DSA-2024-219: Dell Technologies PowerProtect DD Security Update for Multiple Security Vulnerabilities

Summary: Dell Technologies PowerProtect DD remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Impact

Critical

Additional Details

Note: Highest CVSS score of affected CVEs is Critical from CVE-2023-37920. Highest CVSS score of affected CVEs is High from CVE-2022-4450 and CVE-2023-0215.  Note: For more details about DDOS versions available for download, see the links below (requires log in to Dell Support to view articles): https://www.dell.com/support/kbdoc/334649 and https://www.dell.com/support/kbdoc/525902

Details

Third-Party Component CVEs More information
Apache CVE-2023-31122, CVE-2023-43622, CVE-2023-45802 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Tomcat CVE-2023-44487, CVE-2023-41080, CVE-2023-42795, CVE-2023-45648, CVE-2023-28708, CVE-2023-46589 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
avahi CVE-2023-38473 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Batik XML utility CVE-2022-44730, CVE-2022-44729 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
bind CVE-2023-3341 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
binutils CVE-2020-19726, CVE-2021-32256, CVE-2022-4285, CVE-2022-35205, CVE-2022-35206, CVE-2022-44840, CVE-2022-45703, CVE-2022-47673, CVE-2022-47695, CVE-2022-47696, CVE-2022-48063, CVE-2022-48064, CVE-2022-48065, CVE-2023-0687, CVE-2023-1579, CVE-2023-1972, CVE-2023-2222, CVE-2023-25585, CVE-2023-25587, CVE-2023-25588, CVE-2022-4285 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
cairo-pixman CVE-2022-44638 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
cups CVE-2023-4504, CVE-2023-32360, CVE-2023-34241 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
curl CVE-2023-38039, CVE-2023-38546, CVE-2023-38545, CVE-2023-38039, CVE-2023-38546, CVE-2023-38545, CVE-2023-28322, CVE-2023-28320, CVE-2023-28321, CVE-2023-46218, CVE-2023-28319 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
expat CVE-2022-43680, CVE-2022-23990, CVE-2022-25313 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
flask CVE-2023-30861 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
gcc CVE-2023-4039 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
git CVE-2023-29007, CVE-2023-25652, CVE-2023-23946, CVE-2023-22490, CVE-2022-41953 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
glib CVE-2023-32665, CVE-2023-32636, CVE-2023-32611, CVE-2023-29499, CVE-2021-3800, CVE-2021-28153, CVE-2021-27219, CVE-2021-27218, CVE-2020-35457, CVE-2019-13012, CVE-2019-12450 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
glibc CVE-2023-4813 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
gpg2 CVE-2018-9234 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
grub2 CVE-2023-4692, CVE-2023-4693 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
kernel CVE-2023-31085, CVE-2023-34324, CVE-2023-39189, CVE-2023-45862, CVE-2020-36766, CVE-2023-0394, CVE-2023-1192, CVE-2023-1206, CVE-2023-1859, CVE-2023-4622, CVE-2023-4623, CVE-2023-4881, CVE-2023-4921, CVE-2023-39192, CVE-2023-39193, CVE-2023-39194, CVE-2023-42754, CVE-2022-36402, CVE-2023-2007, CVE-2023-3772, CVE-2023-3812, CVE-2023-3863, CVE-2023-4128, CVE-2023-4132, CVE-2023-4133, CVE-2023-4134, CVE-2023-4194, CVE-2023-4385, CVE-2023-4387, CVE-2023-4459, CVE-2023-20588, CVE-2023-34319, CVE-2023-40283 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
libarchive CVE-2023-30571, CVE-2022-36227, CVE-2021-36976, CVE-2021-31566, CVE-2021-23177 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
gcc-based toolchains CVE-2023-4039 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
libcap2 CVE-2023-2603 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
binutils CVE-2022-35206, CVE-2022-44840, CVE-2022-4285, CVE-2022-48065, CVE-2022-48064, CVE-2022-48063, CVE-2023-25585, CVE-2023-25588, CVE-2023-1972, CVE-2023-1579, CVE-2022-35205, CVE-2022-45703, CVE-2021-32256, CVE-2022-47673, CVE-2020-19726, CVE-2022-47695, CVE-2022-47696 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
libeconf0 CVE-2023-22652, CVE-2023-32181, CVE-2023-30079, CVE-2023-30078 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
ncurses CVE-2023-50495 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
libnghttp2-14 CVE-2023-35945, CVE-2023-44487 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
libopenssl1_1 CVE-2023-3817, CVE-2023-5678, CVE-2023-4807 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
postgresql CVE-2023-5870, CVE-2023-5868, CVE-2023-5869 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
procps CVE-2023-4016 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
libsndfile CVE-2022-33065 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
libsqlite3-0 CVE-2023-2137 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
libtiff5 CVE-2022-1622, CVE-2023-2731, CVE-2023-26965, CVE-2023-1916, CVE-2022-40090 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
libvpx CVE-2023-5217 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
libwebp7 CVE-2023-4863 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
libX11 CVE-2023-43785, CVE-2023-43786, CVE-2023-43787, CVE-2023-3138 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
libxml2 CVE-2016-3709, CVE-2023-28484, CVE-2023-29469, CVE-2023-39615 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
libXpm CVE-2023-43788, CVE-2023-43789 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
libz1,zlib-devel CVE-2023-45853 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
libzck1 CVE-2023-46228 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
mdadm CVE-2023-28736, CVE-2023-28938 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
mutt CVE-2023-4874, CVE-2023-4875 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
nghttp2 CVE-2023-35945, CVE-2023-44487 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
nginx CVE-2022-41741, CVE-2023-44487, CVE-2022-41742 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
ntp CVE-2023-26555, CVE-2023-26554, CVE-2023-26553, CVE-2023-26552, CVE-2023-26551 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
opensc CVE-2021-42782, CVE-2023-40661 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
openssh CVE-2023-48795 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
openssl CVE-2022-4304, CVE-2023-0215, CVE-2023-0286, CVE-2023-0464, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-5678, CVE-2022-4450 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
open-vm-tools CVE-2023-34059,CVE-2023-20900 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
perl CVE-2023-31486, CVE-2023-3148 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
pillow CVE-2023-4863, CVE-2023-44271 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
pip CVE-2023-5752 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
postfix CVE-2023-32182 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
python CVE-2022-48565, CVE-2022-48566, CVE-2023-41105, CVE-2023-40217, CVE-2023-37920, CVE-2023-27043, CVE-2023-36632 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
requests CVE-2023-32681 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
shadow CVE-2023-4641 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
sqlite3 CVE-2023-2137 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
suse-module-tools CVE-2023-1829, CVE-2023-23559 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
thymeleaf CVE-2023-38286 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
tiff CVE-2020-18768, CVE-2023-2908, CVE-2023-3316, CVE-2023-3576, CVE-2023-3618, CVE-2023-25433, CVE-2023-26966, CVE-2023-38288, CVE-2023-38289 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
ucode-intel CVE-2023-23583 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
urllib3 CVE-2023-45803, CVE-2023-45804 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
uwsgi CVE-2023-27522 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
vim CVE-2023-5344, CVE-2023-5441, CVE-2023-5535, CVE-2023-46246 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
vorbis-tools CVE-2023-43361 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
werkzeug CVE-2023-46136 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
zlib CVE-2023-45853 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2024-28973 Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Stored Cross-Site Scripting Vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a high privileged victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. 5.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L This hyperlink is taking you to a website outside of Dell Technologies.
CVE-2024-29176 Dell PowerProtect DD, version(s) 8.0, 7.13.1.0, 7.10.1.30, 7.7.5.40, contain(s) an Out-of-bounds Write vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution.  8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H This hyperlink is taking you to a website outside of Dell Technologies.
CVE-2024-29177 Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a disclosure of temporary sensitive information vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the reuse of disclosed information to gain unauthorized access to the application report. 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N  This hyperlink is taking you to a website outside of Dell Technologies.
CVE-2024-29173 Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Server-Side Request Forgery (SSRF) vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to disclosure of information on the application or remote client.

