Ga naar hoofdinhoud
  • Snel en eenvoudig bestellen
  • Bestellingen en de verzendstatus bekijken
  • Een lijst met producten maken en openen
  • Beheer uw Dell EMC locaties, producten en contactpersonen op productniveau met Company Administration.

Artikelnummer: 000189555


DSA-2021-147: Dell EMC Data Protection Search and Dell EMC PowerProtect Data Protection Security Update for Multiple Vulnerabilities

Samenvatting: Dell EMC Data Protection Search and Dell EMC PowerProtect Data Protection remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system. ...

Article content


Impact

High

Gegevens

 
Proprietary Code CVE Description CVSS Base Score CVSS Vector String
CVE-2021-21601 Dell EMC Data Protection Search, versions 19.4 and earlier, and IDPA, versions 2.6.1 and earlier, contain an Information Exposure in Log File Vulnerability in CIS. A local low privileged attacker may potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with the privileges of the compromised account. 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
 
Third-party Component  CVEs More information
OpenSSL CVE-2020-1971 See NVD (http://nvd.nist.gov/) for individual scores for each CVE.
Grub2 CVE-2020-14372
CVE-2020-25632
CVE-2020-25647
CVE-2020-27749
CVE-2020-27779
CVE-2021-20225
CVE-2021-20233
SuSE CVE-2020-28374
CVE-2020-36158
CVE-2020-27825
CVE-2020-0466
CVE-2020-27068
CVE-2020-0465
CVE-2020-0444
CVE-2020-29660
CVE-2020-29661
CVE-2020-27777
CVE-2019-20934
CVE-2020-27786
CVE-2020-4788
CVE-2018-20669
Oracle JRE CVE-2020-14803
CVE-2020-14792
CVE-2020-14781
CVE-2020-14782
CVE-2020-14797
CVE-2020-14779
CVE-2020-14796
CVE-2020-14798
CVE-2020-14803
CVE-2021-2161
CVE-2021-2163
https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixJAVA

https://www.oracle.com/security-alerts/cpujan2021.html#AppendixJAVA

https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixJAVA

 
Proprietary Code CVE Description CVSS Base Score CVSS Vector String
CVE-2021-21601 Dell EMC Data Protection Search, versions 19.4 and earlier, and IDPA, versions 2.6.1 and earlier, contain an Information Exposure in Log File Vulnerability in CIS. A local low privileged attacker may potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with the privileges of the compromised account. 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
 
Third-party Component  CVEs More information
OpenSSL CVE-2020-1971 See NVD (http://nvd.nist.gov/) for individual scores for each CVE.
Grub2 CVE-2020-14372
CVE-2020-25632
CVE-2020-25647
CVE-2020-27749
CVE-2020-27779
CVE-2021-20225
CVE-2021-20233
SuSE CVE-2020-28374
CVE-2020-36158
CVE-2020-27825
CVE-2020-0466
CVE-2020-27068
CVE-2020-0465
CVE-2020-0444
CVE-2020-29660
CVE-2020-29661
CVE-2020-27777
CVE-2019-20934
CVE-2020-27786
CVE-2020-4788
CVE-2018-20669
Oracle JRE CVE-2020-14803
CVE-2020-14792
CVE-2020-14781
CVE-2020-14782
CVE-2020-14797
CVE-2020-14779
CVE-2020-14796
CVE-2020-14798
CVE-2020-14803
CVE-2021-2161
CVE-2021-2163
https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixJAVA

https://www.oracle.com/security-alerts/cpujan2021.html#AppendixJAVA

https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixJAVA

Dell Technologies raadt aan dat alle klanten rekening houden met zowel de basisscore van CVSS als alle relevante tijdelijke en omgevingsscores die gevolgen kunnen hebben voor de mogelijke ernst van de specifieke beveiligingsproblemen.

Getroffen producten en herstel

Product Affected Versions Updated Versions Link to Update
Dell EMC Data Protection Search Versions before 19.5 19.5 https://dl.dell.com/downloads/DL104088_Search-19.5.0-upgrade-package.zip
 
Dell EMC Integrated Data Protection Appliance Versions before 2.7

2.7
Expected release date August 2021.  
Product Affected Versions Updated Versions Link to Update
Dell EMC Data Protection Search Versions before 19.5 19.5 https://dl.dell.com/downloads/DL104088_Search-19.5.0-upgrade-package.zip
 
Dell EMC Integrated Data Protection Appliance Versions before 2.7

2.7
Expected release date August 2021.  

Tijdelijke oplossingen en beperkingen

None.

Revisiegeschiedenis

RevisionDateDescription
1.02021-07-22Initial Release
1.12021-11-03Updated Product Tagging

Verwante informatie

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide


Artikeleigenschappen


Getroffen product

Data Protection Search, PowerProtect Data Protection Software, Integrated Data Protection Appliance Family, PowerProtect Data Protection Hardware, Integrated Data Protection Appliance Software, Product Security Information

Datum laatst gepubliceerd

04 nov 2021

Versie

4

Artikeltype

Dell Security Advisory