DSA-2024-083: Security Update for Dell PowerProtect Data Manager Appliance (DM5500) for Multiple Vulnerabilities
Summary: Dell PowerProtect Data Manager Appliance remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Impact
Critical
Details
| Third-Party Component |
CVEs | More information |
|---|---|---|
| Intel | CVE-2023-39432, CVE-2023-33870, CVE-2023-29153 | DSA-2024-001 |
| TianoCore EDK2 | CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233 CVE-2023-45234, CVE-2023-45235, CVE-2023-45236, CVE-2023-45237 |
DSA-2023-357 |
| BIOS | CVE-2023-32460 |
DSA-2023-361 |
| PowerEdge Server BIOS | CVE-2024-0172 | DSA-2024-035 |
| Intel | CVE-2022-40982, CVE-2022-43505, CVE-2023-47165, CVE-2024-21828 | IINTEL-SA-00828  , INTEL-SA-00813 , INTEL-TA-01041 , INTEL-TA-01056 |
| Hypervisor Manager | CVE-2023-34048, CVE-2023-34056 | VMSA-2023-0023 |
| Appliance OS | CVE-2023-46604, CVE-2022-1245, CVE-2015-7501, CVE-2023-6378, CVE-2023-44487, CVE-2023-34462, CVE-2023-35116 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2024-24908 | Dell PowerProtect DM5500 version 5.15.0.0 and prior contain an Arbitrary File Delete via Path Traversal vulnerability. A remote attacker with high privileges could potentially exploit this vulnerability to deletion of arbitrary files stored on the server filesystem. | 6.5 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H |
| CVE-2024-22460 | Dell PowerProtect DM5500 version 5.15.0.0 and prior contains an insecure deserialization Vulnerability. A remote attacker with high privileges could potentially exploit this vulnerability, leading to arbitrary code execution on the vulnerable application. | 2.2 |
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2024-24908 | Dell PowerProtect DM5500 version 5.15.0.0 and prior contain an Arbitrary File Delete via Path Traversal vulnerability. A remote attacker with high privileges could potentially exploit this vulnerability to deletion of arbitrary files stored on the server filesystem. | 6.5 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H |
| CVE-2024-22460 | Dell PowerProtect DM5500 version 5.15.0.0 and prior contains an insecure deserialization Vulnerability. A remote attacker with high privileges could potentially exploit this vulnerability, leading to arbitrary code execution on the vulnerable application. | 2.2 |
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N |
Affected Products & Remediation
| Product | Affected Versions | Updated Version | Link |
|---|---|---|---|
| Dell PowerProtect Data Manager DM5500 Appliance | Versions 5.15 and prior | 5.16 | https://dl.dell.com/downloads/X8M5P_PowerProtect-Data-Manager-DM5500-Appliance-5.16.0.0-Upgrade-file.pkg |
| Product | Affected Versions | Updated Version | Link |
|---|---|---|---|
| Dell PowerProtect Data Manager DM5500 Appliance | Versions 5.15 and prior | 5.16 | https://dl.dell.com/downloads/X8M5P_PowerProtect-Data-Manager-DM5500-Appliance-5.16.0.0-Upgrade-file.pkg |
Revision History
| Revision | Date | Description |
|---|---|---|
| 1.0 | 2024-05-07 | Initial Release |
| 2.0 | 2024-05-16 | Updated Third-Party Component table |
| 3.0 | 2024-08-12 | Added PowerEdge Server BIOS CVE to the Third-Party Component table |
Related Information
Legal Disclaimer
Affected Products
PowerProtect Data Manager Appliance, PowerProtect DM5500Article Properties
Article Number: 000224843
Article Type: Dell Security Advisory
Last Modified: 19 Sep 2025
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.