 

 6.8 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N This hyperlink is taking you to a website outside of Dell Technologies.
CVE-2024-29174 Dell Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.30, LTS 7.10.1.20 contain an SQL Injection vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing unauthorized access to application data. 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N  This hyperlink is taking you to a website outside of Dell Technologies.
CVE-2024-29175 Dell PowerProtect Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.40, LTS 7.10.1.30 contain an weak cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to man-in-the-middle attack that exposes sensitive session information. 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N  This hyperlink is taking you to a website outside of Dell Technologies.
CVE-2024-37138 Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 on DDMC contain a relative path traversal vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the application sending over an unauthorized file to the managed system. 4.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:NThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2024-37139 Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an Improper Control of a Resource Through its Lifetime vulnerability in an admin operation. A remote low privileged attacker could potentially exploit this vulnerability, leading to temporary resource constraint of system application. Exploitation may lead to denial of service of the application. 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H This hyperlink is taking you to a website outside of Dell Technologies.
CVE-2024-37140 Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an OS command injection vulnerability in an admin operation. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the system application's underlying OS with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker. 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H This hyperlink is taking you to a website outside of Dell Technologies.
CVE-2024-37141 Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an open redirect vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to information disclosure. 3.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:NThis hyperlink is taking you to a website outside of Dell Technologies.
Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2024-28973 Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Stored Cross-Site Scripting Vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a high privileged victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. 5.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L This hyperlink is taking you to a website outside of Dell Technologies.
CVE-2024-29176 Dell PowerProtect DD, version(s) 8.0, 7.13.1.0, 7.10.1.30, 7.7.5.40, contain(s) an Out-of-bounds Write vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution.  8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H This hyperlink is taking you to a website outside of Dell Technologies.
CVE-2024-29177 Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a disclosure of temporary sensitive information vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the reuse of disclosed information to gain unauthorized access to the application report. 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N  This hyperlink is taking you to a website outside of Dell Technologies.
CVE-2024-29173 Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Server-Side Request Forgery (SSRF) vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to disclosure of information on the application or remote client.

