DSA-2025-071: Security update for Dell Avamar for Multiple Component Vulnerabilities.
요약: Dell Avamar remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
이 문서는 다음에 적용됩니다.
이 문서는 다음에 적용되지 않습니다.
이 문서는 특정 제품과 관련이 없습니다.
모든 제품 버전이 이 문서에 나와 있는 것은 아닙니다.
영향
Critical
세부 정보
|
Third-party Component |
CVEs |
More Information |
|
The FreeType Project |
CVE-2022-27404, CVE-2017-10672 |
See NVD link below for individual scores for each CVE. |
|
Dozer |
CVE-2014-9515 |
|
|
OpenSSH |
CVE-2023-38408 |
|
|
Curl |
CVE-2018-0500, CVE-2018-14618, CVE-2018-16839, CVE-2018-16842, CVE-2019-3822, CVE-2019-5481 |
See NVD link below for individual scores for each CVE. |
|
jackson-databind |
CVE-2019-14379, CVE-2019-14540, CVE-2019-16335, CVE-2019-16942, CVE-2019-16943, CVE-2019-17267, CVE-2019-17531, CVE-2019-20330, CVE-2020-8840, CVE-2020-9547, CVE-2020-9548, CVE-2020-10672, CVE-2020-10968, CVE-2020-10969, CVE-2020-11111, CVE-2020-11112, CVE-2020-11113, CVE-2020-11619, CVE-2020-11620, CVE-2020-14061, CVE-2020-14062, CVE-2020-14060, CVE-2020-14195, CVE-2020-25649 |
See NVD link below for individual scores for each CVE. |
|
POCO C++ Libraries |
CVE-2023-52389, CVE-2017-1000472 |
See NVD link below for individual scores for each CVE. |
|
mailx |
CVE-2014-7844 |
|
|
OpenSSL |
CVE-2011-4109 |
|
|
file |
CVE-2019-18218 |
|
|
TestNG |
CVE-2022-4065 |
|
|
Linux Kernel |
CVE-2017-1000112 |
|
|
Cyrus SASL |
CVE-2019-19906, CVE-2022-24407, CVE-2013-4122 |
See NVD link below for individual scores for each CVE. |
|
libffi |
CVE-2017-1000376 |
|
|
Gstreamer |
CVE-2021-3497, CVE-2021-3498, CVE-2022-1924, CVE-2022-1920, CVE-2022-1921, CVE-2022-1925, CVE-2022-2122, CVE-2021-3522, CVE-2006-4339, CVE-2022-1922, CVE-2022-1923 |
See NVD link below for individual scores for each CVE. |
|
e2fsprogs |
CVE-2019-5188 |
|
|
elfutils |
CVE-2018-18520 |
|
|
JBIG-KIT lossless image compression library 2 |
CVE-2013-6369 |
|
|
Jetty: Java based HTTP/1.x, HTTP/2, Servlet, WebSocket Server |
CVE-2021-34429 |
|
|
libpng |
CVE-2019-7317 |
|
|
LibYAML |
CVE-2014-9130 |
|
|
mutt |
CVE-2022-1328 |
|
|
OpenSC |
CVE-2018-16391 |
|
|
libgcrypt |
CVE-2018-0495 |
|
|
pypi/setuptools |
CVE-2022-40897 |
|
|
RPM |
CVE-2021-35939 |
|
|
util-linux |
CVE-2022-0563 |
|
|
Apache James MIME4J |
CVE-2022-45787 |
|
|
Network Time Protocol project (NTP) |
CVE-2023-26555 |
|
|
Readline |
CVE-2014-2524 |
|
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
|
CVE-2025-21117 |
Dell Avamar, version 19.4 or later, contains an access token reuse vulnerability in the AUI. A low privileged local attacker could potentially exploit this vulnerability, leading to fully impersonating the user. |
6.6 |
|
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
|
CVE-2025-21117 |
Dell Avamar, version 19.4 or later, contains an access token reuse vulnerability in the AUI. A low privileged local attacker could potentially exploit this vulnerability, leading to fully impersonating the user. |
6.6 |
영향을 받는 제품 및 문제 해결
|
Product |
Software/Firmware |
Affected Versions |
Remediated Versions |
Link |
|
Dell Avamar Data Store Gen5A, Gen4T |
Dell Avamar operating system |
Versions 19.4, 19.7,19.8,19.9,19.10 and 19.10 SP1 |
Version 19.12 or later |
https://dl.dell.com/downloads/TCM61_Avamar-19.12-for-Server-and-AVE-Upgrades.avp |
|
Avamar Virtual Edition for VMware ESXi and vSphere |
Dell Avamar operating system |
Versions 19.4, 19.7,19.8,19.9,19.10 and 19.10 SP1 |
Version 19.12 or later |
https://dl.dell.com/downloads/1GK63_Avamar-19.12-Virtual-Edition-for-VMware-ESXi-and-vSphere.7z |
|
Avamar Virtual Edition for VMware vSphere only |
Dell Avamar operating system |
