DSA-2025-062: Security Update for Dell PowerProtect Data Manager Multiple Security Vulnerabilities

Riepilogo: Dell PowerProtect Data Manager remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Questo articolo si applica a Questo articolo non si applica a Questo articolo non è legato a un prodotto specifico. Non tutte le versioni del prodotto sono identificate in questo articolo.
Scopri le altre risorse

Impatto

Critical

Dettagli

Third Party Component

CVEs

More Information

Jetty: Java based HTTP/1.x, HTTP/2, Servlet, WebSocket Server9.4.53.20231009

CVE-2024-8184, CVE-2024-6763

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

Quartz Enterprise Job Scheduler2.3.2

CVE-2023-39017

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

rollup4.20.0

CVE-2024-47068

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

Request - Simple HTTP Client2.88.2

CVE-2023-28155

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

http-proxy-middleware2.0.6

CVE-2024-21536

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

Python Programming Language 3.11.9

CVE-2023-41105, CVE-2023-36632, CVE-2007-4559, CVE-2023-40217, CVE-2023-24329, CVE-2023-52425, CVE-2023-52426, CVE-2023-50782, CVE-2023-49083, CVE-2024-0727, CVE-2021-3711, CVE-2022-2068,CVE-2022-1292, CVE-2023-4807, CVE-2023-0215, CVE-2022-4450, CVE-2022-0778, CVE-2021-23840,CVE-2023-0464, CVE-2021-3450, CVE-2023-0286, CVE-2021-3712, CVE-2023-2650, CVE-2021-3449, CVE-2022-4304, CVE-2021-23841, CVE-2023-0466, CVE-2023-5678, CVE-2022-2097, CVE-2023-0465, CVE-2023-3817, CVE-2023-23931

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

zlib 1.3.1

CVE-2023-45853

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

java-17-openjdk 17.0.14

CVE-2024-21235, CVE-2024-21208, CVE-2024-21210, CVE-2024-21217, CVE-2025-21502

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

libcurl4, curl

CVE-2025-0725, CVE-2025-0167

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

golang.org/x/crypto/ssh

CVE-2024-45337

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

golang.org/x/net/html

CVE-2024-45338

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

logback-1.4.7

CVE-2023-6378

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

Spring framework 6.1.8

CVE-2024-38820

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

libxml2-2=2.9.14-150400.5.38.1

libxml2-tools=2.9.14-150400.5.38.1

CVE-2024-56171, CVE-2025-24928, CVE-2025-27113

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

ucode-intel=20250211-150200.53.1

CVE-2024-31068, CVE-2024-36293, CVE-2024-37020, CVE-2024-39355

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

kernel-default=5.14.21-150400.24.150.1

CVE-2024-50199, CVE-2024-53104, CVE-2024-53166, CVE-2024-53177, CVE-2024-56600, CVE-2024-56601, CVE-2024-56602, CVE-2024-56623, CVE-2024-56631, CVE-2024-56642, CVE-2024-56645, CVE-2024-56648, CVE-2024-56650, CVE-2024-56658, CVE-2024-56661, CVE-2024-56664, CVE-2024-56704, CVE-2024-56759, CVE-2024-57791, CVE-2024-57792, CVE-2024-57798, CVE-2024-57849, CVE-2024-57893, CVE-2024-57897

