24963, CVE-2021-35940, CVE-2023-24998, CVE-2023-27522, CVE-2023-25690, CVE-2022-37436, CVE-2022-36760, CVE-2022-31813, CVE-2022-30556, CVE-2022-30522, CVE-2022-29404, CVE-2022-28615, CVE-2022-28614, CVE-2022-28330, CVE-2022-26377, CVE-2006-20001, CVE-2022-31129, CVE-2020-8277, CVE-2021-3672, CVE-2023-27522, CVE-2023-25690, CVE-2022-45143, CVE-2021-23337, CVE-2022-28331, CVE-2022-24963, CVE-2021-35940, CVE-2023-24998, CVE-2023-27522, CVE-2023-25690, CVE-2022-37436, CVE-2022-36760, CVE-2022-31813, CVE-2022-30556, CVE-2022-30522, CVE-2022-29404, CVE-2022-28615, CVE-2022-28614, CVE-2022-28330, CVE-2022-26377, CVE-2006-20001, CVE-2022-31129, CVE-2020-8277, CVE-2021-3672, CVE-2023-27522, CVE-2023-25690, CVE-2022-45143, CVE-2023-24329, CVE-2022-45061, CVE-2022-42919, CVE-2022-37454, CVE-2021-23337, CVE-2023-24329, CVE-2022-45061, CVE-2022-42919, CVE-2022-37454 PowerProtect DP Series Appliance (IDPA) Versions prior to 2.7.4 Version 2.7.6 For more details about DDOS versions available for download, see the links below (requires log in to Dell Support to view articles):
https://www.dell.com/support/kbdoc/334649
https://www.dell.com/support/kbdoc/525902
 

Dell KB articles 
IDPA : Allowed Point Product Upgrades
Procedure to upgrade DataDomainOS
CVEs Addressed Product Affected Versions Remediated Versions Link
CVE-2022-28331, CVE-2022-24963, CVE-2021-35940, CVE-2023-24998, CVE-2023-27522, CVE-2023-25690, CVE-2022-37436, CVE-2022-36760, CVE-2022-31813, CVE-2022-30556, CVE-2022-30522, CVE-2022-29404, CVE-2022-28615, CVE-2022-28614, CVE-2022-28330, CVE-2022-26377, CVE-2006-20001, CVE-2022-31129, CVE-2020-8277, CVE-2021-3672, CVE-2023-27522, CVE-2023-25690, CVE-2022-45143, CVE-2021-23337  PowerProtect DD DDOS, DDMC, and SmartScale.


 
Versions 7.0 through 7.11
 
Versions 7.12.0.0 and above
or
7.10.1.10 and above to stay on LTS2023 7.10
or
7.7.5.20 and above to stay on LTS2022 7.7
 For more details about DDOS versions available for download, see the links below (requires log in to Dell Support to view articles):
https://www.dell.com/support/kbdoc/334649
https://www.dell.com/support/kbdoc/525902
 
CVE-2022-28331, CVE-2022-24963, CVE-2021-35940, CVE-2023-24998, CVE-2023-27522, CVE-2023-25690, CVE-2022-37436, CVE-2022-36760, CVE-2022-31813, CVE-2022-30556, CVE-2022-30522, CVE-2022-29404, CVE-2022-28615, CVE-2022-28614, CVE-2022-28330, CVE-2022-26377, CVE-2006-20001, CVE-2022-31129, CVE-2020-8277, CVE-2021-3672, CVE-2023-27522, CVE-2023-25690, CVE-2022-45143, CVE-2023-24329, CVE-2022-45061, CVE-2022-42919, CVE-2022-37454, CVE-2021-23337 PowerProtect DD DDOS, DDMC



 
Versions 6.2.1.100 and below Next release  
CVE-2023-24329, CVE-2022-45061, CVE-2022-42919, CVE-2022-37454 PowerProtect DD DDOS, DDMC


 
Versions 7.0 through 7.11 Versions 7.12.0.0 and above
or
7.10.1.10 and above to stay on LTS2023 7.10
or
7.7.5.20 and above to stay on LTS2022 7.7
For more details about DDOS versions available for download, see the links below (requires log in to Dell Support to view articles):
https://www.dell.com/support/kbdoc/334649
https://www.dell.com/support/kbdoc/525902
 
CVE-2023-0215, CVE-2022-41862, CVE-2023-26545, CVE-2023-26242, CVE-2023-25012, CVE-2023-23559, CVE-2023-23455, CVE-2023-23454, CVE-2023-22998, CVE-2023-0615, CVE-2023-0469, CVE-2023-0468, CVE-2023-0394, CVE-2023-0266, CVE-2023-0240, CVE-2022-47929, CVE-2022-47521, CVE-2022-47520, CVE-2022-47519, CVE-2022-47518, CVE-2022-4662, CVE-2022-45934, CVE-2022-45919, CVE-2022-45888, CVE-2022-45887, CVE-2022-45886, CVE-2022-45885, CVE-2022-45884, CVE-2022-24903, CVE-2020-29362, CVE-2022-1586, CVE-2022-23648, CVE-2022-24769, CVE-2022-27191, CVE-2021-43565, CVE-2021-41190, CVE-2022-23648, CVE-2022-27191, CVE-2022-23471, CVE-2022-31030,CVE-2022-29162, CVE-2021-41190, CVE-2021-41103, CVE-2021-41092, CVE-2021-41091, CVE-2021-41089, CVE-2022-36109, CVE-2023-28642, CVE-2023-27561, CVE-2023-25809, CVE-2022-0529, CVE-2022-0530, CVE-2022-21233, CVE-2021-46848, CVE-2022-2795, CVE-2022-38177, CVE-2022-38178, CVE-2023-24329,CVE-2022-40899, CVE-2022-40304, CVE-2022-40303, CVE-2022-29824, CVE-2022-23308, CVE-2021-3541, CVE-2021-3537, CVE-2021-3518, CVE-2021-3517, CVE-2022-40304, CVE-2022-40303, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2022-23491, CVE-2023-23916, CVE-2023-27538, CVE-2023-27536, CVE-2023-27535, CVE-2023-27534, CVE-2023-27533, CVE-2023-26604, CVE-2022-48303, CVE-2021-30560, CVE-2023-24593, CVE-2023-25180, CVE-2022-41862 PowerProtect DD SmartScale