 

 6.8 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N This hyperlink is taking you to a website outside of Dell Technologies.
CVE-2024-29174 Dell Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.30, LTS 7.10.1.20 contain an SQL Injection vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing unauthorized access to application data. 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N  This hyperlink is taking you to a website outside of Dell Technologies.
CVE-2024-29175 Dell PowerProtect Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.40, LTS 7.10.1.30 contain an weak cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to man-in-the-middle attack that exposes sensitive session information. 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N  This hyperlink is taking you to a website outside of Dell Technologies.
CVE-2024-37138 Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 on DDMC contain a relative path traversal vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the application sending over an unauthorized file to the managed system. 4.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:NThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2024-37139 Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an Improper Control of a Resource Through its Lifetime vulnerability in an admin operation. A remote low privileged attacker could potentially exploit this vulnerability, leading to temporary resource constraint of system application. Exploitation may lead to denial of service of the application. 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H This hyperlink is taking you to a website outside of Dell Technologies.
CVE-2024-37140 Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an OS command injection vulnerability in an admin operation. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the system application's underlying OS with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker. 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H This hyperlink is taking you to a website outside of Dell Technologies.
CVE-2024-37141 Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an open redirect vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to information disclosure. 3.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:NThis hyperlink is taking you to a website outside of Dell Technologies.
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