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

openssh-clients=8.4p1-150300.3.42.1

libxml2-tools=2.9.14-150400.5.38.1

openssh-fips=8.4p1-150300.3.42.1

openssh-server=8.4p1-150300.3.42.1

openssh=8.4p1-150300.3.42.1

CVE-2025-26465

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

emacs-info=27.2-150400.3.23.2

emacs-nox=27.2-150400.3.23.2

emacs=27.2-150400.3.23.2

etags=27.2-150400.3.23.2

CVE-2025-1244

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

libopenssl1_1-hmac=1.1.1l-150400.7.78.1

libopenssl1_1=1.1.1l-150400.7.78.1

openssl-1_1=1.1.1l-150400.7.78.1

CVE-2024-13176

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

libruby2_5-2_5=2.5.9-150000.4.36.1

ruby2.5-stdlib=2.5.9-150000.4.36.1

ruby2.5=2.5.9-150000.4.36.1

CVE-2024-47220, CVE-2024-49761

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

libpq5=17.4-150200.5.10.1

postgresql14-server=14.17-150200.5.55.1

postgresql14=14.17-150200.5.55.1

CVE-2025-1094

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

glibc-extra=2.31-150300.92.1

glibc-lang=2.31-150300.92.1

glibc-locale-base=2.31-150300.92.1

glibc-locale=2.31-150300.92.1

glibc=2.31-150300.92.1

CVE-2025-0395

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

bind-utils=9.16.50-150400.5.46.1

python3-bind=9.16.50-150400.5.46.1

CVE-2024-11187

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

libtasn1-6=4.13-150000.4.11.1

libtasn1=4.13-150000.4.11.1

CVE-2024-12133

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

curl=8.0.1-150400.5.62.1

libcurl4=8.0.1-150400.5.62.1

CVE-2024-11053, CVE-2025-0167, CVE-2025-0725

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

grub2-i386-pc=2.06-150400.11.55.2

grub2-snapper-plugin=2.06-150400.11.55.2

grub2-systemd-sleep-plugin=2.06-150400.11.55.2

grub2-x86_64-efi=2.06-150400.11.55.2

grub2=2.06-150400.11.55.2

CVE-2024-45774, CVE-2024-45775, CVE-2024-45776, CVE-2024-45777, CVE-2024-45778, CVE-2024-45779, CVE-2024-45780, CVE-2024-45781, CVE-2024-45782, CVE-2024-45783, CVE-2024-56737, CVE-2025-0622, CVE-2025-0624, CVE-2025-0677, CVE-2025-0678, CVE-2025-0684, CVE-2025-0685, CVE-2025-0686, CVE-2025-0689, CVE-2025-0690, CVE-2025-1118, CVE-2025-1125

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

 

Proprietary Code CVEs

Description

CVSS Base Score

CVSS Vector String

CVE-2025-23375

Dell PowerProtect Data Manager Reporting, version(s) 19.17, contain(s) an Incorrect Use of Privileged APIs vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

7.8

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.

CVE-2025-23376

Dell PowerProtect Data Manager Reporting, version(s) 19.16, 19.17, 19.18, contain(s) an Improper Neutralization of Special Elements Used in a Template Engine vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information disclosure.

2.3

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:NThis hyperlink is taking you to a website outside of Dell Technologies.

CVE-2025-23377

Dell PowerProtect Data Manager Reporting, version(s) 19.17, 19.18 contain(s) an Improper Encoding or Escaping of Output vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability to inject arbitrary web script or html in reporting outputs.

4.2

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:NThis hyperlink is taking you to a website outside of Dell Technologies.

CVE-2025-27691

Dell PowerProtect Agent Service, version(s) 19.16, 19.17, and 19.18, contain(s) a Plaintext Storage of a Password vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the Postgres, Oracle, and cache environments with privileges of the compromised account. 

7.5

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H This hyperlink is taking you to a website outside of Dell Technologies.

Proprietary Code CVEs

Description

CVSS Base Score

CVSS Vector String

CVE-2025-23375

Dell PowerProtect Data Manager Reporting, version(s) 19.17, contain(s) an Incorrect Use of Privileged APIs vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

7.8

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.

CVE-2025-23376

Dell PowerProtect Data Manager Reporting, version(s) 19.16, 19.17, 19.18, contain(s) an Improper Neutralization of Special Elements Used in a Template Engine vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information disclosure.

2.3

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:NThis hyperlink is taking you to a website outside of Dell Technologies.

CVE-2025-23377

Dell PowerProtect Data Manager Reporting, version(s) 19.17, 19.18 contain(s) an Improper Encoding or Escaping of Output vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability to inject arbitrary web script or html in reporting outputs.

4.2

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:NThis hyperlink is taking you to a website outside of Dell Technologies.

CVE-2025-27691

Dell PowerProtect Agent Service, version(s) 19.16, 19.17, and 19.18, contain(s) a Plaintext Storage of a Password vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the Postgres, Oracle, and cache environments with privileges of the compromised account. 

7.5

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H This hyperlink is taking you to a website outside of Dell Technologies.
Dell Technologies raccomanda a tutti i clienti di prendere in considerazione sia il punteggio base CVSS, sia ogni eventuale punteggio temporale o ambientale che possa avere effetti sul livello di gravità potenziale associato a una specifica vulnerabilità di sicurezza.

Prodotti interessati e correzione

Product

Software/Firmware

Affected Versions

Remediated Versions

Link

PowerProtect Data Manager

PowerProtect Data Manager Software 19.19.0-15

Versions 19.15.0 through 19.18.0-23

Version 19.19.0-15 or later

PowerProtect Data Manager 19.19.0-15 | Drivers & Downloads

Product

Software/Firmware

Affected Versions

Remediated Versions

Link

PowerProtect Data Manager

PowerProtect Data Manager Software 19.19.0-15

Versions 19.15.0 through 19.18.0-23

Version 19.19.0-15 or later

PowerProtect Data Manager 19.19.0-15 | Drivers & Downloads

Cronologia delle revisioni

Revision

Date

Description

1.0

2025-04-24

Initial Release

2.0

2025-04-24

Updated for enhanced presentation with no changes to content

3.0

2025-04-25

Updated for enhanced presentation with no changes to content

4.0

2025-05-07

Updated CVE Identifier and Third Party Components section to remove Node.js 22.13.0 references

5.0

2025-05-28

Updated the Proprietary Code section: Added CVE-2025-27691 details. 

Informazioni correlate

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Dichiarazione di non responsabilità

Prodotti interessati

PowerProtect Data Manager
Proprietà dell'articolo
Numero articolo: 000311083
Tipo di articolo: Dell Security Advisory
Ultima modifica: 28 mag 2025
Trova risposta alle tue domande dagli altri utenti Dell
Support Services
Verifica che il dispositivo sia coperto dai Servizi di supporto.