Versions 19.4, 19.7,19.8,19.9,19.10 and 19.10 SP1 |
Version 19.12 or later |
https://dl.dell.com/downloads/KF9JJ_Avamar-19.12-Virtual-Edition-for-VMware-vSphere-only.ova |
|
Avamar Virtual Edition for Hyper-V 2012 |
Dell Avamar operating system |
Versions 19.4, 19.7,19.8,19.9,19.10 and 19.10 SP1 |
Version 19.12 or later |
https://dl.dell.com/downloads/5X67J_Avamar-19.12-Virtual-Edition-for-Hyper-V-2012.7z |
|
Avamar Virtual Edition for Hyper-V 2012R2, Hyper-V 2016, and Hyper-V 2019 |
Dell Avamar operating system |
Versions 19.4, 19.7,19.8,19.9,19.10 and 19.10 SP1 |
Version 19.12 or later |
|
|
Avamar Virtual Edition for KVM/Open Stack KVM |
Dell Avamar operating system |
Versions 19.4, 19.7,19.8,19.9,19.10 and 19.10 SP1 |
Version 19.12 or later |
https://dl.dell.com/downloads/0CJC4_Avamar-19.12-Virtual-Edition-for-KVM-OpenStack-KVM.7z |
|
Product |
Software/Firmware |
Affected Versions |
Remediated Versions |
Link |
|
Dell Avamar Data Store Gen5A, Gen4T |
Dell Avamar operating system |
Versions 19.4, 19.7,19.8,19.9,19.10 and 19.10 SP1 |
Version 19.12 or later |
https://dl.dell.com/downloads/TCM61_Avamar-19.12-for-Server-and-AVE-Upgrades.avp |
|
Avamar Virtual Edition for VMware ESXi and vSphere |
Dell Avamar operating system |
Versions 19.4, 19.7,19.8,19.9,19.10 and 19.10 SP1 |
Version 19.12 or later |
https://dl.dell.com/downloads/1GK63_Avamar-19.12-Virtual-Edition-for-VMware-ESXi-and-vSphere.7z |
|
Avamar Virtual Edition for VMware vSphere only |
Dell Avamar operating system |
Versions 19.4, 19.7,19.8,19.9,19.10 and 19.10 SP1 |
Version 19.12 or later |
https://dl.dell.com/downloads/KF9JJ_Avamar-19.12-Virtual-Edition-for-VMware-vSphere-only.ova |
|
Avamar Virtual Edition for Hyper-V 2012 |
Dell Avamar operating system |
Versions 19.4, 19.7,19.8,19.9,19.10 and 19.10 SP1 |
Version 19.12 or later |
https://dl.dell.com/downloads/5X67J_Avamar-19.12-Virtual-Edition-for-Hyper-V-2012.7z |
|
Avamar Virtual Edition for Hyper-V 2012R2, Hyper-V 2016, and Hyper-V 2019 |
Dell Avamar operating system |
Versions 19.4, 19.7,19.8,19.9,19.10 and 19.10 SP1 |
Version 19.12 or later |
|
|
Avamar Virtual Edition for KVM/Open Stack KVM |
Dell Avamar operating system |
Versions 19.4, 19.7,19.8,19.9,19.10 and 19.10 SP1 |
Version 19.12 or later |
https://dl.dell.com/downloads/0CJC4_Avamar-19.12-Virtual-Edition-for-KVM-OpenStack-KVM.7z |
- The CVEs remedied by this security update are listed. The list not only have the new CVEs remedied by this update, but all the past CVEs included in this cumulative update. Due to dependencies on the above fixes, it cannot be backported.
- The OS Rollup 2024 R3 CVE is included in the 19.12 release. For further information on the OS Rollup 2024 R3 see. DSA-2024-433
- Dell recommends that you always upgrade to the latest release/version for your product.
- To schedule platform security patch installation, or to upgrade your server, contact Dell Customer Support at https://www.dell.com/support/home/product-support/product/avamar/drivers
- CVE-2014-9515 corresponding to Dozer Third Party Component is also remediated as a part of Version 19.10 SP1 corresponding to DSA-2024-280
개정 내역
|
Revision |
Date |
Description |
|
1.0 |
2025-02-05 |
Initial Release |
관련 정보
법적 고지 사항
해당 제품
Avamar, Avamar Client, Avamar Client for VMware, Avamar Client for Windows, Avamar Data Store, Avamar Data Store Gen4T, Avamar Data Store Gen5A, Avamar Desktop/Laptop Option, Avamar Plug-in for Hyper-V VSS, Avamar Plug-in for NDMP, Avamar Server
, Avamar Virtual Edition
...
문서 속성
문서 번호: 000281275
문서 유형: Dell Security Advisory
마지막 수정 시간: 09 9월 2025
다른 Dell 사용자에게 질문에 대한 답변 찾기
지원 서비스
디바이스에 지원 서비스가 적용되는지 확인하십시오.