CVEs Addressed Product Software/Firmware Affected Versions Updated Versions Link to Update
CVE-2024-28973, CVE-2024-29176, CVE-2024-29177, CVE-2024-29173, CVE-2024-29175, CVE-2024-37139, CVE-2024-37140, CVE-2024-37141, CVE-2023-31122, CVE-2023-43622, CVE-2023-45802, CVE-2023-44487, CVE-2023-41080, CVE-2023-42795, CVE-2023-45648, CVE-2023-28708, CVE-2023-46589, CVE-2022-43680, CVE-2022-23990, CVE-2022-25313, CVE-2023-32665, CVE-2023-32636, CVE-2023-32611, CVE-2023-29499, CVE-2021-3800, CVE-2021-28153, CVE-2021-27219, CVE-2021-27218, CVE-2020-35457, CVE-2019-13012, CVE-2019-12450, CVE-2023-30571, CVE-2022-36227, CVE-2021-36976, CVE-2021-31566, CVE-2021-23177, CVE-2023-35945, CVE-2023-44487, CVE-2023-26555, CVE-2023-26554, CVE-2023-26553, CVE-2023-26552, CVE-2023-26551, CVE-2023-48795, CVE-2023-37920, CVE-2023-45803, CVE-2023-45804, CVE-2023-45853 Dell PowerProtect DD series appliances,
Dell PowerProtect DD Virtual Edition,
Dell APEX Protection Storage		 Data Domain Operating System Versions 7.0 through 7.13 Version 8.0.0.10 or later, 
or
Version 7.13.1.0 or later to stay on LTS2024 Version 7.13, 
or
7.10.1.30 or later to stay on LTS2023 Version 7.10,
or
Version 7.7.5.40 or later to stay on LTS2022 Version 7.7		 https://www.dell.com/support/kbdoc/334649
https://www.dell.com/support/kbdoc/525902
CVE-2024-28973, CVE-2024-29176, CVE-2024-29177, CVE-2024-29173, CVE-2024-29175, CVE-2024-37139, CVE-2024-37140, CVE-2024-37141, CVE-2023-31122, CVE-2023-43622, CVE-2023-45802, CVE-2023-44487, CVE-2023-41080, CVE-2023-42795, CVE-2023-45648, CVE-2023-28708, CVE-2023-46589, CVE-2022-43680, CVE-2022-23990, CVE-2022-25313, CVE-2023-32665, CVE-2023-32636, CVE-2023-32611, CVE-2023-29499, CVE-2021-3800, CVE-2021-28153, CVE-2021-27219, CVE-2021-27218, CVE-2020-35457, CVE-2019-13012, CVE-2019-12450, CVE-2023-30571, CVE-2022-36227, CVE-2021-36976, CVE-2021-31566, CVE-2021-23177, CVE-2023-35945, CVE-2023-44487, CVE-2023-26555, CVE-2023-26554, CVE-2023-26553, CVE-2023-26552, CVE-2023-26551, CVE-2023-48795, CVE-2023-37920, CVE-2023-45803, CVE-2023-45804, CVE-2023-45853 PowerProtect Data Manager Appliance model: DM5500 Data Domain Operating System Versions prior to 5.16.0.0 Version 5.16.0.0 or later Link to download (requires log in to Dell Support)
CVE-2023-0215, CVE-2022-4450, CVE-2022-4304 Dell PowerProtect DD appliance models: DD6300, DD6800, and DD9300 BIOS Version 7.0 through 7.13 Version 8.0.0.10 or later,
or
Version 7.13.1.0 or later to stay on LTS2024 Version 7.13,
or
Version 7.10.1.30 or later to stay on LTS2023 Version 7.10,
or
Version 7.7.5.40 or later to stay on LTS2022 Version 7.7		 https://www.dell.com/support/kbdoc/334649
https://www.dell.com/support/kbdoc/525902
CVE-2024-29177, CVE-2024-29174, CVE-2024-29175, CVE-2024-37138, CVE-2024-37141, CVE-2023-31122, CVE-2023-43622, CVE-2023-45802, CVE-2023-44487, CVE-2023-41080, CVE-2023-42795, CVE-2023-45648, CVE-2023-28708, CVE-2023-46589, CVE-2022-44730, CVE-2022-44729, CVE-2023-38039, CVE-2023-38546, CVE-2023-38545, CVE-2023-38039, CVE-2023-38546, CVE-2023-38545, CVE-2023-28322, CVE-2023-28320, CVE-2023-28321, CVE-2023-46218, CVE-2023-28319, CVE-2022-43680, CVE-2022-23990, CVE-2022-25313, CVE-2023-30861, CVE-2023-29007, CVE-2023-25652, CVE-2023-23946, CVE-2023-22490, CVE-2022-41953, CVE-2023-32665, CVE-2023-32636, CVE-2023-32611, CVE-2023-29499, CVE-2021-3800, CVE-2021-28153, CVE-2021-27219, CVE-2021-27218, CVE-2020-35457, CVE-2019-13012, CVE-2019-12450, CVE-2023-4813, CVE-2023-1972, CVE-2023-1579, CVE-2022-4285, CVE-2023-30571, CVE-2022-36227, CVE-2021-36976, CVE-2021-31566, CVE-2021-23177, CVE-2023-4039, CVE-2023-2603, CVE-2022-35206, CVE-2022-44840, CVE-2022-4285, CVE-2022-48065, CVE-2022-48064, CVE-2022-48063, CVE-2023-25585, CVE-2023-25588, CVE-2023-1972, CVE-2023-1579, CVE-2022-35205, CVE-2022-45703, CVE-2021-32256, CVE-2022-47673, CVE-2020-19726, CVE-2022-47695, CVE-2022-47696, CVE-2023-22652, CVE-2023-32181, CVE-2023-30079, CVE-2023-30078, CVE-2023-50495, CVE-2023-35945, CVE-2023-44487, CVE-2023-3817, CVE-2023-5678, CVE-2023-4807, CVE-2023-4016, CVE-2023-40217, CVE-2023-27043, CVE-2023-36632, CVE-2023-2137, CVE-2022-1622, CVE-2023-2731, CVE-2023-26965, CVE-2023-1916, CVE-2022-40090, CVE-2023-4863, CVE-2023-43785, CVE-2023-43786, CVE-2023-43787, CVE-2023-3138, CVE-2023-43788, CVE-2023-43789, CVE-2023-46228, CVE-2023-35945, CVE-2023-44487, CVE-2022-41741, CVE-2023-44487, CVE-2022-41742, CVE-2023-26555, CVE-2023-26554, CVE-2023-26553, CVE-2023-26552, CVE-2023-26551, CVE-2023-31486, CVE-2023-3148, CVE-2023-4863, CVE-2023-44271, CVE-2023-5752, CVE-2023-48795, CVE-2023-37920, CVE-2023-4641, CVE-2023-38286, CVE-2023-45803, CVE-2023-45804, CVE-2023-27522, CVE-2023-46136, CVE-2023-45853 Dell PowerProtect DD Management Center Data Domain Operating System Version 7.0 through 7.13 Version 8.0.0.10 or later, 
