Impact
High
Gegevens
| Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
| CVE-2021-43588 |
Dell EMC Data Protection Central version 19.5 contains an Improper Input Validation Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to denial of service. |
4.3 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
| CVE-2021-36349 |
Dell EMC Data Protection Central versions 19.5 and earlier contain a Server Side Request Forgery vulnerability in the DPC DNS client processing. A remote malicious user may potentially exploit this vulnerability, allowing port scanning of external hosts. |
4.3 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
| Third-party Component |
CVEs |
More information |
| ntp |
CVE-2016-9310 |
See NVD (http://nvd.nist.gov/) for individual scores for each CVE |
| Apache CXF |
CVE-2021-30468 |
| CVE-2021-22696 |
| CVE-2020-13954 |
| OpenSSL |
CVE-2021-3712 |
| Apache HttpClient |
CVE-2014-3577 |
| CVE-2012-5783 |
| CVE-2020-13956 |
| CVE-2015-5262 |
| CVE-2012-6153 |
| Spring Framework |
CVE-2021-22118 |
| Cron-utils |
CVE-2020-26238 |
| Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
| CVE-2021-43588 |
Dell EMC Data Protection Central version 19.5 contains an Improper Input Validation Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to denial of service. |
4.3 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
| CVE-2021-36349 |
Dell EMC Data Protection Central versions 19.5 and earlier contain a Server Side Request Forgery vulnerability in the DPC DNS client processing. A remote malicious user may potentially exploit this vulnerability, allowing port scanning of external hosts. |
4.3 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
| Third-party Component |
CVEs |
More information |
| ntp |
CVE-2016-9310 |
See NVD (http://nvd.nist.gov/) for individual scores for each CVE |
| Apache CXF |
CVE-2021-30468 |
| CVE-2021-22696 |
| CVE-2020-13954 |
| OpenSSL |
CVE-2021-3712 |
| Apache HttpClient |
CVE-2014-3577 |
| CVE-2012-5783 |
| CVE-2020-13956 |
| CVE-2015-5262 |
| CVE-2012-6153 |
| Spring Framework |
CVE-2021-22118 |
| Cron-utils |
CVE-2020-26238 |
Dell Technologies raadt aan dat alle klanten rekening houden met zowel de basisscore van CVSS als alle relevante tijdelijke en omgevingsscores die gevolgen kunnen hebben voor de mogelijke ernst van de specifieke beveiligingsproblemen.
Getroffen producten en herstel
| Product |
Affected Versions |
Updated Versions |
Link to Update |
| Dell EMC Data Protection Central |
Versions before 19.6 |
19.6 |
Link |
Dell EMC Integrated Data Protection Appliance (PowerProtect DP Series) |
Versions before 2.7.2 |
2.7.2 |
|
| Product |
Affected Versions |
Updated Versions |
Link to Update |
| Dell EMC Data Protection Central |
Versions before 19.6 |
19.6 |
Link |
Dell EMC Integrated Data Protection Appliance (PowerProtect DP Series) |
Versions before 2.7.2 |
2.7.2 |
|
Revisiegeschiedenis
| Revision | Date | Description |
| 1.0 | 2021/01/10 | Initial Release |
| 1.1 | 2021/01/21 | Corrected CVE Identifier |
| 1.2 | 2022-03-02 | Added Dell EMC Integrated Data Protection Appliance (PowerProtect DP Series) as affected product |
Verwante informatie
Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide