Ga naar hoofdinhoud
  • Snel en eenvoudig bestellen
  • Bestellingen en de verzendstatus bekijken
  • Een lijst met producten maken en openen
  • Beheer uw Dell EMC locaties, producten en contactpersonen op productniveau met Company Administration.

Artikelnummer: 000195103


DSA-2021-262: Dell EMC Data Protection Central Security Update for Multiple Security Vulnerabilities

Samenvatting: Dell EMC Data Protection Central and Dell EMC Integrated Data Protection Appliance (PowerProtect DP Series) remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system. ...

Article content


Impact

High

Gegevens

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2021-43588 Dell EMC Data Protection Central version 19.5 contains an Improper Input Validation Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to denial of service. 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CVE-2021-36349 Dell EMC Data Protection Central versions 19.5 and earlier contain a Server Side Request Forgery vulnerability in the DPC DNS client processing. A remote malicious user may potentially exploit this vulnerability, allowing port scanning of external hosts. 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
 
Third-party Component CVEs More information
ntp CVE-2016-9310 See NVD (http://nvd.nist.gov/) for individual scores for each CVE
Apache CXF CVE-2021-30468
CVE-2021-22696
CVE-2020-13954
OpenSSL CVE-2021-3712
Apache HttpClient CVE-2014-3577
CVE-2012-5783
CVE-2020-13956
CVE-2015-5262
CVE-2012-6153
Spring Framework CVE-2021-22118
Cron-utils CVE-2020-26238
Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2021-43588 Dell EMC Data Protection Central version 19.5 contains an Improper Input Validation Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to denial of service. 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CVE-2021-36349 Dell EMC Data Protection Central versions 19.5 and earlier contain a Server Side Request Forgery vulnerability in the DPC DNS client processing. A remote malicious user may potentially exploit this vulnerability, allowing port scanning of external hosts. 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
 
Third-party Component CVEs More information
ntp CVE-2016-9310 See NVD (http://nvd.nist.gov/) for individual scores for each CVE
Apache CXF CVE-2021-30468
CVE-2021-22696
CVE-2020-13954
OpenSSL CVE-2021-3712
Apache HttpClient CVE-2014-3577
CVE-2012-5783
CVE-2020-13956
CVE-2015-5262
CVE-2012-6153
Spring Framework CVE-2021-22118
Cron-utils CVE-2020-26238
Dell Technologies raadt aan dat alle klanten rekening houden met zowel de basisscore van CVSS als alle relevante tijdelijke en omgevingsscores die gevolgen kunnen hebben voor de mogelijke ernst van de specifieke beveiligingsproblemen.

Getroffen producten en herstel

Product Affected Versions Updated Versions Link to Update
Dell EMC Data Protection Central Versions before 19.6 19.6 Link
Dell EMC Integrated Data Protection Appliance (PowerProtect DP Series)
 
Versions before 2.7.2 2.7.2  
Product Affected Versions Updated Versions Link to Update
Dell EMC Data Protection Central Versions before 19.6 19.6 Link
Dell EMC Integrated Data Protection Appliance (PowerProtect DP Series)
 
Versions before 2.7.2 2.7.2  

Revisiegeschiedenis

RevisionDateDescription
1.02021/01/10Initial Release
1.12021/01/21Corrected CVE Identifier
1.22022-03-02Added Dell EMC Integrated Data Protection Appliance (PowerProtect DP Series) as affected product

Verwante informatie

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide


Artikeleigenschappen


Getroffen product
Data Protection Central, PowerProtect DP4400, Data Protection Central, PowerProtect DP5300, PowerProtect DP5800, PowerProtect DP8300, PowerProtect DP8800, PowerProtect Data Protection Software, Integrated Data Protection Appliance Family , PowerProtect Data Protection Hardware, Integrated Data Protection Appliance Software, PowerProtect DD6400, PowerProtect DP5900, PowerProtect DP8400, PowerProtect DP8900, Product Security Information ...
Datum laatst gepubliceerd

02 mrt 2022

Versie

4

Artikeltype

Dell Security Advisory