or
Version 7.13.1.0 or later to stay on LTS2024 Version 7.13,
or
Version 7.10.1.30 or later to stay on LTS2023 Version 7.10,
or
Version 7.7.5.40 or later to stay on LTS2022 Version 7.7		 https://www.dell.com/support/kbdoc/334649
https://www.dell.com/support/kbdoc/525902
CVE-2024-29177, CVE-2024-29174, CVE-2024-29175, CVE-2024-37138, CVE-2024-37141, CVE-2023-31122, CVE-2023-43622, CVE-2023-45802, CVE-2023-44487, CVE-2023-41080, CVE-2023-42795, CVE-2023-45648, CVE-2023-28708, CVE-2023-46589, CVE-2022-44730, CVE-2022-44729, CVE-2023-38039, CVE-2023-38546, CVE-2023-38545, CVE-2023-38039, CVE-2023-38546, CVE-2023-38545, CVE-2023-28322, CVE-2023-28320, CVE-2023-28321, CVE-2023-46218, CVE-2023-28319, CVE-2022-43680, CVE-2022-23990, CVE-2022-25313, CVE-2023-30861, CVE-2023-29007, CVE-2023-25652, CVE-2023-23946, CVE-2023-22490, CVE-2022-41953, CVE-2023-32665, CVE-2023-32636, CVE-2023-32611, CVE-2023-29499, CVE-2021-3800, CVE-2021-28153, CVE-2021-27219, CVE-2021-27218, CVE-2020-35457, CVE-2019-13012, CVE-2019-12450, CVE-2023-4813, CVE-2023-1972, CVE-2023-1579, CVE-2022-4285, CVE-2023-30571, CVE-2022-36227, CVE-2021-36976, CVE-2021-31566, CVE-2021-23177, CVE-2023-4039, CVE-2023-2603, CVE-2022-35206, CVE-2022-44840, CVE-2022-4285, CVE-2022-48065, CVE-2022-48064, CVE-2022-48063, CVE-2023-25585, CVE-2023-25588, CVE-2023-1972, CVE-2023-1579, CVE-2022-35205, CVE-2022-45703, CVE-2021-32256, CVE-2022-47673, CVE-2020-19726, CVE-2022-47695, CVE-2022-47696, CVE-2023-22652, CVE-2023-32181, CVE-2023-30079, CVE-2023-30078, CVE-2023-50495, CVE-2023-35945, CVE-2023-44487, CVE-2023-3817, CVE-2023-5678, CVE-2023-4807, CVE-2023-4016, CVE-2023-40217, CVE-2023-27043, CVE-2023-36632, CVE-2023-2137, CVE-2022-1622, CVE-2023-2731, CVE-2023-26965, CVE-2023-1916, CVE-2022-40090, CVE-2023-4863, CVE-2023-43785, CVE-2023-43786, CVE-2023-43787, CVE-2023-43788, CVE-2023-43789, CVE-2023-46228, CVE-2023-35945, CVE-2023-44487, CVE-2022-41741, CVE-2023-44487, CVE-2022-41742, CVE-2023-26555, CVE-2023-26554, CVE-2023-26553, CVE-2023-26552, CVE-2023-26551, CVE-2023-31486, CVE-2023-3148, CVE-2023-4863, CVE-2023-44271, CVE-2023-5752, CVE-2023-37920, CVE-2023-4641, CVE-2023-38286, CVE-2023-45803, CVE-2023-45804, CVE-2023-27522, CVE-2023-46136, CVE-2023-45853, CVE-2023-38473, CVE-2023-3341, CVE-2020-19726, CVE-2021-32256, CVE-2022-4285, CVE-2022-35205, CVE-2022-35206, CVE-2022-44840, CVE-2022-45703, CVE-2022-47673, CVE-2022-47695, CVE-2022-47696, CVE-2022-48063, CVE-2022-48064, CVE-2022-48065, CVE-2023-0687, CVE-2023-1579, CVE-2023-1972, CVE-2023-2222, CVE-2023-25585, CVE-2023-25587, CVE-2023-25588, CVE-2022-44638, CVE-2023-4504, CVE-2023-32360, CVE-2023-34241, CVE-2023-38039, CVE-2023-38546, CVE-2023-38545, CVE-2023-38039, CVE-2023-38546, CVE-2023-38545, CVE-2023-28322, CVE-2023-28320, CVE-2023-28321, CVE-2023-46218, CVE-2023-28319, CVE-2023-4039, CVE-2018-9234, CVE-2023-4692, CVE-2023-4693, CVE-2023-31085, CVE-2023-34324, CVE-2023-39189, CVE-2023-45862, CVE-2020-36766, CVE-2023-0394, CVE-2023-1192, CVE-2023-1206, CVE-2023-1859, CVE-2023-4622, CVE-2023-4623, CVE-2023-4881, CVE-2023-4921, CVE-2023-39192, CVE-2023-39193, CVE-2023-39194, CVE-2023-42754, CVE-2022-36402, CVE-2023-2007, CVE-2023-3772, CVE-2023-3812, CVE-2023-3863, CVE-2023-4128, CVE-2023-4132, CVE-2023-4133, CVE-2023-4134, CVE-2023-4194, CVE-2023-4385, CVE-2023-4387, CVE-2023-4459, CVE-2023-20588, CVE-2023-34319, CVE-2023-40283, CVE-2023-5870, CVE-2023-5868, CVE-2023-5869, CVE-2022-33065, CVE-2023-5217, CVE-2016-3709, CVE-2023-28484, CVE-2023-29469, CVE-2023-39615, CVE-2023-43788, CVE-2023-43789, CVE-2023-45853, CVE-2023-28736, CVE-2023-28938, CVE-2023-4874, CVE-2023-4875, CVE-2021-42782, CVE-2023-40661, CVE-2023-48795, CVE-2022-4304, CVE-2023-0215, CVE-2023-0286, CVE-2023-0464, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-5678, CVE-2023-34059, CVE-2023-20900, CVE-2023-32182, CVE-2022-48565, CVE-2022-48566, CVE-2023-41105, CVE-2023-40217, CVE-2023-37920, CVE-2023-32681, CVE-2023-4641, CVE-2023-2137, CVE-2023-1829, CVE-2023-23559, CVE-2020-18768, CVE-2023-2908, CVE-2023-3316, CVE-2023-3576, CVE-2023-3618, CVE-2023-25433, CVE-2023-26966, CVE-2023-38288, CVE-2023-38289, CVE-2023-23583, CVE-2023-5344, CVE-2023-5441, CVE-2023-5535, CVE-2023-46246, CVE-2023-43361 Dell PowerProtect DD Management Center with SmartScale feature Data Domain Operating System 7.8 to 7.13 8.0.0.10 and above
or
7.13.1.0 and above to stay on LTS2024 7.13
or
7.10.1.30 and above to stay on LTS2023 7.10		 https://www.dell.com/support/kbdoc/334649
https://www.dell.com/support/kbdoc/525902
CVEs Addressed Product Software/Firmware Affected Versions Updated Versions Link to Update
