DSA-2025-075: Security Update for Dell Data Protection Advisor for Multiple Component Vulnerabilities

Summary: Dell Data Protection Advisor remediation is available for multiple vulnerabilities that could be exploited by malicious users to compromise the affected system.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Impact

Critical

Details

Third-party Component

CVEs

More Information

Apache Avro

CVE-2021-43045, CVE-2023-39410

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

Apache commons collections

CVE-2015-7501

 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

Apache commons compress

CVE-2023-42503, CVE-2024-25710, CVE-2024-26308

 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

Apache Mina SSHD :: Common support utilities

CVE-2022-45047

 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

Apache Mina SSHD :: Core

CVE-2021-30129, CVE-2023-35887, CVE-2023-48795

 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

Apache Tomcat

CVE-2021-24122, CVE-2021-30640, CVE-2021-33037, CVE-2022-34305, CVE-2020-9484, CVE-2020-17527, CVE-2021-25122, CVE-2021-25329, CVE-2021-30639,CVE-2021-41079, CVE-2022-23181, CVE-2022-29885, CVE-2022-25762, CVE-2022-42252, CVE-2023-46589, CVE-2021-43980, CVE-2023-28708, CVE-2023-41080, CVE-2023-42795, CVE-2023-45648, CVE-2024-21733

 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

Apache Velocity

CVE-2020-13936

 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

Apache Xerces

CVE-2022-23437

 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

Curl

CVE-2023-38545

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

Dom4j

CVE-2020-10683

 

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

Google-guava

CVE-2023-2976, CVE-2020-8908

 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

H2 Database Engine

CVE-2022-45868

 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

Java SE: 8u421

CVE-2024-21235, CVE-2024-21217, CVE-2024-21210, CVE-2024-21208

 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

Jboss REST Easy

CVE-2016-9606, CVE-2020-25633

 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

Jettison

CVE-2022-40149, CVE-2022-40150, CVE-2022-45685, CVE-2022-45693, CVE-2023-1436

 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

JGit

CVE-2023-4759

 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

Jsoup

CVE-2021-37714, CVE-2022-36033

 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

libcurl

CVE-2023-27537, CVE-2023-38039

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

MySql Connector

CVE-2023-22102, CVE-2023-21971

 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

okHttp

CVE-2018-20200

 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

PostgreSQL driver

CVE-2024-1597

 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

Slf4j_ext

CVE-2018-8088

 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

SnakeYaml

CVE-2022-41854, CVE-2022-38750,CVE-2022-38751, CVE-2022-38749, CVE-2022-25857, CVE-2022-1471, CVE-2022-38752

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

SSH

CVE-2023-46445, CVE-2023-46446

 

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

 

Wildfly

CVE-2020-14338

 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

XML External Entity

CVE-2014-3530

 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

 

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

Product

Affected Versions

Remediated Versions

Link to Update

Data Protection Advisor

Versions 19.9, 19.10 and 19.11

Version 19.12 or later

Data Protection Advisor Downloads Area

Product

Affected Versions

Remediated Versions

Link to Update

Data Protection Advisor

Versions 19.9, 19.10 and 19.11

Version 19.12 or later

Data Protection Advisor Downloads Area

Notes:

  1. Dell recommends that you always upgrade to the latest release/version for your product.
  2. To request the workaround files that remove the affected OpenSSL-dependent libraries, or to receive assistance with applying the workaround, please contact Dell Customer Support.

Workarounds & Mitigations

CVE ID

Workaround and Mitigation

CVE-2024-5535, CVE-2023-3446

Pre-requisites: 

  • This workaround applies to Dell Data Protection Advisor (DPA), version 19.11 and later.
  • The HP Disk Array and HP Virtual Tape Library (VTL) endpoints must not be actively monitored by DPA.
  • The script must be executed by a user with system access and privileges to perform operations such as read, execute and delete files or execute shell or batch scripts.
  • The absolute paths to the _install and _uninstall directories of DPA on the host’s file system must be prepared and noted in advance, as they will be required during script execution. 
  • The appropriate script file for your operating system has been downloaded. The script helps remove OpenSSL 1.0.2 dependent libraries affected by CVE-2024-5535 and CVE-2023-3446.
    • Linux: Unbundle_openssl_102_Libs_From_DPA.sh
    • Windows: Unbundle_Openssl_102_Libs_From_DPA.bat 
 

For Linux: 

  1. Extract UnbundleScript_Openssl_102_Libs.zip to a temporary folder, using one either gunzip or unzip command.
  2. Grant execute permission to the script using the following CLI command: 
     # chmod 0777 unbundle_openssl_102_Libs_From_DPA 

  1. Execute the script and when prompted, provide the absolute path where _install and _uninstall DPA folders are present. Example: </opt/emc/dpa/>.

Note: Post execution the script will automatically remove libssl.so.1.0.0, libcrypto.so.1.0.0, dpaagent_modhparray, and dpaagent_modhpvls and exit. 

 

 

For Windows: 

  1. Extract UnbundleScript_Openssl_102_Libs.zip to a temporary folder using 7Zip software or any Windows supported zip software 
  2. Execute the script and when prompted, provide the absolute path where _install and _uninstall DPA folders are present. Example: <C:\Program Files\EMC\DPA>.
 

Note: Post execution of the script will automatically remove libeay32.dll, ssleay32.dll, dpaagent_modhparray.exe, dpaagent_modhpvls.exe and exit.

Revision History

Revision

Date

Description

1.0

2025-02-06

Initial Release

2.0

2025-06-11

Minor updates related to workaround and formatting

3.0

2025-06-18

Minor update related to workaround files availability

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Disclaimer

Affected Products

Data Protection Advisor, Data Protection Suite Series
Article Properties
Article Number: 000281732
Article Type: Dell Security Advisory
Last Modified: 18 Jun 2025
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.