DSA-2021-147: Dell EMC Data Protection Search and Dell EMC PowerProtect Data Protection Security Update for Multiple Vulnerabilities
Yhteenveto: Dell EMC Data Protection Search and Dell EMC PowerProtect Data Protection remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system. ...
Tämä artikkeli koskee tuotetta
Tämä artikkeli ei koske tuotetta
Tämä artikkeli ei liity tiettyyn tuotteeseen.
Tässä artikkelissa ei yksilöidä kaikkia tuoteversioita.
Vaikutus
High
Tiedot
| Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
| CVE-2021-21601 | Dell EMC Data Protection Search, versions 19.4 and earlier, and IDPA, versions 2.6.1 and earlier, contain an Information Exposure in Log File Vulnerability in CIS. A local low privileged attacker may potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with the privileges of the compromised account. | 8.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
| Third-party Component | CVEs | More information |
| OpenSSL | CVE-2020-1971 | See NVD (http://nvd.nist.gov/) for individual scores for each CVE. |
| Grub2 | CVE-2020-14372 CVE-2020-25632 CVE-2020-25647 CVE-2020-27749 CVE-2020-27779 CVE-2021-20225 CVE-2021-20233 |
|
| SuSE | CVE-2020-28374 CVE-2020-36158 CVE-2020-27825 CVE-2020-0466 CVE-2020-27068 CVE-2020-0465 CVE-2020-0444 CVE-2020-29660 CVE-2020-29661 CVE-2020-27777 CVE-2019-20934 CVE-2020-27786 CVE-2020-4788 CVE-2018-20669 |
|
| Oracle JRE | CVE-2020-14803 CVE-2020-14792 CVE-2020-14781 CVE-2020-14782 CVE-2020-14797 CVE-2020-14779 CVE-2020-14796 CVE-2020-14798 CVE-2020-14803 CVE-2021-2161 CVE-2021-2163 |
https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixJAVA https://www.oracle.com/security-alerts/cpujan2021.html#AppendixJAVA https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixJAVA |
| Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
| CVE-2021-21601 | Dell EMC Data Protection Search, versions 19.4 and earlier, and IDPA, versions 2.6.1 and earlier, contain an Information Exposure in Log File Vulnerability in CIS. A local low privileged attacker may potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with the privileges of the compromised account. | 8.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
| Third-party Component | CVEs | More information |
| OpenSSL | CVE-2020-1971 | See NVD (http://nvd.nist.gov/) for individual scores for each CVE. |
| Grub2 | CVE-2020-14372 CVE-2020-25632 CVE-2020-25647 CVE-2020-27749 CVE-2020-27779 CVE-2021-20225 CVE-2021-20233 |
|
| SuSE | CVE-2020-28374 CVE-2020-36158 CVE-2020-27825 CVE-2020-0466 CVE-2020-27068 CVE-2020-0465 CVE-2020-0444 CVE-2020-29660 CVE-2020-29661 CVE-2020-27777 CVE-2019-20934 CVE-2020-27786 CVE-2020-4788 CVE-2018-20669 |
|
| Oracle JRE | CVE-2020-14803 CVE-2020-14792 CVE-2020-14781 CVE-2020-14782 CVE-2020-14797 CVE-2020-14779 CVE-2020-14796 CVE-2020-14798 CVE-2020-14803 CVE-2021-2161 CVE-2021-2163 |
https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixJAVA https://www.oracle.com/security-alerts/cpujan2021.html#AppendixJAVA https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixJAVA |
Tuotteet, joihin asia vaikuttaa, ja tilanteen korjaaminen
| Product | Affected Versions | Updated Versions | Link to Update | ||
| Dell EMC Data Protection Search | Versions before 19.5 | 19.5 | https://dl.dell.com/downloads/DL104088_Search-19.5.0-upgrade-package.zip |
||
| Dell EMC Integrated Data Protection Appliance | Versions before 2.7 | 2.7 |
Expected release date August 2021. | ||
| Product | Affected Versions | Updated Versions | Link to Update | ||
| Dell EMC Data Protection Search | Versions before 19.5 | 19.5 | https://dl.dell.com/downloads/DL104088_Search-19.5.0-upgrade-package.zip |
||
| Dell EMC Integrated Data Protection Appliance | Versions before 2.7 | 2.7 |
Expected release date August 2021. | ||
Kiertotavat ja lievennyskeinot
None.
Versiohistoria
| Revision | Date | Description |
| 1.0 | 2021-07-22 | Initial Release |
| 1.1 | 2021-11-03 | Updated Product Tagging |
Asiaan liittyvät tiedot
Vastuuvapauslauseke
Tuotteet, joihin vaikutus kohdistuu
Data Protection Search, PowerProtect Data Protection Software, Integrated Data Protection Appliance Family, PowerProtect Data Protection Hardware, Integrated Data Protection Appliance Software, Product Security InformationArtikkelin ominaisuudet
Artikkelin numero: 000189555
Artikkelin tyyppi: Dell Security Advisory
Viimeksi muutettu: 04 marrask. 2021
Etsi vastauksia kysymyksiisi muilta Dell-käyttäjiltä
Tukipalvelut
Tarkista, kuuluuko laitteesi tukipalveluiden piiriin.