CVE-2024-28973, CVE-2024-29176, CVE-2024-29177, CVE-2024-29173, CVE-2024-29175, CVE-2024-37139, CVE-2024-37140, CVE-2024-37141, CVE-2023-31122, CVE-2023-43622, CVE-2023-45802, CVE-2023-44487, CVE-2023-41080, CVE-2023-42795, CVE-2023-45648, CVE-2023-28708, CVE-2023-46589, CVE-2022-43680, CVE-2022-23990, CVE-2022-25313, CVE-2023-32665, CVE-2023-32636, CVE-2023-32611, CVE-2023-29499, CVE-2021-3800, CVE-2021-28153, CVE-2021-27219, CVE-2021-27218, CVE-2020-35457, CVE-2019-13012, CVE-2019-12450, CVE-2023-30571, CVE-2022-36227, CVE-2021-36976, CVE-2021-31566, CVE-2021-23177, CVE-2023-35945, CVE-2023-44487, CVE-2023-26555, CVE-2023-26554, CVE-2023-26553, CVE-2023-26552, CVE-2023-26551, CVE-2023-48795, CVE-2023-37920, CVE-2023-45803, CVE-2023-45804, CVE-2023-45853 Dell PowerProtect DD series appliances,
Dell PowerProtect DD Virtual Edition,
Dell APEX Protection Storage		 Data Domain Operating System Versions 7.0 through 7.13 Version 8.0.0.10 or later, 
or
Version 7.13.1.0 or later to stay on LTS2024 Version 7.13, 
or
7.10.1.30 or later to stay on LTS2023 Version 7.10,
or
Version 7.7.5.40 or later to stay on LTS2022 Version 7.7		 https://www.dell.com/support/kbdoc/334649
https://www.dell.com/support/kbdoc/525902
CVE-2024-28973, CVE-2024-29176, CVE-2024-29177, CVE-2024-29173, CVE-2024-29175, CVE-2024-37139, CVE-2024-37140, CVE-2024-37141, CVE-2023-31122, CVE-2023-43622, CVE-2023-45802, CVE-2023-44487, CVE-2023-41080, CVE-2023-42795, CVE-2023-45648, CVE-2023-28708, CVE-2023-46589, CVE-2022-43680, CVE-2022-23990, CVE-2022-25313, CVE-2023-32665, CVE-2023-32636, CVE-2023-32611, CVE-2023-29499, CVE-2021-3800, CVE-2021-28153, CVE-2021-27219, CVE-2021-27218, CVE-2020-35457, CVE-2019-13012, CVE-2019-12450, CVE-2023-30571, CVE-2022-36227, CVE-2021-36976, CVE-2021-31566, CVE-2021-23177, CVE-2023-35945, CVE-2023-44487, CVE-2023-26555, CVE-2023-26554, CVE-2023-26553, CVE-2023-26552, CVE-2023-26551, CVE-2023-48795, CVE-2023-37920, CVE-2023-45803, CVE-2023-45804, CVE-2023-45853 PowerProtect Data Manager Appliance model: DM5500 Data Domain Operating System Versions prior to 5.16.0.0 Version 5.16.0.0 or later Link to download (requires log in to Dell Support)
CVE-2023-0215, CVE-2022-4450, CVE-2022-4304 Dell PowerProtect DD appliance models: DD6300, DD6800, and DD9300 BIOS Version 7.0 through 7.13 Version 8.0.0.10 or later,
or
Version 7.13.1.0 or later to stay on LTS2024 Version 7.13,
or
Version 7.10.1.30 or later to stay on LTS2023 Version 7.10,
or
Version 7.7.5.40 or later to stay on LTS2022 Version 7.7		 https://www.dell.com/support/kbdoc/334649
https://www.dell.com/support/kbdoc/525902
CVE-2024-29177, CVE-2024-29174, CVE-2024-29175, CVE-2024-37138, CVE-2024-37141, CVE-2023-31122, CVE-2023-43622, CVE-2023-45802, CVE-2023-44487, CVE-2023-41080, CVE-2023-42795, CVE-2023-45648, CVE-2023-28708, CVE-2023-46589, CVE-2022-44730, CVE-2022-44729, CVE-2023-38039, CVE-2023-38546, CVE-2023-38545, CVE-2023-38039, CVE-2023-38546, CVE-2023-38545, CVE-2023-28322, CVE-2023-28320, CVE-2023-28321, CVE-2023-46218, CVE-2023-28319, CVE-2022-43680, CVE-2022-23990, CVE-2022-25313, CVE-2023-30861, CVE-2023-29007, CVE-2023-25652, CVE-2023-23946, CVE-2023-22490, CVE-2022-41953, CVE-2023-32665, CVE-2023-32636, CVE-2023-32611, CVE-2023-29499, CVE-2021-3800, CVE-2021-28153, CVE-2021-27219, CVE-2021-27218, CVE-2020-35457, CVE-2019-13012, CVE-2019-12450, CVE-2023-4813, CVE-2023-1972, CVE-2023-1579, CVE-2022-4285, CVE-2023-30571, CVE-2022-36227, CVE-2021-36976, CVE-2021-31566, CVE-2021-23177, CVE-2023-4039, CVE-2023-2603, CVE-2022-35206, CVE-2022-44840, CVE-2022-4285, CVE-2022-48065, CVE-2022-48064, CVE-2022-48063, CVE-2023-25585, CVE-2023-25588, CVE-2023-1972, CVE-2023-1579, CVE-2022-35205, CVE-2022-45703, CVE-2021-32256, CVE-2022-47673, CVE-2020-19726, CVE-2022-47695, CVE-2022-47696, CVE-2023-22652, CVE-2023-32181, CVE-2023-30079, CVE-2023-30078, CVE-2023-50495, CVE-2023-35945, CVE-2023-44487, CVE-2023-3817, CVE-2023-5678, CVE-2023-4807, CVE-2023-4016, CVE-2023-40217, CVE-2023-27043, CVE-2023-36632, CVE-2023-2137, CVE-2022-1622, CVE-2023-2731, CVE-2023-26965, CVE-2023-1916, CVE-2022-40090, CVE-2023-4863, CVE-2023-43785, CVE-2023-43786, CVE-2023-43787, CVE-2023-3138, CVE-2023-43788, CVE-2023-43789, CVE-2023-46228, CVE-2023-35945, CVE-2023-44487, CVE-2022-41741, CVE-2023-44487, CVE-2022-41742, CVE-2023-26555, CVE-2023-26554, CVE-2023-26553, CVE-2023-26552, CVE-2023-26551, CVE-2023-31486, CVE-2023-3148, CVE-2023-4863, CVE-2023-44271, CVE-2023-5752, CVE-2023-48795, CVE-2023-37920, CVE-2023-4641, CVE-2023-38286, CVE-2023-45803, CVE-2023-45804, CVE-2023-27522, CVE-2023-46136, CVE-2023-45853 Dell PowerProtect DD Management Center Data Domain Operating System Version 7.0 through 7.13 Version 8.0.0.10 or later, 
or
Version 7.13.1.0 or later to stay on LTS2024 Version 7.13,