 
Versions 7.8 through 7.11 Versions 7.12.0.0 and above
or
7.10.1.10 and above to stay on LTS2023 7.10
For more details about DDOS versions available for download, see the links below (requires log in to Dell Support to view articles):
https://www.dell.com/support/kbdoc/334649
https://www.dell.com/support/kbdoc/525902
 
CVE-2022-28331, CVE-2022-24963, CVE-2021-35940, CVE-2023-24998, CVE-2023-27522, CVE-2023-25690, CVE-2022-37436, CVE-2022-36760, CVE-2022-31813, CVE-2022-30556, CVE-2022-30522, CVE-2022-29404, CVE-2022-28615, CVE-2022-28614, CVE-2022-28330, CVE-2022-26377, CVE-2006-20001, CVE-2022-31129, CVE-2020-8277, CVE-2021-3672, CVE-2023-27522, CVE-2023-25690, CVE-2022-45143, CVE-2021-23337, CVE-2022-28331, CVE-2022-24963, CVE-2021-35940, CVE-2023-24998, CVE-2023-27522, CVE-2023-25690, CVE-2022-37436, CVE-2022-36760, CVE-2022-31813, CVE-2022-30556, CVE-2022-30522, CVE-2022-29404, CVE-2022-28615, CVE-2022-28614, CVE-2022-28330, CVE-2022-26377, CVE-2006-20001, CVE-2022-31129, CVE-2020-8277, CVE-2021-3672, CVE-2023-27522, CVE-2023-25690, CVE-2022-45143, CVE-2023-24329, CVE-2022-45061, CVE-2022-42919, CVE-2022-37454, CVE-2021-23337, CVE-2023-24329, CVE-2022-45061, CVE-2022-42919, CVE-2022-37454 PowerProtect DP Series Appliance (IDPA) Versions prior to 2.7.4 Version 2.7.6 For more details about DDOS versions available for download, see the links below (requires log in to Dell Support to view articles):
https://www.dell.com/support/kbdoc/334649
https://www.dell.com/support/kbdoc/525902
 

Dell KB articles 
IDPA : Allowed Point Product Upgrades
Procedure to upgrade DataDomainOS
Highest CVSS score of affected CVEs is Critical 9.8 from CVE-2022-28331, CVE-2022-24963, CVE-2022-24963, CVE-2022-36760, CVE-2022-31813, CVE-2022-28615, CVE-2022-37454, CVE-2023-25690, CVE-2022-1586, CVE-2021-46848

Workarounds and Mitigations

None

Revision History

RevisionDateDescription
1.02023-10-16Initial Release
2.02023-10-20Added CVE-2021-23337 in Java section of Third-Party Components.  
Added CVE-2021-23337 to the Affected Products and Remediation Table for PowerProtect DD DDOS, DDMC, and SmartScale Affected Versions 7.0 to 7.11 and PowerProtect DD DDOS, DDMC version 6.2.1.100
Updated Affected Product section under Article Properties
Combined 6.2.1.100 CVE's to one line in the Affected Products and Remediation table
Removed "SmartScale" from PowerProtect DD DDOS and DDMC for Version 6.2.1.100
 
3.02023-10-30Cosmetic update: Combined the Third-Party Component "Python" into one row in the Third-Party Components Table
4.02023-11-20Added Under Affect Products and Remedition table - Product PowerProtect DP Series (IDPA) with the CVE's addressed, Affected Version, Remediated Version, and Link
5.02024-01-24Updated the Third Party Component Table for Product PowerProtect DP Series Appliance (IDPA) by updating the Remediated Version from Versions 2.7.2, 2.7.3, 2.7.4, with 7.7.5.20 patch to Version 2.7.6

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide


Article Properties


Affected Product
Data Domain, PowerProtect Data Protection Appliance, DD OS 7.0, DD OS 7.1, DD OS 7.10, DD OS 7.11, DD OS 7.2, DD OS 7.3, DD OS 7.4, DD OS 7.5, DD OS 7.6, DD OS 7.7, DD OS 7.8, DD OS 7.9, PowerProtect Data Domain Management Center , PowerProtect Data Protection Software, Integrated Data Protection Appliance Family, Integrated Data Protection Appliance Software ...
Last Published Date

24 Jan 2024

Version

5

Article Type

Dell Security Advisory