DSA-2021-125: Dell EMC NetWorker Security Update for Multiple Vulnerabilities
Samenvatting: Dell EMC NetWorker remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.
Dit artikel is van toepassing op
Dit artikel is niet van toepassing op
Dit artikel is niet gebonden aan een specifiek product.
Niet alle productversies worden in dit artikel vermeld.
Impact
Medium
Gegevens
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2021-21600 | Dell NetWorker 19.4 or earlier contains an uncontrolled resource consumption flaw in its API service. An authorized API user may potentially exploit this vulnerability using the web and desktop user interfaces, leading to denial of service in the manageability path. | 6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
| Third-Party Component | CVEs | More Information |
| OpenSSL | CVE-2020-1971 | See NVD (http://nvd.nist.gov/) for individual scores for each CVE. |
| Apache Tomcat | CVE-2020-1935 | |
| CVE-2021-24122 |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2021-21600 | Dell NetWorker 19.4 or earlier contains an uncontrolled resource consumption flaw in its API service. An authorized API user may potentially exploit this vulnerability using the web and desktop user interfaces, leading to denial of service in the manageability path. | 6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
| Third-Party Component | CVEs | More Information |
| OpenSSL | CVE-2020-1971 | See NVD (http://nvd.nist.gov/) for individual scores for each CVE. |
| Apache Tomcat | CVE-2020-1935 | |
| CVE-2021-24122 |
Getroffen producten en herstel
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2021-21600 | Dell EMC NetWorker | 18.x, 19.1.x, 19.2.x 19.3.x, and 19.4.x prior to 19.4.0.4. |
|
https://www.dell.com/support/home/en-in/product-support/product/networker/drivers |
| CVE-2020-1971 | 18.x, 19.1.x, 19.2.x 19.3.x, and 19.4.x. | 19.5.0 and later. | ||
| CVE-2020-1935 | ||||
| CVE-2021-24122 |
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2021-21600 | Dell EMC NetWorker | 18.x, 19.1.x, 19.2.x 19.3.x, and 19.4.x prior to 19.4.0.4. |
|
https://www.dell.com/support/home/en-in/product-support/product/networker/drivers |
| CVE-2020-1971 | 18.x, 19.1.x, 19.2.x 19.3.x, and 19.4.x. | 19.5.0 and later. | ||
| CVE-2020-1935 | ||||
| CVE-2021-24122 |
Revisiegeschiedenis
| Revision | Date | Description |
| 1.0 | 2021-07-20 | Initial Release |
| 1.1 | 2021-09-02 | Updated "Affected Products and Remediation" Section |
Bevestigingen
CVE-2021-21600: Dell Technologies would like to thank J-M Roth for reporting this issue.
Verwante informatie
Juridische verklaring van afstand
Getroffen producten
NetWorker, Product Security InformationArtikeleigenschappen
Artikelnummer: 000189694
Artikeltype: Dell Security Advisory
Laatst aangepast: 02 sep. 2021
Vind antwoorden op uw vragen via andere Dell gebruikers
Support Services
Controleer of uw apparaat wordt gedekt door Support Services.