DSA-2024-107: Security Update for Data Protection Advisor Multiple Vulnerabilities.
Summary: Data Protection Advisor remediation is available for multiple vulnerabilities that could be exploited by malicious users to compromise the affected system.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Impact
Critical
Details
| Third-party Component | CVEs | More Information |
|---|---|---|
| Apache Tomcat | CVE-2016-6816, CVE-2016-8735, CVE-2017-5647, CVE-2017-5648, CVE-2017-5650, CVE-2017-5651, CVE-2017-5664, CVE-2016-6817, CVE-2016-8745, CVE-2017-7674, CVE-2017-7675, CVE-2017-12617, CVE-2018-1305, CVE-2018-1304, CVE-2018-8014, CVE-2018-8034, CVE-2018-1336, CVE-2018-8037, CVE-2018-11784, CVE-2019-0199, CVE-2019-0232, CVE-2019-2684, CVE-2019-0221, CVE-2019-10072, CVE-2019-17563, CVE-2019-12418, CVE-2020-1935, CVE-2020-1938, CVE-2020-11996, CVE-2020-13934, CVE-2020-13935, CVE-2020-13943, CVE-2021-30640, CVE-2021-33037, CVE-2021-43980, CVE-2023-28708, CVE-2023-41080, CVE-2023-42795, CVE-2023-45648 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/  |
| Spring Framework | CVE-2016-9878, CVE-2018-1199, CVE-2018-1270, CVE-2018-1271, CVE-2018-1272, CVE-2018-1275, CVE-2018-1257, CVE-2018-11039, CVE-2018-11040, CVE-2018-15756, CVE-2020-5421, CVE-2022-22950, CVE-2022-22968, CVE-2022-22970, CVE-2022-22971, CVE-2023-20861, CVE-2023-20863 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
| Spring Boot | CVE-2017-8046, CVE-2018-1196, CVE-2022-27772, CVE-2022-22965, CVE-2023-20873, CVE-2023-20883, CVE-2023-34055 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
| SnakeYAML | CVE-2017-18640, CVE-2022-38749, CVE-2022-38750, CVE-2022-38751, CVE-2022-38752, CVE-2022-41854 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
| Webpack | CVE-2023-28154 | NVD - CVE-2023-28154 (nist.gov) |
| Loader-utils | CVE-2022-37599, CVE-2022-37601, CVE-2022-37603 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
| http-cache-semantics | CVE-2022-25881 | NVD - CVE-2022-25881 (nist.gov) |
| json5 | CVE-2022-46175 | NVD - CVE-2022-46175 (nist.gov) |
| terser | CVE-2022-25858 | NVD - CVE-2022-25858 (nist.gov) |
| Moment | CVE-2022-31129 | NVD - CVE-2022-31129 (nist.gov) |
| Oracle Java 8u391 | CVE-2023-22025, CVE-2023-22067, CVE-2023-22081 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
Affected Products & Remediation
| Product | Affected Version | Remediated Versions | Link |
|---|---|---|---|
| Dell Protection Advisor | Version 19.9 | Version 19.10 | https://www.dell.com/support/home/product-support/product/data-protection-advisor/drivers |
| Integrated Data Protection Appliance (PowerProtect DP Series) | Version 2.7.6 | Version 2.7.6 with DPA 19.10 patch build 22 | Link to PowerProtect DP Series Software 2.7.6 https://www.dell.com/support/home/product-support/product/integrated-data-protection-appliance/drivers Link to DPA 19.10 patch build 22 https://www.dell.com/support/home/product-support/product/data-protection-advisor/drivers DPA out of band upgrade KB https://www.dell.com/support/kbdoc/en-ie/000205649/powerprotect-dp-series-appliance-and-idpa-steps-to-upgrade-dpa-or-data-protection-advisor-component-out-of-band-within-the-appliance |
| Product | Affected Version | Remediated Versions | Link |
|---|---|---|---|
| Dell Protection Advisor | Version 19.9 | Version 19.10 | https://www.dell.com/support/home/product-support/product/data-protection-advisor/drivers |
| Integrated Data Protection Appliance (PowerProtect DP Series) | Version 2.7.6 | Version 2.7.6 with DPA 19.10 patch build 22 | Link to PowerProtect DP Series Software 2.7.6 https://www.dell.com/support/home/product-support/product/integrated-data-protection-appliance/drivers Link to DPA 19.10 patch build 22 https://www.dell.com/support/home/product-support/product/data-protection-advisor/drivers DPA out of band upgrade KB https://www.dell.com/support/kbdoc/en-ie/000205649/powerprotect-dp-series-appliance-and-idpa-steps-to-upgrade-dpa-or-data-protection-advisor-component-out-of-band-within-the-appliance |
The Affected Products and Remediation table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
- Dell recommends that you always upgrade to the latest release/version for your product
- To schedule platform security patch installation, or to upgrade your server, contact Dell Customer Support at https://www.dell.com/support/home/en-us/.
Revision History
| Revision | Date | Description |
| 1.0 | 2024-02-29 | Initial Release |
| 2.0 | 2024-04-02 | Added "Integrated Data Protection Appliance (PowerProtect DP Series)" product under "Affected Products and Remediation" section |
| 3.0 | 2024-04-04 | Updated for enhanced format presentation with no change to content |
Related Information
Legal Disclaimer
Affected Products
Data Protection Advisor, PowerProtect Data Protection Software, Integrated Data Protection Appliance Family, Integrated Data Protection Appliance Software, Product Security InformationArticle Properties
Article Number: 000222618
Article Type: Dell Security Advisory
Last Modified: 09 Sep 2025
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.