DSA-2021-147: Dell EMC Data Protection Search and Dell EMC PowerProtect Data Protection Security Update for Multiple Vulnerabilities
概要: Dell EMC Data Protection Search and Dell EMC PowerProtect Data Protection remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system. ...
この記事は次に適用されます:
この記事は次には適用されません:
この記事は、特定の製品に関連付けられていません。
すべての製品パージョンがこの記事に記載されているわけではありません。
影響
High
詳細
| Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
| CVE-2021-21601 | Dell EMC Data Protection Search, versions 19.4 and earlier, and IDPA, versions 2.6.1 and earlier, contain an Information Exposure in Log File Vulnerability in CIS. A local low privileged attacker may potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with the privileges of the compromised account. | 8.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
| Third-party Component | CVEs | More information |
| OpenSSL | CVE-2020-1971 | See NVD (http://nvd.nist.gov/) for individual scores for each CVE. |
| Grub2 | CVE-2020-14372 CVE-2020-25632 CVE-2020-25647 CVE-2020-27749 CVE-2020-27779 CVE-2021-20225 CVE-2021-20233 |
|
| SuSE | CVE-2020-28374 CVE-2020-36158 CVE-2020-27825 CVE-2020-0466 CVE-2020-27068 CVE-2020-0465 CVE-2020-0444 CVE-2020-29660 CVE-2020-29661 CVE-2020-27777 CVE-2019-20934 CVE-2020-27786 CVE-2020-4788 CVE-2018-20669 |
|
| Oracle JRE | CVE-2020-14803 CVE-2020-14792 CVE-2020-14781 CVE-2020-14782 CVE-2020-14797 CVE-2020-14779 CVE-2020-14796 CVE-2020-14798 CVE-2020-14803 CVE-2021-2161 CVE-2021-2163 |
https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixJAVA https://www.oracle.com/security-alerts/cpujan2021.html#AppendixJAVA https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixJAVA |
| Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
| CVE-2021-21601 | Dell EMC Data Protection Search, versions 19.4 and earlier, and IDPA, versions 2.6.1 and earlier, contain an Information Exposure in Log File Vulnerability in CIS. A local low privileged attacker may potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with the privileges of the compromised account. | 8.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
| Third-party Component | CVEs | More information |
| OpenSSL | CVE-2020-1971 | See NVD (http://nvd.nist.gov/) for individual scores for each CVE. |
| Grub2 | CVE-2020-14372 CVE-2020-25632 CVE-2020-25647 CVE-2020-27749 CVE-2020-27779 CVE-2021-20225 CVE-2021-20233 |
|
| SuSE | CVE-2020-28374 CVE-2020-36158 CVE-2020-27825 CVE-2020-0466 CVE-2020-27068 CVE-2020-0465 CVE-2020-0444 CVE-2020-29660 CVE-2020-29661 CVE-2020-27777 CVE-2019-20934 CVE-2020-27786 CVE-2020-4788 CVE-2018-20669 |
|
| Oracle JRE | CVE-2020-14803 CVE-2020-14792 CVE-2020-14781 CVE-2020-14782 CVE-2020-14797 CVE-2020-14779 CVE-2020-14796 CVE-2020-14798 CVE-2020-14803 CVE-2021-2161 CVE-2021-2163 |
https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixJAVA https://www.oracle.com/security-alerts/cpujan2021.html#AppendixJAVA https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixJAVA |
影響を受ける製品と修復
| Product | Affected Versions | Updated Versions | Link to Update | ||
| Dell EMC Data Protection Search | Versions before 19.5 | 19.5 | https://dl.dell.com/downloads/DL104088_Search-19.5.0-upgrade-package.zip |
||
| Dell EMC Integrated Data Protection Appliance | Versions before 2.7 | 2.7 |
Expected release date August 2021. | ||
| Product | Affected Versions | Updated Versions | Link to Update | ||
| Dell EMC Data Protection Search | Versions before 19.5 | 19.5 | https://dl.dell.com/downloads/DL104088_Search-19.5.0-upgrade-package.zip |
||
| Dell EMC Integrated Data Protection Appliance | Versions before 2.7 | 2.7 |
Expected release date August 2021. | ||
回避策と緩和策
None.
変更履歴
| Revision | Date | Description |
| 1.0 | 2021-07-22 | Initial Release |
| 1.1 | 2021-11-03 | Updated Product Tagging |
関連情報
法的免責事項
対象製品
Data Protection Search, PowerProtect Data Protection Software, Integrated Data Protection Appliance Family, PowerProtect Data Protection Hardware, Integrated Data Protection Appliance Software, Product Security Information文書のプロパティ
文書番号: 000189555
文書の種類: Dell Security Advisory
最終更新: 04 11月 2021
質問に対する他のDellユーザーからの回答を見つける
サポート サービス
お使いのデバイスがサポート サービスの対象かどうかを確認してください。