or
Version 7.10.1.30 or later to stay on LTS2023 Version 7.10,
or
Version 7.7.5.40 or later to stay on LTS2022 Version 7.7		 https://www.dell.com/support/kbdoc/334649
https://www.dell.com/support/kbdoc/525902
CVE-2024-29177, CVE-2024-29174, CVE-2024-29175, CVE-2024-37138, CVE-2024-37141, CVE-2023-31122, CVE-2023-43622, CVE-2023-45802, CVE-2023-44487, CVE-2023-41080, CVE-2023-42795, CVE-2023-45648, CVE-2023-28708, CVE-2023-46589, CVE-2022-44730, CVE-2022-44729, CVE-2023-38039, CVE-2023-38546, CVE-2023-38545, CVE-2023-38039, CVE-2023-38546, CVE-2023-38545, CVE-2023-28322, CVE-2023-28320, CVE-2023-28321, CVE-2023-46218, CVE-2023-28319, CVE-2022-43680, CVE-2022-23990, CVE-2022-25313, CVE-2023-30861, CVE-2023-29007, CVE-2023-25652, CVE-2023-23946, CVE-2023-22490, CVE-2022-41953, CVE-2023-32665, CVE-2023-32636, CVE-2023-32611, CVE-2023-29499, CVE-2021-3800, CVE-2021-28153, CVE-2021-27219, CVE-2021-27218, CVE-2020-35457, CVE-2019-13012, CVE-2019-12450, CVE-2023-4813, CVE-2023-1972, CVE-2023-1579, CVE-2022-4285, CVE-2023-30571, CVE-2022-36227, CVE-2021-36976, CVE-2021-31566, CVE-2021-23177, CVE-2023-4039, CVE-2023-2603, CVE-2022-35206, CVE-2022-44840, CVE-2022-4285, CVE-2022-48065, CVE-2022-48064, CVE-2022-48063, CVE-2023-25585, CVE-2023-25588, CVE-2023-1972, CVE-2023-1579, CVE-2022-35205, CVE-2022-45703, CVE-2021-32256, CVE-2022-47673, CVE-2020-19726, CVE-2022-47695, CVE-2022-47696, CVE-2023-22652, CVE-2023-32181, CVE-2023-30079, CVE-2023-30078, CVE-2023-50495, CVE-2023-35945, CVE-2023-44487, CVE-2023-3817, CVE-2023-5678, CVE-2023-4807, CVE-2023-4016, CVE-2023-40217, CVE-2023-27043, CVE-2023-36632, CVE-2023-2137, CVE-2022-1622, CVE-2023-2731, CVE-2023-26965, CVE-2023-1916, CVE-2022-40090, CVE-2023-4863, CVE-2023-43785, CVE-2023-43786, CVE-2023-43787, CVE-2023-43788, CVE-2023-43789, CVE-2023-46228, CVE-2023-35945, CVE-2023-44487, CVE-2022-41741, CVE-2023-44487, CVE-2022-41742, CVE-2023-26555, CVE-2023-26554, CVE-2023-26553, CVE-2023-26552, CVE-2023-26551, CVE-2023-31486, CVE-2023-3148, CVE-2023-4863, CVE-2023-44271, CVE-2023-5752, CVE-2023-37920, CVE-2023-4641, CVE-2023-38286, CVE-2023-45803, CVE-2023-45804, CVE-2023-27522, CVE-2023-46136, CVE-2023-45853, CVE-2023-38473, CVE-2023-3341, CVE-2020-19726, CVE-2021-32256, CVE-2022-4285, CVE-2022-35205, CVE-2022-35206, CVE-2022-44840, CVE-2022-45703, CVE-2022-47673, CVE-2022-47695, CVE-2022-47696, CVE-2022-48063, CVE-2022-48064, CVE-2022-48065, CVE-2023-0687, CVE-2023-1579, CVE-2023-1972, CVE-2023-2222, CVE-2023-25585, CVE-2023-25587, CVE-2023-25588, CVE-2022-44638, CVE-2023-4504, CVE-2023-32360, CVE-2023-34241, CVE-2023-38039, CVE-2023-38546, CVE-2023-38545, CVE-2023-38039, CVE-2023-38546, CVE-2023-38545, CVE-2023-28322, CVE-2023-28320, CVE-2023-28321, CVE-2023-46218, CVE-2023-28319, CVE-2023-4039, CVE-2018-9234, CVE-2023-4692, CVE-2023-4693, CVE-2023-31085, CVE-2023-34324, CVE-2023-39189, CVE-2023-45862, CVE-2020-36766, CVE-2023-0394, CVE-2023-1192, CVE-2023-1206, CVE-2023-1859, CVE-2023-4622, CVE-2023-4623, CVE-2023-4881, CVE-2023-4921, CVE-2023-39192, CVE-2023-39193, CVE-2023-39194, CVE-2023-42754, CVE-2022-36402, CVE-2023-2007, CVE-2023-3772, CVE-2023-3812, CVE-2023-3863, CVE-2023-4128, CVE-2023-4132, CVE-2023-4133, CVE-2023-4134, CVE-2023-4194, CVE-2023-4385, CVE-2023-4387, CVE-2023-4459, CVE-2023-20588, CVE-2023-34319, CVE-2023-40283, CVE-2023-5870, CVE-2023-5868, CVE-2023-5869, CVE-2022-33065, CVE-2023-5217, CVE-2016-3709, CVE-2023-28484, CVE-2023-29469, CVE-2023-39615, CVE-2023-43788, CVE-2023-43789, CVE-2023-45853, CVE-2023-28736, CVE-2023-28938, CVE-2023-4874, CVE-2023-4875, CVE-2021-42782, CVE-2023-40661, CVE-2023-48795, CVE-2022-4304, CVE-2023-0215, CVE-2023-0286, CVE-2023-0464, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-5678, CVE-2023-34059, CVE-2023-20900, CVE-2023-32182, CVE-2022-48565, CVE-2022-48566, CVE-2023-41105, CVE-2023-40217, CVE-2023-37920, CVE-2023-32681, CVE-2023-4641, CVE-2023-2137, CVE-2023-1829, CVE-2023-23559, CVE-2020-18768, CVE-2023-2908, CVE-2023-3316, CVE-2023-3576, CVE-2023-3618, CVE-2023-25433, CVE-2023-26966, CVE-2023-38288, CVE-2023-38289, CVE-2023-23583, CVE-2023-5344, CVE-2023-5441, CVE-2023-5535, CVE-2023-46246, CVE-2023-43361 Dell PowerProtect DD Management Center with SmartScale feature Data Domain Operating System 7.8 to 7.13 8.0.0.10 and above
or
7.13.1.0 and above to stay on LTS2024 7.13
or
7.10.1.30 and above to stay on LTS2023 7.10		 https://www.dell.com/support/kbdoc/334649
https://www.dell.com/support/kbdoc/525902
Note: PowerProtect DP Series Appliance - IDPA (Integrated Data Protection Appliance): All Models, Versions prior to 2.7.6, are impacted. The release of security updates associated with this vulnerability is targeted for August 2024. This date is subject to change.

