Article Number: 000222618
DSA-2024-107: Security Update for Data Protection Advisor Multiple Vulnerabilities.
Summary: Data Protection Advisor remediation is available for multiple vulnerabilities that could be exploited by malicious users to compromise the affected system.
Article Content
Impact
Critical
Details
| Third-party Component | CVEs | More Information |
|---|---|---|
| Apache Tomcat | CVE-2016-6816, CVE-2016-8735, CVE-2017-5647, CVE-2017-5648, CVE-2017-5650, CVE-2017-5651, CVE-2017-5664, CVE-2016-6817, CVE-2016-8745, CVE-2017-7674, CVE-2017-7675, CVE-2017-12617, CVE-2018-1305, CVE-2018-1304, CVE-2018-8014, CVE-2018-8034, CVE-2018-1336, CVE-2018-8037, CVE-2018-11784, CVE-2019-0199, CVE-2019-0232, CVE-2019-2684, CVE-2019-0221, CVE-2019-10072, CVE-2019-17563, CVE-2019-12418, CVE-2020-1935, CVE-2020-1938, CVE-2020-11996, CVE-2020-13934, CVE-2020-13935, CVE-2020-13943, CVE-2021-30640, CVE-2021-33037, CVE-2021-43980, CVE-2023-28708, CVE-2023-41080, CVE-2023-42795, CVE-2023-45648 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/  |
| Spring Framework | CVE-2016-9878, CVE-2018-1199, CVE-2018-1270, CVE-2018-1271, CVE-2018-1272, CVE-2018-1275, CVE-2018-1257, CVE-2018-11039, CVE-2018-11040, CVE-2018-15756, CVE-2020-5421, CVE-2022-22950, CVE-2022-22968, CVE-2022-22970, CVE-2022-22971, CVE-2023-20861, CVE-2023-20863 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
| Spring Boot | CVE-2017-8046, CVE-2018-1196, CVE-2022-27772, CVE-2022-22965, CVE-2023-20873, CVE-2023-20883, CVE-2023-34055 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
| SnakeYAML | CVE-2017-18640, CVE-2022-38749, CVE-2022-38750, CVE-2022-38751, CVE-2022-38752, CVE-2022-41854 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
| Webpack | CVE-2023-28154 | NVD - CVE-2023-28154 (nist.gov) |
| Loader-utils | CVE-2022-37599, CVE-2022-37601, CVE-2022-37603 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
| http-cache-semantics | CVE-2022-25881 | NVD - CVE-2022-25881 (nist.gov) |
| json5 | CVE-2022-46175 | NVD - CVE-2022-46175 (nist.gov) |
| terser | CVE-2022-25858 | NVD - CVE-2022-25858 (nist.gov) |
| Moment | CVE-2022-31129 | NVD - CVE-2022-31129 (nist.gov) |
| Oracle Java 8u391 | CVE-2023-22025, CVE-2023-22067, CVE-2023-22081 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
Affected Products and Remediation
| Product | Affected Version | Remediated Versions | Link |
|---|---|---|---|
| Dell Protection Advisor | Version 19.9 | Version 19.10 | https://www.dell.com/support/home/product-support/product/data-protection-advisor/drivers |
| Integrated Data Protection Appliance (PowerProtect DP Series) | Version 2.7.6 | Version 2.7.6 with DPA 19.10 patch build 22 | Link to PowerProtect DP Series Software 2.7.6 https://www.dell.com/support/home/product-support/product/integrated-data-protection-appliance/drivers Link to DPA 19.10 patch build 22 https://www.dell.com/support/home/product-support/product/data-protection-advisor/drivers DPA out of band upgrade KB https://www.dell.com/support/kbdoc/en-ie/000205649/powerprotect-dp-series-appliance-and-idpa-steps-to-upgrade-dpa-or-data-protection-advisor-component-out-of-band-within-the-appliance |
| Product | Affected Version | Remediated Versions | Link |
|---|---|---|---|
| Dell Protection Advisor | Version 19.9 | Version 19.10 | https://www.dell.com/support/home/product-support/product/data-protection-advisor/drivers |
| Integrated Data Protection Appliance (PowerProtect DP Series) | Version 2.7.6 | Version 2.7.6 with DPA 19.10 patch build 22 | Link to PowerProtect DP Series Software 2.7.6 https://www.dell.com/support/home/product-support/product/integrated-data-protection-appliance/drivers Link to DPA 19.10 patch build 22 https://www.dell.com/support/home/product-support/product/data-protection-advisor/drivers DPA out of band upgrade KB https://www.dell.com/support/kbdoc/en-ie/000205649/powerprotect-dp-series-appliance-and-idpa-steps-to-upgrade-dpa-or-data-protection-advisor-component-out-of-band-within-the-appliance |
The Affected Products and Remediation table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
- Dell recommends that you always upgrade to the latest release/version for your product
- To schedule platform security patch installation, or to upgrade your server, contact Dell Customer Support at https://www.dell.com/support/home/en-us/.
Revision History
| Revision | Date | Description |
| 1.0 | 2024-02-29 | Initial Release |
| 2.0 | 2024-04-02 | Added "Integrated Data Protection Appliance (PowerProtect DP Series)" product under "Affected Products and Remediation" section |
| 3.0 | 2024-04-04 | Updated for enhanced format presentation with no change to content |
Related Information
Legal Information
Article Properties
Affected Product
Data Protection Advisor, PowerProtect Data Protection Software, Integrated Data Protection Appliance Family, Integrated Data Protection Appliance Software, Product Security Information
Last Published Date
03 Apr 2024
Version
4
Article Type
Dell Security Advisory