DSA-2024-132: Security Update for Dell PowerProtect Data Manager for Multiple Security Vulnerabilities

Table of Contents

Detailed Article

Impact

Details

Affected Products & Remediation

Revision History

Related Info

Legal Disclaimer

Affected Products

Provide Feedback

Summary: Dell PowerProtect Data Manager remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.

Check out other resources

Impact

Critical

Details

Third-party Component	CVEs	More Information
Dom4j	CVE-2023-45960	https://nvd.nist.gov/vuln/search
Netty Project	CVE-2023-4586	https://nvd.nist.gov/vuln/search
RabbitMQ amqp-client	CVE-2023-46120	https://nvd.nist.gov/vuln/search
Apache Tomcat	CVE-2023-46589, CVE-2023-42794, CVE-2023-44487, CVE-2023-41080, CVE-2023-42795, CVE-2023-42795, CVE-2023-45648, CVE-2023-28708	https://nvd.nist.gov/vuln/search
Elasticsearch	CVE-2023-46673	https://nvd.nist.gov/vuln/search
reactor-netty	CVE-2023-34062	https://nvd.nist.gov/vuln/search
larvalabs collections	CVE-2015-7501	https://nvd.nist.gov/vuln/search
libcurl	CVE-2023-38545, CVE-2023-23914, CVE-2023-27533, CVE-2023-27534, CVE-2023-28319, CVE-2023-38039, CVE-2023-23915, CVE-2023-23916, CVE-2023-27535, CVE-2023-28320, CVE-2023-28321, CVE-2023-27536, CVE-2023-27538, CVE-2023-38546, CVE-2023-28322	https://nvd.nist.gov/vuln/search
Jetty	CVE-2023-36479, CVE-2023-41900, CVE-2023-26049, CVE-2023-40167, CVE-2023-26048, CVE-2023-44487, CVE-2023-36478	https://nvd.nist.gov/vuln/search
Netty Project	CVE-2023-44487, CVE-2023-4586, CVE-2023-34462	https://nvd.nist.gov/vuln/search
google-guava	CVE-2023-2976, CVE-2018-10237, CVE-2020-8908	https://nvd.nist.gov/vuln/search
Logback	CVE-2023-6378	https://nvd.nist.gov/vuln/search
Golang	CVE-2023-45285, CVE-2023-45283, CVE-2023-48795, CVE-2023-45284, CVE-2023-39326	https://nvd.nist.gov/vuln/search
golang.org/x/crypto	CVE-2023-48795	https://nvd.nist.gov/vuln/search
linux-pam	CVE-2024-22365	https://nvd.nist.gov/vuln/search
ncurses-utils	CVE-2023-50495	https://nvd.nist.gov/vuln/search
google.golang.org/grpc	CVE-2023-44487	https://nvd.nist.gov/vuln/search
curl	CVE-2023-46218, CVE-2023-46219	https://nvd.nist.gov/vuln/search
tar	CVE-2023-39804	https://nvd.nist.gov/vuln/search
Java SE 8u361	CVE-2023-21968, CVE-2023-21967, CVE-2023-21954, CVE-2023-21951, CVE-2023-21950, CVE-2023-21949, CVE-2023-21948, CVE-2023-21939, CVE-2023-21938, CVE-2023-21937, CVE-2023-21930	https://nvd.nist.gov/vuln/search
PostgreSQL JDBC Driver	CVE-2022-26520, CVE-2022-21724, CVE-2022-31197, CVE-2022-41946	https://nvd.nist.gov/vuln/search
sqlite-jdbc	CVE-2023-32697	https://nvd.nist.gov/vuln/search
hughsk/flat	CVE-2020-36632	https://nvd.nist.gov/vuln/search
lodash.set	CVE-2020-8203	https://nvd.nist.gov/vuln/search
vitejs	CVE-2024-23331	https://nvd.nist.gov/vuln/search
ip	CVE-2023-42282	https://nvd.nist.gov/vuln/search
nodeJS	CVE-2024-21892, CVE-2024-22019, CVE-2024-21896, CVE-2024-22017, CVE-2023-46809, CVE-2024-21891, CVE-2024-21890, CVE-2024-22025	https://nvd.nist.gov/vuln/search
ibslirp	CVE-2020-10756, CVE-2020-1983, CVE-2021-3592, CVE-2021-3593, CVE-2021-3594, CVE-2021-3595,	https://nvd.nist.gov/vuln/search
libssh	CVE-2023-1667, CVE-2023-2283, CVE-2023-6004, CVE-2023-6918	https://nvd.nist.gov/vuln/search
libpq5	CVE-2024-0985	https://nvd.nist.gov/vuln/search
Postgresql14-server	CVE-2024-0985	https://nvd.nist.gov/vuln/search
Postgresql14	CVE-2024-0985	https://nvd.nist.gov/vuln/search
Libfreebl3	CVE-2023-5388	https://nvd.nist.gov/vuln/search
Libsoftokn3	CVE-2023-5388	https://nvd.nist.gov/vuln/search
mozilla-nss-certs	CVE-2023-5388	https://nvd.nist.gov/vuln/search
mozilla-nss	CVE-2023-5388	https://nvd.nist.gov/vuln/search
kernel-default	CVE-2020-26555, CVE-2021-33631, CVE-2023-46838, CVE-2023-47233, CVE-2023-51042, CVE-2023-51043, CVE-2023-51779, CVE-2023-51780, CVE-2023-51782, CVE-2023-6040, CVE-2023-6121, CVE-2023-6356, CVE-2023-6531, CVE-2023-6535, CVE-2023-6536, CVE-2023-6546, CVE-2023-6606, CVE-2023-6610, CVE-2023-6622, CVE-2023-6915, CVE-2023-6931, CVE-2023-6932, CVE-2024-0340, CVE-2024-0565, CVE-2024-0641, CVE-2024-0775, CVE-2024-1085, CVE-2024-1086, CVE-2024-24860	https://nvd.nist.gov/vuln/search
bind-utils	CVE-2023-4408, CVE-2023-50387, CVE-2023-50868, CVE-2023-5517, CVE-2023-5679, CVE-2023-6516	https://nvd.nist.gov/vuln/search
python3-bind	CVE-2023-4408, CVE-2023-50387, CVE-2023-50868, CVE-2023-5517, CVE-2023-5679, CVE-2023-6516	https://nvd.nist.gov/vuln/search
Slirp4netns	CVE-2019-6778, CVE-2020-10756, CVE-2020-1983, CVE-2020-29130	https://nvd.nist.gov/vuln/search
kernel-firmware	CVE-2019-9836, CVE-2021-26339, CVE-2021-26345, CVE-2021-26348, CVE-2021-26364, CVE-2021-26375, CVE-2021-33139, CVE-2021-46744, CVE-2021-46766, CVE-2023-20519, CVE-2023-20566	https://nvd.nist.gov/vuln/search
runc	CVE-2024-21626	https://nvd.nist.gov/vuln/search
java-17-openjdk-headless	CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-20932, CVE-2024-20945, CVE-2024-20952	https://nvd.nist.gov/vuln/search
docker-rootless-extras	CVE-2024-23651, CVE-2024-23652, CVE-2024-23653	https://nvd.nist.gov/vuln/search
docker-rootless-extras	CVE-2024-23651, CVE-2024-23652, CVE-2024-23653	https://nvd.nist.gov/vuln/search
postfix-bdb	CVE-2023-32182	https://nvd.nist.gov/vuln/search
xen-libs	CVE-2023-46839	https://nvd.nist.gov/vuln/search
OpenSSH	CVE-2023-51385	https://nvd.nist.gov/vuln/search