Revision History

RevisionDateDescription
1.02024-06-24Initial Release
2.02024-06-24Updated for enhanced presentation with no changes to content
3.02024-06-26Updated Proprietary Code section: Corrected CVSS Base Score from 8.0 to 8.8 for CVE-2024-37140; updated the CVSS Vector String link
4.02024-07-23Updated Affected Products and Remediation section: PowerProtect DP Series Appliance - IDPA (Integrated Data Protection Appliance): All Models - "Please see note in Affected Products and Remediation Section”
5.02024-10-29Updated Proprietary Code section: Corrected CVE Description for CVE-2024-29176

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Disclaimer

Affected Products

Data Domain, DD OS 7.0, DD OS 7.1, DD OS 7.10, DD OS 7.11, DD OS 7.12, DD OS 7.13, DD OS 7.2, DD OS 7.3, DD OS 7.4, DD OS 7.5, DD OS 7.6, DD OS 7.7, DD OS 7.8, DD OS 7.9, Data Domain Virtual Edition, PowerProtect Data Protection Software , Integrated Data Protection Appliance Family, Integrated Data Protection Appliance Software, PowerProtect DM5500 ...
Article Properties
Article Number: 000226148
Article Type: Dell Security Advisory
Last Modified: 29 Oct 2024
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.