Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.
Sign In Create an Account Dell Financial Services Premier Sign In Partner Program Sign In
Contact Us

Your Dell.com Carts

Article Number: 000221720

DSA-2024-063 : Security Update for Dell Data Protection Search Multiple Security Vulnerabilities

Summary: Dell Data Protection Search remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Article Content

Impact

Critical

Details

Third-party Component CVEs More Information
Oracle JRE CVE-2023-22043, CVE-2023-22041, CVE-2023-22051, CVE-2023-25193, CVE-2023-22044, CVE-2023-22045, CVE-2023-22049, CVE-2023-22036, CVE-2023-22006 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies. , cpujul2023This hyperlink is taking you to a website outside of Dell Technologies.
Nginx CVE-2022-41742, CVE-2022-41741 K28112382This hyperlink is taking you to a website outside of Dell Technologies., K81926432This hyperlink is taking you to a website outside of Dell Technologies.
openssl CVE-2023-0286, CVE-2023-0215, CVE-2022-4450, CVE-2022-4304 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Linux kernel CVE-2023-30772, CVE-2023-3483, CVE-2023-2162, CVE-2023-2124, CVE-2023-1998, CVE-2023-1990, CVE-2023-1989, CVE-2023-1855, CVE-2023-1670, CVE-2023-1611 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Kernel-default CVE-2022-20141, CVE-2022-29581, CVE-2021-4202, CVE-2021-39713, CVE-2022-0435, CVE-2021-4157 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
libtiff CVE-2019-17546, CVE-2017-17095 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
ApacheLog4j CVE-2021-44832 https://nvd.nist.gov/vuln/detail/CVE-2021-44832This hyperlink is taking you to a website outside of Dell Technologies.
 
 

Proprietary Code CVE(s) Description CVSS Base Score CVSS Vector String
CVE-2024-22433 Dell Data Protection Search 19.2.0 and above contain an exposed password opportunity in plain text when using LdapSettings.get_ldap_info in DP Search. A remote unauthorized unauthenticated attacker could potentially exploit this vulnerability leading to a loss of Confidentiality, Integrity, Protection, and remote takeover of the system. This is a high-severity vulnerability as it allows an attacker to take complete control of DP Search to affect downstream protected devices. 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:LThis hyperlink is taking you to a website outside of Dell Technologies.
Proprietary Code CVE(s) Description CVSS Base Score CVSS Vector String
CVE-2024-22433 Dell Data Protection Search 19.2.0 and above contain an exposed password opportunity in plain text when using LdapSettings.get_ldap_info in DP Search. A remote unauthorized unauthenticated attacker could potentially exploit this vulnerability leading to a loss of Confidentiality, Integrity, Protection, and remote takeover of the system. This is a high-severity vulnerability as it allows an attacker to take complete control of DP Search to affect downstream protected devices. 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:LThis hyperlink is taking you to a website outside of Dell Technologies.
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

CVE(s) Addressed Product Affected Version(s) Updated Version(s) Link to Update
CVE-2023-22043, CVE-2023-22041, CVE-2023-22051, CVE-2023-25193, CVE-2023-22044, CVE-2023-22045, CVE-2023-22049, CVE-2023-22036, CVE-2023-22006, CVE-2022-41742, CVE-2022-41741, CVE-2023-0286, CVE-2023-0215, CVE-2022-4450, CVE-2022-4304, CVE-2023-30772, CVE-2023-3483, CVE-2023-2162, CVE-2023-2124, CVE-2023-1998, CVE-2023-1990, CVE-2023-1989, CVE-2023-1855, CVE-2023-1670,  CVE-2023-1611, CVE-2022-20141, CVE-2022-29581, CVE-2021-4202, CVE-2021-39713, CVE-2022-0435, CVE-2021-4157, CVE-2019-17546, CVE-2017-17095, CVE-2021-44832, CVE-2024-22433 Dell Data Protection Search Version
19.2.0,  19.3.0, 19.4.0, 19.5.0, 19.5.1, 19.6.0, 19.6.1, 19.6.2 and 19.6.3
 		 Version 19.6.4 or later https://dl.dell.com/downloads/VC8K2_Search-19.6.4-upgrade-package.zip
CVE(s) Addressed Product Affected Version(s) Updated Version(s) Link to Update
CVE-2023-22043, CVE-2023-22041, CVE-2023-22051, CVE-2023-25193, CVE-2023-22044, CVE-2023-22045, CVE-2023-22049, CVE-2023-22036, CVE-2023-22006, CVE-2022-41742, CVE-2022-41741, CVE-2023-0286, CVE-2023-0215, CVE-2022-4450, CVE-2022-4304, CVE-2023-30772, CVE-2023-3483, CVE-2023-2162, CVE-2023-2124, CVE-2023-1998, CVE-2023-1990, CVE-2023-1989, CVE-2023-1855, CVE-2023-1670,  CVE-2023-1611, CVE-2022-20141, CVE-2022-29581, CVE-2021-4202, CVE-2021-39713, CVE-2022-0435, CVE-2021-4157, CVE-2019-17546, CVE-2017-17095, CVE-2021-44832, CVE-2024-22433 Dell Data Protection Search Version
19.2.0,  19.3.0, 19.4.0, 19.5.0, 19.5.1, 19.6.0, 19.6.1, 19.6.2 and 19.6.3
 		 Version 19.6.4 or later https://dl.dell.com/downloads/VC8K2_Search-19.6.4-upgrade-package.zip
The Affected Products and Remediation table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
  1. Dell recommends customers to upgrade at the earliest opportunity.

Revision History

Revision DateDescription
1.02024-02-01Initial Release

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Information

Article Properties

Affected Product

Data Protection Search, Data Protection Search, Product Security Information

Last Published Date

01 Feb 2024

Version

1

Article Type

Dell Security Advisory

Back to Top