DSA-2025-075: Security Update for Dell Data Protection Advisor for Multiple Vulnerabilities

요약: Dell Data Protection Advisor remediation is available for multiple vulnerabilities that could be exploited by malicious users to compromise the affected system.

이 문서는 다음에 적용됩니다. 이 문서는 다음에 적용되지 않습니다. 이 문서는 특정 제품과 관련이 없습니다. 모든 제품 버전이 이 문서에 나와 있는 것은 아닙니다.
기타 리소스 확인

영향

Critical

세부 정보

Third-party Component CVEs More Information
Apache Avro CVE-2021-43045, CVE-2023-39410 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
Apache commons collections CVE-2015-7501 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
Apache commons compress CVE-2023-42503, CVE-2024-25710, CVE-2024-26308 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
Apache Mina SSHD Common support utilities CVE-2022-45047 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
Apache Mina SSHD Core CVE-2021-30129, CVE-2023-35887, CVE-2023-48795 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
Apache Tomcat CVE-2021-24122, CVE-2021-30640, CVE-2021-33037, CVE-2022-34305, CVE-2020-9484, CVE-2020-17527, CVE-2021-25122, CVE-2021-25329, CVE-2021-30639,CVE-2021-41079, CVE-2022-23181, CVE-2022-29885, CVE-2022-25762, CVE-2022-42252, CVE-2023-46589, CVE-2021-43980, CVE-2023-28708, CVE-2023-41080, CVE-2023-42795, CVE-2023-45648, CVE-2024-21733 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
Apache Velocity CVE-2020-13936 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
Apache Xerces CVE-2022-23437 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
Curl CVE-2023-38545 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
Dom4j CVE-2020-10683 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
Google-guava CVE-2023-2976, CVE-2020-8908 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
H2 Database Engine CVE-2022-45868 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
Java SE 8u421 CVE-2024-21235, CVE-2024-21217, CVE-2024-21210, CVE-2024-21208 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
Jboss REST Easy CVE-2016-9606, CVE-2020-25633 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
Jettison CVE-2022-40149, CVE-2022-40150, CVE-2022-45685, CVE-2022-45693, CVE-2023-1436 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
JGit CVE-2023-4759 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
Jsoup CVE-2021-37714, CVE-2022-36033 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
libcurl CVE-2023-27537, CVE-2023-38039 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
MySql Connector CVE-2023-22102, CVE-2023-21971 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
okHttp CVE-2018-20200 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
PostgreSQL driver CVE-2024-1597 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
Slf4j_ext CVE-2018-8088 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
SnakeYaml CVE-2022-41854, CVE-2022-38750,CVE-2022-38751, CVE-2022-38749, CVE-2022-25857, CVE-2022-1471, CVE-2022-38752 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
SSH CVE-2023-46445, CVE-2023-46446 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
Wildfly CVE-2020-14338 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
XML External Entity CVE-2014-3530 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

 

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2025-46699 Dell Data Protection Advisor, versions prior to 19.12, contains an Improper Neutralization of Special Elements Used in a Template Engine vulnerability in the Server. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure. 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NThis hyperlink is taking you to a website outside of Dell Technologies.

 

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2025-46699 Dell Data Protection Advisor, versions prior to 19.12, contains an Improper Neutralization of Special Elements Used in a Template Engine vulnerability in the Server. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure. 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NThis hyperlink is taking you to a website outside of Dell Technologies.

 

Dell Technologies는 모든 고객이 CVSS 기본 점수와 관련 임시 및 환경 점수를 모두 고려할 것을 권장합니다. 이 경우 특정 보안 취약성과 관련된 잠재적인 심각도에 영향을 미칠 수 있습니다.

영향을 받는 제품 및 문제 해결

Product Affected Versions Remediated Versions Link to Update
Data Protection Advisor Versions 19.9, 19.10 and 19.11 Version 19.12 or later Data Protection Advisor Downloads Area

 

Product Affected Versions Remediated Versions Link to Update
Data Protection Advisor Versions 19.9, 19.10 and 19.11 Version 19.12 or later Data Protection Advisor Downloads Area

 

Notes:

  1. Dell recommends that you always upgrade to the latest release/version for your product.
  2. To request the workaround files that remove the affected OpenSSL-dependent libraries, or to receive assistance with applying the workaround, please contact Dell Customer Support.

해결 방법 및 완화 방안

CVE ID Workaround and Mitigation

CVE-2024-5535, CVE-2023-3446

Pre-requisites: 

  • This workaround applies to Dell Data Protection Advisor (DPA), version 19.11 and later.
  • The HP Disk Array and HP Virtual Tape Library (VTL) endpoints must not be actively monitored by DPA.
  • The script must be executed by a user with system access and privileges to perform operations such as read, execute and delete files or execute shell or batch scripts.
  • The absolute paths to the _install and _uninstall directories of DPA on the host’s file system must be prepared and noted in advance, as they will be required during script execution. 
  • The appropriate script file for your operating system has been downloaded. The script helps remove OpenSSL 1.0.2 dependent libraries affected by CVE-2024-5535 and CVE-2023-3446.
    • Linux: Unbundle_openssl_102_Libs_From_DPA.sh
    • Windows: Unbundle_Openssl_102_Libs_From_DPA.bat 
 

For Linux: 

  1. Extract UnbundleScript_Openssl_102_Libs.zip to a temporary folder, using one either gunzip or unzip command.
  2. Grant execute permission to the script using the following CLI command: 
     # chmod 0777 unbundle_openssl_102_Libs_From_DPA 

  1. Execute the script and when prompted, provide the absolute path where _install and _uninstall DPA folders are present. Example: </opt/emc/dpa/>.

Note: Post execution the script will automatically remove libssl.so.1.0.0, libcrypto.so.1.0.0, dpaagent_modhparray, and dpaagent_modhpvls and exit. 

 

 

For Windows: 

  1. Extract UnbundleScript_Openssl_102_Libs.zip to a temporary folder using 7Zip software or any Windows supported zip software 
  2. Execute the script and when prompted, provide the absolute path where _install and _uninstall DPA folders are present. Example: <C:\Program Files\EMC\DPA>.
 

Note: Post execution of the script will automatically remove libeay32.dll, ssleay32.dll, dpaagent_modhparray.exe, dpaagent_modhpvls.exe and exit.

 

개정 내역

RevisionDateDescription
1.02025-02-06Initial Release
2.02025-06-11Minor updates related to workaround and formatting
3.02025-06-18Minor update related to workaround files availability
4.02026-01-21Major update to include CVE-2025-46699

 

관련 정보

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

법적 고지 사항

해당 제품

Data Protection Advisor, Data Protection Suite Series
문서 속성
문서 번호: 000281732
문서 유형: Dell Security Advisory
마지막 수정 시간: 21 1월 2026
다른 Dell 사용자에게 질문에 대한 답변 찾기
지원 서비스
디바이스에 지원 서비스가 적용되는지 확인하십시오.