DSA-2024-279: Security Update for Data Protection Advisor for Multiple Vulnerabilities
요약: Data Protection Advisor remediation is available for multiple vulnerabilities that could be exploited by malicious users to compromise the affected system.
이 문서는 다음에 적용됩니다.
이 문서는 다음에 적용되지 않습니다.
이 문서는 특정 제품과 관련이 없습니다.
모든 제품 버전이 이 문서에 나와 있는 것은 아닙니다.
영향
Critical
세부 정보
| Third-party Component | CVEs | More Information |
|---|---|---|
|
Oracle Java SE (JRE8u411) |
CVE-2024-21892, CVE-2023-41993, CVE-2024-20954, CVE-2024-21098, CVE-2024-21085, CVE-2024-21011, CVE-2024-21068, CVE-2024-21094, CVE-2024-21012, CVE-2024-21003, CVE-2024-21005, CVE-2024-21002, CVE-2024-21004 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/  |
|
jackson-databind |
CVE-2020-25649, CVE-2020-36518, CVE-2022-42003, CVE-2022-42004, CVE-2021-46877, CVE-2023-35116 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2024-28974 | Dell Data Protection Advisor, version(s) 19.9, contain(s) an Inadequate Encryption Strength vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service. | 7.6 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2024-28974 | Dell Data Protection Advisor, version(s) 19.9, contain(s) an Inadequate Encryption Strength vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service. | 7.6 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H |
영향을 받는 제품 및 문제 해결
| CVEs Addressed | Product | Affected Versions | Remediated Versions | Link |
|---|---|---|---|---|
| CVE-2024-21892, CVE-2023-41993, CVE-2024-20954, CVE-2024-21098, CVE-2024-21085, CVE-2024-21011, CVE-2024-21068, CVE-2024-21094, CVE-2024-21012, CVE-2024-21003, CVE-2024-21005, CVE-2024-21002, CVE-2024-21004, CVE-2024-28974, CVE-2020-25649, CVE-2020-36518, CVE-2022-42003, CVE-2022-42004, CVE-2021-46877, CVE-2023-35116 | Dell Protection Advisor | Versions 19.7,19.8,19.9 and 19.10 | Version Data Protection Advisor Agent 19.10 - Build 46 |
https://www.dell.com/support/home/product-support/product/data-protection-advisor/drivers |
| CVE-2024-21892, CVE-2023-41993, CVE-2024-20954, CVE-2024-21098, CVE-2024-21085, CVE-2024-21011, CVE-2024-21068, CVE-2024-21094, CVE-2024-21012, CVE-2024-21003, CVE-2024-21005, CVE-2024-21002, CVE-2024-21004, CVE-2024-28974, CVE-2020-25649, CVE-2020-36518, CVE-2022-42003, CVE-2022-42004, CVE-2021-46877, CVE-2023-35116 | Dell PowerProtect DP Series Appliance (Integrated Data Protection Appliance) | Versions 2.7.0 through 2.7.6 | Version IDPA 2.7.7 | https://dl.dell.com/downloads/NGXWR_PowerProtect-DP-Series-IDPA-2.7.7-Upgrade-for-DP4400-and-DP5900-Appliances.gz |
| CVEs Addressed | Product | Affected Versions | Remediated Versions | Link |
|---|---|---|---|---|
| CVE-2024-21892, CVE-2023-41993, CVE-2024-20954, CVE-2024-21098, CVE-2024-21085, CVE-2024-21011, CVE-2024-21068, CVE-2024-21094, CVE-2024-21012, CVE-2024-21003, CVE-2024-21005, CVE-2024-21002, CVE-2024-21004, CVE-2024-28974, CVE-2020-25649, CVE-2020-36518, CVE-2022-42003, CVE-2022-42004, CVE-2021-46877, CVE-2023-35116 | Dell Protection Advisor | Versions 19.7,19.8,19.9 and 19.10 | Version Data Protection Advisor Agent 19.10 - Build 46 |
https://www.dell.com/support/home/product-support/product/data-protection-advisor/drivers |
| CVE-2024-21892, CVE-2023-41993, CVE-2024-20954, CVE-2024-21098, CVE-2024-21085, CVE-2024-21011, CVE-2024-21068, CVE-2024-21094, CVE-2024-21012, CVE-2024-21003, CVE-2024-21005, CVE-2024-21002, CVE-2024-21004, CVE-2024-28974, CVE-2020-25649, CVE-2020-36518, CVE-2022-42003, CVE-2022-42004, CVE-2021-46877, CVE-2023-35116 | Dell PowerProtect DP Series Appliance (Integrated Data Protection Appliance) | Versions 2.7.0 through 2.7.6 | Version IDPA 2.7.7 | https://dl.dell.com/downloads/NGXWR_PowerProtect-DP-Series-IDPA-2.7.7-Upgrade-for-DP4400-and-DP5900-Appliances.gz |
The Affected Products and Remediation table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
- Dell recommends that you always upgrade to the latest release/version for your product.
- To schedule platform security patch installation, or to upgrade your server or for upgrade of other Appliance Models (not DP4400 or DP5900) kindly contact DELL Customer Support at https://www.dell.com/support/home/en-us/
개정 내역
| Revision | Date | Description |
| 1.0 | 2024-06-27 | Initial Release |
| 2.0 | 2024-07-04 | Updated for enhanced format presentation with no change to content |
| 3.0 | 2024-10-07 | Updated "AFFECTED PRODUCTS AND REMEDIATION" section as Version IDPA 2.7.7 is released |
| 4.0 | 2024-10-08 | Updated Note in Affected Products and Remediation Section |
관련 정보
법적 고지 사항
해당 제품
PowerProtect Data Protection Appliance, Data Protection Advisor, PowerProtect Data Protection Software, Integrated Data Protection Appliance Family, PowerProtect Data Protection Hardware, Integrated Data Protection Appliance Software
, Product Security Information
...
문서 속성
문서 번호: 000226456
문서 유형: Dell Security Advisory
마지막 수정 시간: 09 9월 2025
다른 Dell 사용자에게 질문에 대한 답변 찾기
지원 서비스
디바이스에 지원 서비스가 적용되는지 확인하십시오.