Proprietary Code CVEs	Description	CVSS Base Score	CVSS Vector String
CVE-2024-25971	Dell PowerProtect Data Manager, versions prior to 19.16 build 04, contains an XML External Entity Injection vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to information disclosure, denial-of-service.	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L

Proprietary Code CVEs	Description	CVSS Base Score	CVSS Vector String
CVE-2024-25971	Dell PowerProtect Data Manager, versions prior to 19.16 build 04, contains an XML External Entity Injection vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to information disclosure, denial-of-service.	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

Product	Affected Versions	Remediated Versions	Link
Dell PowerProtect Data Manager	Versions prior to 19.16	19.16 build 04 or later	PPDM drivers and downloads

Product	Affected Versions	Remediated Versions	Link
Dell PowerProtect Data Manager	Versions prior to 19.16	19.16 build 04 or later	PPDM drivers and downloads

Revision History

Revision	Date	Description
1.0	2024-03-28	Initial Release
2.0	2025-08-25	Updated for enhanced presentation with no changes to content

Related Information

Legal Disclaimer

Affected Products

PowerProtect Data Manager

Article Number: 000223556

Article Type: Dell Security Advisory

Last Modified: 25 Aug 2025

Check if your device is covered by Support Services.

DSA-2024-132: Security Update for Dell PowerProtect Data Manager for Multiple Security Vulnerabilities

Summary: Dell PowerProtect Data Manager remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Impact

Details

Affected Products & Remediation

Revision History

Related Information

Legal Disclaimer

Affected Products

Article Properties

Find answers to your questions from other Dell users

Support Services

Article Properties

Find answers to your questions from other Dell users

Support Services