DSA-2022-107: Dell Data Protection Advisor Security Update for Stored Cross Site Scripting Vulnerability
Resumo: Dell Data Protection Advisor (DPA) remediation is available for the Stored Cross Site Scripting Vulnerability that may be exploited by malicious users to compromise affected systems.
Este artigo aplica-se a
Este artigo não se aplica a
Este artigo não está vinculado a nenhum produto específico.
Nem todas as versões do produto estão identificadas neste artigo.
Impacto
Medium
Dados
| Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-33935 | Dell Data Protection Advisor versions 19.6 and earlier contains a Stored Cross Site Scripting vulnerability. An attacker may potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the web browser runs the malicious code in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
| Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-33935 | Dell Data Protection Advisor versions 19.6 and earlier contains a Stored Cross Site Scripting vulnerability. An attacker may potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the web browser runs the malicious code in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Produtos afetados e soluções
| Product | Affected Versions | Updated Version | Link to Update |
| Data Protection Advisor |
19.6 and earlier |
19.7 Build B4 | https://www.dell.com/support/home/product-support/product/data-protection-advisor/drivers |
| PowerProtect DP Series Appliance (IDPA) | IDPA 2.7.3 and earlier | IDPA 2.7.2 or IDPA 2.7.3 with DP Advisor 19.8 Build B33 patch |
Steps to upgrade: PowerProtect DP Series Appliance and IDPA: Steps to upgrade DPA or Data Protection Advisor component out of band within the appliance |
| Product | Affected Versions | Updated Version | Link to Update |
| Data Protection Advisor |
19.6 and earlier |
19.7 Build B4 | https://www.dell.com/support/home/product-support/product/data-protection-advisor/drivers |
| PowerProtect DP Series Appliance (IDPA) | IDPA 2.7.3 and earlier | IDPA 2.7.2 or IDPA 2.7.3 with DP Advisor 19.8 Build B33 patch |
Steps to upgrade: PowerProtect DP Series Appliance and IDPA: Steps to upgrade DPA or Data Protection Advisor component out of band within the appliance |
Histórico de revisão
| Revision | Date | Description |
| 1.0 | 2022-07-25 | Initial Release |
| 2.0 | 2023-03-06 | Added PowerProtect DP Series Appliance (IDPA) to Affected Products and Remediation section. |
| 3.0 | 2023-03-13 | Made some minor changes to links under "Link to Updates column" and Updated the "Affected Products" section under "Article Properties" |
| 4.0 | 2023-03-14 | Made changes to IDPA product-> "Link to Update" column |
| 5.0 | 2023-04-03 | Made changes to "Updated Version" & "Link to update" columns under "Affected Products and Remediation" section |
Informações relacionadas
Aviso de isenção legal
Produtos afetados
PowerProtect Data Protection Appliance, Data Protection Advisor, PowerProtect Data Protection Software, Integrated Data Protection Appliance Family, Integrated Data Protection Appliance Software, Product Security InformationPropriedades do artigo
Número do artigo: 000201824
Tipo de artigo: Dell Security Advisory
Último modificado: 19 set. 2025
Encontre as respostas de outros usuários da Dell para suas perguntas.
Serviços de suporte
Verifique se o dispositivo está coberto pelos serviços de suporte.