DSA-2021-147: Dell EMC Data Protection Search and Dell EMC PowerProtect Data Protection Security Update for Multiple Vulnerabilities
Summary: Dell EMC Data Protection Search and Dell EMC PowerProtect Data Protection remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system. ...
Ez a cikk a következő(k)re vonatkozik:
Ez a cikk nem vonatkozik a következő(k)re:
Ez a cikk nem kapcsolódik egyetlen konkrét termékhez sem.
Ez a cikk nem azonosítja az összes termékverziót.
Impact
High
Details
| Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
| CVE-2021-21601 | Dell EMC Data Protection Search, versions 19.4 and earlier, and IDPA, versions 2.6.1 and earlier, contain an Information Exposure in Log File Vulnerability in CIS. A local low privileged attacker may potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with the privileges of the compromised account. | 8.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
| Third-party Component | CVEs | More information |
| OpenSSL | CVE-2020-1971 | See NVD (http://nvd.nist.gov/) for individual scores for each CVE. |
| Grub2 | CVE-2020-14372 CVE-2020-25632 CVE-2020-25647 CVE-2020-27749 CVE-2020-27779 CVE-2021-20225 CVE-2021-20233 |
|
| SuSE | CVE-2020-28374 CVE-2020-36158 CVE-2020-27825 CVE-2020-0466 CVE-2020-27068 CVE-2020-0465 CVE-2020-0444 CVE-2020-29660 CVE-2020-29661 CVE-2020-27777 CVE-2019-20934 CVE-2020-27786 CVE-2020-4788 CVE-2018-20669 |
|
| Oracle JRE | CVE-2020-14803 CVE-2020-14792 CVE-2020-14781 CVE-2020-14782 CVE-2020-14797 CVE-2020-14779 CVE-2020-14796 CVE-2020-14798 CVE-2020-14803 CVE-2021-2161 CVE-2021-2163 |
https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixJAVA https://www.oracle.com/security-alerts/cpujan2021.html#AppendixJAVA https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixJAVA |
| Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
| CVE-2021-21601 | Dell EMC Data Protection Search, versions 19.4 and earlier, and IDPA, versions 2.6.1 and earlier, contain an Information Exposure in Log File Vulnerability in CIS. A local low privileged attacker may potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with the privileges of the compromised account. | 8.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
| Third-party Component | CVEs | More information |
| OpenSSL | CVE-2020-1971 | See NVD (http://nvd.nist.gov/) for individual scores for each CVE. |
| Grub2 | CVE-2020-14372 CVE-2020-25632 CVE-2020-25647 CVE-2020-27749 CVE-2020-27779 CVE-2021-20225 CVE-2021-20233 |
|
| SuSE | CVE-2020-28374 CVE-2020-36158 CVE-2020-27825 CVE-2020-0466 CVE-2020-27068 CVE-2020-0465 CVE-2020-0444 CVE-2020-29660 CVE-2020-29661 CVE-2020-27777 CVE-2019-20934 CVE-2020-27786 CVE-2020-4788 CVE-2018-20669 |
|
| Oracle JRE | CVE-2020-14803 CVE-2020-14792 CVE-2020-14781 CVE-2020-14782 CVE-2020-14797 CVE-2020-14779 CVE-2020-14796 CVE-2020-14798 CVE-2020-14803 CVE-2021-2161 CVE-2021-2163 |
https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixJAVA https://www.oracle.com/security-alerts/cpujan2021.html#AppendixJAVA https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixJAVA |
Érintett termékek és helyreállítás
| Product | Affected Versions | Updated Versions | Link to Update | ||
| Dell EMC Data Protection Search | Versions before 19.5 | 19.5 | https://dl.dell.com/downloads/DL104088_Search-19.5.0-upgrade-package.zip |
||
| Dell EMC Integrated Data Protection Appliance | Versions before 2.7 | 2.7 |
Expected release date August 2021. | ||
| Product | Affected Versions | Updated Versions | Link to Update | ||
| Dell EMC Data Protection Search | Versions before 19.5 | 19.5 | https://dl.dell.com/downloads/DL104088_Search-19.5.0-upgrade-package.zip |
||
| Dell EMC Integrated Data Protection Appliance | Versions before 2.7 | 2.7 |
Expected release date August 2021. | ||
Megkerülési lehetőségek és kockázatcsökkentés
None.
Revision History
| Revision | Date | Description |
| 1.0 | 2021-07-22 | Initial Release |
| 1.1 | 2021-11-03 | Updated Product Tagging |
Related Information
Jogi nyilatkozat
Érintett termékek
Data Protection Search, PowerProtect Data Protection Software, Integrated Data Protection Appliance Family, PowerProtect Data Protection Hardware, Integrated Data Protection Appliance Software, Product Security InformationTermék tulajdonságai
Article Number: 000189555
Article Type: Dell Security Advisory
Utoljára módosítva: 04 nov. 2021
Választ kaphat kérdéseire más Dell-felhasználóktól
Támogatási szolgáltatások
Ellenőrizze, hogy a készüléke rendelkezik-e támogatási szolgáltatással.