DSA-2026-158: Security Update Dell PowerProtect Data Manager for Multiple Security Vulnerabilities
Riepilogo: Dell PowerProtect Data Manager remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
Questo articolo si applica a
Questo articolo non si applica a
Questo articolo non è legato a un prodotto specifico.
Non tutte le versioni del prodotto sono identificate in questo articolo.
Impatto
Critical
Dettagli
|
Third-party Component |
CVEs |
More Information |
|
PPDM Core: Logback |
CVE-2025-11226, CVE-2024-12801, CVE-2024-12798 |
|
|
Apache Tomcat |
CVE-2025-61795 |
|
|
Spring Framework |
CVE-2025-22235, CVE-2025-41249, CVE-2025-22233 |
|
|
Spring Security |
CVE-2025-22228 |
|
|
Apache Commons FileUpload |
CVE-2025-48976 |
|
|
json-smart |
CVE-2024-57699 |
|
|
reactor-netty |
CVE-2025-22227 |
|
|
Apache Log4j |
CVE-2025-68161 |
|
|
AssertJ - Fluent Assertions for Java |
CVE-2026-24400 |
|
|
PPDM Reporting: Infinispan |
CVE-2025-5731 |
|
|
Logback |
CVE-2025-11226 |
|
|
Netty Project |
CVE-2025-59419 |
|
|
OpenSSH |
CVE-2016-20012, CVE-2020-14145, CVE-2021-28041, CVE-2021-36368, CVE-2023-38408, CVE-2023-48795, CVE-2025-26465 |
|
|
Spring Framework |
CVE-2025-41254 |
|
|
XMLUnit |
CVE-2024-31573 |
|
|
Angular |
CVE-2025-59052 |
|
|
brace-expansion |
CVE-2025-5889 |
|
|
crypto/tls |
CVE-2025-68121 |
|
|
Operating System (OS) |
CVE-2026-0672, CVE-2026-0865, CVE-2026-0861, CVE-2026-0915, CVE-2026-22695, CVE-2026-22801, CVE-2026-25646, CVE-2026-24882, CVE-2026-22795, CVE-2026-22796, CVE-2025-11187, CVE-2025-15467, CVE-2025-15468, CVE-2025-15469, CVE-2025-66199, CVE-2025-68160, CVE-2025-69418, CVE-2025-69419, CVE-2025-69420, CVE-2025-69421, CVE-2026-26157, CVE-2026-26158, CVE-2026-23490, CVE-2026-21925, CVE-2026-21932, CVE-2026-21933, CVE-2026-21945, CVE-2025-40257, CVE-2025-40259, CVE-2025-68284, CVE-2025-68285, CVE-2025-68775, CVE-2025-68813, CVE-2025-71085, CVE-2026-22999, CVE-2026-23001, CVE-2026-23010 |
|
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
|
CVE-2026-28266 |
Dell PowerProtect Agent Service, version(s) prior to 20.1, contain(s) a Weak Encoding for Password vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access. |
7.1 |
|
|
CVE-2026-28264 |
|
3.3 |
|
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
|
CVE-2026-28266 |
Dell PowerProtect Agent Service, version(s) prior to 20.1, contain(s) a Weak Encoding for Password vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access. |
7.1 |
|
|
CVE-2026-28264 |
|
3.3 |
Prodotti interessati e correzione
|
Product |
Affected Versions |
Remediated Versions |
Link |
|
Dell PowerProtect Data Manager |
Versions prior to 20.1.0.0 |
Version 20.1.0.0 or later |
|
Product |
Affected Versions |
Remediated Versions |
Link |
|
Dell PowerProtect Data Manager |
Versions prior to 20.1.0.0 |
Version 20.1.0.0 or later |
Cronologia delle revisioni
|
Revision |
Date |
Description |
|
1.0 |
2026-04-01 |
Initial Release |
|
2.0 |
2026-04-04 |
Updated for enhanced presentation |
|
3.0 |
2026-04-07 |
Updated the Third Party Components section to include CVE-2025-68121 |
|
4.0 |
2026-04-14 |
Updated the Proprietary Code section to included CVE-2026-28266 |
Informazioni correlate
Dichiarazione di non responsabilità
Prodotti interessati
PowerProtect Data Manager Appliance, PowerProtect Data Manager, PowerProtect Data Manager Essentials, PowerProtect Data Manager SoftwareProprietà dell'articolo
Numero articolo: 000447277
Tipo di articolo: Dell Security Advisory
Ultima modifica: 14 apr 2026
Trova risposta alle tue domande dagli altri utenti Dell
Support Services
Verifica che il dispositivo sia coperto dai Servizi di supporto.