DSA-2025-258: Security Update for Dell NetWorker Multiple Third-Party Component Vulnerabilities
Resumo: Dell NetWorker remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
Este artigo aplica-se a
Este artigo não se aplica a
Este artigo não está vinculado a nenhum produto específico.
Nem todas as versões do produto estão identificadas neste artigo.
Impacto
Critical
Dados
| Third-party Component | CVEs | More Information |
| Apache CXF | CVE-2024-28752 | https://nvd.nist.gov/vuln/search |
| LogBack | CVE-2023-6378, CVE-2023-6481 | https://nvd.nist.gov/vuln/search |
| Spring Boot | CVE-2023-20873, CVE-2023-20883, CVE-2023-34055 | https://nvd.nist.gov/vuln/search |
| Spring Framework | CVE-2024-38819, CVE-2024-38828, CVE-2023-20860, CVE-2024-22262, CVE-2024-22243, CVE-2024-22259, CVE-2023-20861, CVE-2023-20863 | https://nvd.nist.gov/vuln/search |
| Spring Security | CVE-2023-34034, CVE-2023-20862, CVE-2023-34035, CVE-2024-22257 | https://nvd.nist.gov/vuln/search |
Produtos afetados e soluções
| Product | Software/Firmware | Affected Versions | Remediated Versions | Link |
| NetWorker |
NetWorker Web UI File Level Recovery (FLR) NetWorker Authentication Server NetWorker vCenter User Interface (VCUI) NetWorker RESTAPI |
Versions prior to 19.13 | Version 19.13 or later | NetWorker Downloads Area |
| Product | Software/Firmware | Affected Versions | Remediated Versions | Link |
| NetWorker |
NetWorker Web UI File Level Recovery (FLR) NetWorker Authentication Server NetWorker vCenter User Interface (VCUI) NetWorker RESTAPI |
Versions prior to 19.13 | Version 19.13 or later | NetWorker Downloads Area |
Notes:
- The Affected Products and Remediation table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
- Versions prior to 19.13 means 19.12.x, 19.11.x, 19.10.x, 19.9.x, 19.8.x, 19.7.x, 19.6.x, 19.5.x, and 19.4.x family of releases that are still under standard support. For more information on Dell End-of-Life Documents for converged infrastructure, midrange and enterprise storage, and storage networking products refer to Dell End-of-Life Product List for Converged Infrastructure and Storage.
- The security advisory addresses vulnerabilities remediated in Dell NetWorker, version 19.13 or later, through the Oracle JDK 17 upgrade. Earlier versions, 19.12.x, 19.11.x, and 19.10.x, do not include this upgrade.
- Unless specified as impacted, the term “later releases” encompasses all NetWorker releases, under standard support, that are of a higher minor or major version than the specified release. Dell recommends that you always upgrade to the latest release/version for your product.
- Platforms: Windows & Linux (All variants and flavors are impacted).
Soluções temporárias e atenuações
None
Histórico de revisão
| Revision | Date | Description |
| 1.0 | 2025-06-30 | Initial Release |
| 2.0 | 2025-08-19 | Updated the 'Affected and Remediated Versions' and 'Additional Information' sections |
Informações relacionadas
Aviso de isenção legal
Produtos afetados
NetWorker FamilyPropriedades do artigo
Número do artigo: 000338043
Tipo de artigo: Dell Security Advisory
Último modificado: 19 ago. 2025
Encontre as respostas de outros usuários da Dell para suas perguntas.
Serviços de suporte
Verifique se o dispositivo está coberto pelos serviços de suporte.