DSA-2025-075 : Security Update for Dell Data Protection Advisor for Multiple Component Vulnerabilities.
Summary: Dell Data Protection Advisor remediation is available for multiple vulnerabilities that could be exploited by malicious users to compromise the affected system.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Impact
Critical
Details
|
Third-party Component |
CVEs |
More Information |
|
Dom4j |
CVE-2020-10683 |
|
|
libcurl |
CVE-2023-27537, CVE-2023-38039 |
See NVD link below for individual scores for each CVE. |
|
Curl |
CVE-2023-38545 |
|
|
SnakeYaml |
CVE-2022-41854, CVE-2022-38750,CVE-2022-38751, CVE-2022-38749, CVE-2022-25857, CVE-2022-1471, CVE-2022-38752 |
See NVD link below for individual scores for each CVE. |
|
SSH |
CVE-2023-46445, CVE-2023-46446 |
See NVD link below for individual scores for each CVE. |
|
Apache Avro |
CVE-2021-43045, CVE-2023-39410 |
See NVD link below for individual scores for each CVE. |
|
Apache Mina SSHD :: Common support utilities |
CVE-2022-45047 |
|
|
Apache Mina SSHD :: Core |
CVE-2021-30129, CVE-2023-35887, CVE-2023-48795 |
See NVD link below for individual scores for each CVE. |
|
Apache Tomact |
CVE-2021-24122, CVE-2021-30640, CVE-2021-33037, CVE-2022-34305, CVE-2020-9484, CVE-2020-17527, CVE-2021-25122, CVE-2021-25329, CVE-2021-30639,CVE-2021-41079, CVE-2022-23181, CVE-2022-29885, CVE-2022-25762, CVE-2022-42252, CVE-2023-46589, CVE-2021-43980, CVE-2023-28708, CVE-2023-41080, CVE-2023-42795, CVE-2023-45648, CVE-2024-21733 |
See NVD link below for individual scores for each CVE. |
|
Apache Velocity |
CVE-2020-13936 |
|
|
Wildfly |
CVE-2020-14338 |
|
|
Apache Xerces |
CVE-2022-23437 |
|
|
Google-guava |
CVE-2023-2976, CVE-2020-8908 |
See NVD link below for individual scores for each CVE. |
|
Jettison |
CVE-2022-40149, CVE-2022-40150, CVE-2022-45685, CVE-2022-45693, CVE-2023-1436 |
See NVD link below for individual scores for each CVE. |
|
JGit |
CVE-2023-4759 |
|
|
Jsoup |
CVE-2021-37714, CVE-2022-36033 |
See NVD link below for individual scores for each CVE. |
|
Apache commons collections |
CVE-2015-7501 |
|
|
okHttp |
CVE-2018-20200 |
|
|
XML External Entity |
CVE-2014-3530 |
|
|
PostgreSQL driver |
CVE-2024-1597 |
|
|
H2 Database Engine |
CVE-2022-45868 |
|
|
Apache commons compress |
CVE-2023-42503, CVE-2024-25710, CVE-2024-26308 |
See NVD link below for individual scores for each CVE. |
|
MySql Connector |
CVE-2023-22102, CVE-2023-21971 |
See NVD link below for individual scores for each CVE. |
|
Jboss REST Easy |
CVE-2016-9606, CVE-2020-25633 |
|
|
Slf4j_ext |
CVE-2018-8088 |
|
|
Java SE: 8u421 |
CVE-2024-21235, CVE-2024-21217, CVE-2024-21210, CVE-2024-21208 |
See NVD link below for individual scores for each CVE. |
Affected Products & Remediation
|
Product |
Affected Versions |
Remediated Versions |
Link to Update |
|
Dell Protection Advisor |
Versions 19.9,19.10 and 19.11 |
Version 19.12 or later |
https://www.dell.com/support/home/product-support/product/data-protection-advisor/drivers |
|
Product |
Affected Versions |
Remediated Versions |
Link to Update |
|
Dell Protection Advisor |
Versions 19.9,19.10 and 19.11 |
Version 19.12 or later |
https://www.dell.com/support/home/product-support/product/data-protection-advisor/drivers |
- Dell recommends that you always upgrade to the latest release/version for your product.
- For scheduling platform security patch installations, server upgrades, or applying the workaround and mitigation for CVE-2024-5535 and CVE-2023-3446, please reach out to Dell Customer Support: https://www.dell.com/support/home
Workarounds & Mitigations
|
CVE ID |
Workaround and Mitigation |
|
CVE-2024-5535, CVE-2023-3446 |
For Windows: Use "Unbundle_Openssl_102_Libs_From_DPA.bat" batch file For Linux : Use "unbundle_openssl_102_Libs_From_DPA.sh" file. 1) Please download UnbundleScript_Openssl_102_Libs.zip and extract it 2) Copy the respective script file based on the OS platform to a temporary folder. 3) In Linux, Change permission to executable to script file. chmod 0777 unbundle_openssl_102_Libs_From_DPA 4) While executing the script, User has to provide absolute dpa install path where _install and _uninstall folders are present when prompted. Example for Windows Path : C:\Program Files\EMC\DPA for Linux Path : /opt/emc/dpa 5) On successful execution, script will remove the following files Windows: libeay32.dll, ssleay32.dll, dpaagent_modhparray.exe, dpaagent_modhpvls.exe Linux: libssl.so.1.0.0, libcrypto.so.1.0.0, dpaagent_modhparray, dpaagent_modhpvls 6) Performing the above workaround, the application which calls DH_check() and supplies a key or parameters obtained can be avoided which would lead to a Denial of Service attack. |
Revision History
|
Revision |
Date |
Description |
|
1.0 |
2025-02-06 |
Initial Release |
Related Information
Legal Disclaimer
Affected Products
Data Protection Advisor, Data Protection Suite SeriesArticle Properties
Article Number: 000281732
Article Type: Dell Security Advisory
Last Modified: 06 Feb 2025
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.