DSA-2024-107: Security Update for Data Protection Advisor Multiple Vulnerabilities.
概要: Data Protection Advisor remediation is available for multiple vulnerabilities that could be exploited by malicious users to compromise the affected system.
この記事は次に適用されます:
この記事は次には適用されません:
この記事は、特定の製品に関連付けられていません。
すべての製品パージョンがこの記事に記載されているわけではありません。
影響
Critical
詳細
| Third-party Component | CVEs | More Information |
|---|---|---|
| Apache Tomcat | CVE-2016-6816, CVE-2016-8735, CVE-2017-5647, CVE-2017-5648, CVE-2017-5650, CVE-2017-5651, CVE-2017-5664, CVE-2016-6817, CVE-2016-8745, CVE-2017-7674, CVE-2017-7675, CVE-2017-12617, CVE-2018-1305, CVE-2018-1304, CVE-2018-8014, CVE-2018-8034, CVE-2018-1336, CVE-2018-8037, CVE-2018-11784, CVE-2019-0199, CVE-2019-0232, CVE-2019-2684, CVE-2019-0221, CVE-2019-10072, CVE-2019-17563, CVE-2019-12418, CVE-2020-1935, CVE-2020-1938, CVE-2020-11996, CVE-2020-13934, CVE-2020-13935, CVE-2020-13943, CVE-2021-30640, CVE-2021-33037, CVE-2021-43980, CVE-2023-28708, CVE-2023-41080, CVE-2023-42795, CVE-2023-45648 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/  |
| Spring Framework | CVE-2016-9878, CVE-2018-1199, CVE-2018-1270, CVE-2018-1271, CVE-2018-1272, CVE-2018-1275, CVE-2018-1257, CVE-2018-11039, CVE-2018-11040, CVE-2018-15756, CVE-2020-5421, CVE-2022-22950, CVE-2022-22968, CVE-2022-22970, CVE-2022-22971, CVE-2023-20861, CVE-2023-20863 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
| Spring Boot | CVE-2017-8046, CVE-2018-1196, CVE-2022-27772, CVE-2022-22965, CVE-2023-20873, CVE-2023-20883, CVE-2023-34055 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
| SnakeYAML | CVE-2017-18640, CVE-2022-38749, CVE-2022-38750, CVE-2022-38751, CVE-2022-38752, CVE-2022-41854 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
| Webpack | CVE-2023-28154 | NVD - CVE-2023-28154 (nist.gov) |
| Loader-utils | CVE-2022-37599, CVE-2022-37601, CVE-2022-37603 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
| http-cache-semantics | CVE-2022-25881 | NVD - CVE-2022-25881 (nist.gov) |
| json5 | CVE-2022-46175 | NVD - CVE-2022-46175 (nist.gov) |
| terser | CVE-2022-25858 | NVD - CVE-2022-25858 (nist.gov) |
| Moment | CVE-2022-31129 | NVD - CVE-2022-31129 (nist.gov) |
| Oracle Java 8u391 | CVE-2023-22025, CVE-2023-22067, CVE-2023-22081 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
影響を受ける製品と修復
| Product | Affected Version | Remediated Versions | Link |
|---|---|---|---|
| Dell Protection Advisor | Version 19.9 | Version 19.10 | https://www.dell.com/support/home/product-support/product/data-protection-advisor/drivers |
| Integrated Data Protection Appliance (PowerProtect DP Series) | Version 2.7.6 | Version 2.7.6 with DPA 19.10 patch build 22 | Link to PowerProtect DP Series Software 2.7.6 https://www.dell.com/support/home/product-support/product/integrated-data-protection-appliance/drivers Link to DPA 19.10 patch build 22 https://www.dell.com/support/home/product-support/product/data-protection-advisor/drivers DPA out of band upgrade KB https://www.dell.com/support/kbdoc/en-ie/000205649/powerprotect-dp-series-appliance-and-idpa-steps-to-upgrade-dpa-or-data-protection-advisor-component-out-of-band-within-the-appliance |
| Product | Affected Version | Remediated Versions | Link |
|---|---|---|---|
| Dell Protection Advisor | Version 19.9 | Version 19.10 | https://www.dell.com/support/home/product-support/product/data-protection-advisor/drivers |
| Integrated Data Protection Appliance (PowerProtect DP Series) | Version 2.7.6 | Version 2.7.6 with DPA 19.10 patch build 22 | Link to PowerProtect DP Series Software 2.7.6 https://www.dell.com/support/home/product-support/product/integrated-data-protection-appliance/drivers Link to DPA 19.10 patch build 22 https://www.dell.com/support/home/product-support/product/data-protection-advisor/drivers DPA out of band upgrade KB https://www.dell.com/support/kbdoc/en-ie/000205649/powerprotect-dp-series-appliance-and-idpa-steps-to-upgrade-dpa-or-data-protection-advisor-component-out-of-band-within-the-appliance |
The Affected Products and Remediation table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
- Dell recommends that you always upgrade to the latest release/version for your product
- To schedule platform security patch installation, or to upgrade your server, contact Dell Customer Support at https://www.dell.com/support/home/en-us/.
変更履歴
| Revision | Date | Description |
| 1.0 | 2024-02-29 | Initial Release |
| 2.0 | 2024-04-02 | Added "Integrated Data Protection Appliance (PowerProtect DP Series)" product under "Affected Products and Remediation" section |
| 3.0 | 2024-04-04 | Updated for enhanced format presentation with no change to content |
関連情報
法的免責事項
対象製品
Data Protection Advisor, PowerProtect Data Protection Software, Integrated Data Protection Appliance Family, Integrated Data Protection Appliance Software, Product Security Information文書のプロパティ
文書番号: 000222618
文書の種類: Dell Security Advisory
最終更新: 09 9月 2025
質問に対する他のDellユーザーからの回答を見つける
サポート サービス
お使いのデバイスがサポート サービスの対象かどうかを確認してください。