DSA-2023-416: Security Update for Dell PowerProtect DP Series Appliance (IDPA) Infrastructure for Multiple Vulnerabilities.

Resumo: Dell PowerProtect DP Series Appliance (IDPA) remediation is available for multiple security vulnerabilities in Infrastructure that could be exploited by malicious users to compromise the affected system. ...

Este artigo aplica-se a Este artigo não se aplica a Este artigo não está vinculado a nenhum produto específico. Nem todas as versões do produto estão identificadas neste artigo.
Confira outros recursos

Impacto

Critical

Dados

Third-party Component

CVEs

More Information

VMWare (Hypervisor and Hypervisor Manager) 

CVE-2023-38408, CVE-2021-36368, CVE-2023-20892, CVE-2023-20893, CVE-2023-2089 , CVE-2023-20895, CVE-2023-20896, CVE-2022-22982, CVE-2022-31696, CVE-2022-31699, CVE-2021-21972, CVE-2022-21123, CVE-2022-21125, CVE-2022-21166, CVE-2022-29901, CVE-2022-28693, CVE-2022-23816, CVE-2022-23825, CVE-2022-26373, CVE-2022-31681, CVE-2021-22040, CVE-2021-22041, CVE-2021-22042, CVE-2021-22043, CVE-2021-22050, CVE-2022-22948, CVE-2023-34048, CVE-2023-34056, CVE-2023-20894 

See NVD link below for individual scores for each CVE.
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.

 

Dell iDRAC 

CVE-2022-34435 

DSA-2022-265

OpenSSL

CVE-2023-0215, CVE-2022-2068, CVE-2022-1292 

See NVD link below for individual scores for each CVE.  
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.

Oracle Java 

CVE-2023-21835, CVE-2023-21830, CVE-2023-21843, CVE-2022-39399, CVE-2022-34169, CVE-2022-21628, CVE-2022-21626, CVE-2022-21618, CVE-2022-21624, CVE-2022-21619, CVE-2022-21541, CVE-2022-21540, CVE-2022-21549, CVE‑2022‑39399, CVE‑2022‑34169, CVE‑2022‑21628, CVE-2022-21626, CVE-2022-21618, CVE-2022-21624, CVE-2022-21619, CVE-2022-21541, CVE-2022-21540, CVE-2022-21549

See NVD link below for individual scores for each CVE.  
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.

 

OpenLDAP

CVE-1999-0385 

https://nvd.nist.gov/vuln/detail/CVE-1999-0385 This hyperlink is taking you to a website outside of Dell Technologies.

OpenSSH

CVE-2008-5161 

https://www.suse.com/security/cve/CVE-2008-5161.htmlThis hyperlink is taking you to a website outside of Dell Technologies.

Apache Tomcat 

CVE-2022-45143, CVE-2022-42252, CVE-2022-34305, CVE-2022-29885, CVE-2021-43980, CVE-2021-30640 

See NVD link below for individual scores for each CVE.  
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.

 

Grub2 

CVE-2022-2601, CVE-2022-3775, CVE-2021-3695, CVE-2021- 3696, CVE-2021-3697, CVE-2021-3981 

See NVD link below for individual scores for each CVE.  
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.

Apache Log4j 

CVE-2021-44228, CVE-2021-45046 

Apache Log4j Remote Code ExecutionThis hyperlink is taking you to a website outside of Dell Technologies.

Erlang 

CVE-2022-37026 

https://nvd.nist.gov/vuln/detail/CVE-2022-37026This hyperlink is taking you to a website outside of Dell Technologies.

SUSE 

CVE-2022-0413, CVE-2022-0318, CVE-2021-4019, CVE-2022-2284, CVE-2022-0361, CVE-2022-1679, CVE-2020-0452, CVE-2022-1652, CVE-2022-1619, CVE-2022-0492, CVE-2022-0359, CVE-2017-17095, CVE-2022-24903, CVE-2022-2207, CVE-2022-1927, CVE-2022-2304, CVE-2021-4197, CVE-2022-27239, CVE-2022-1304, CVE-2022-2129, CVE-2022-2264, CVE-2022-29155, CVE-2022-2124, CVE-2022-0261, CVE-2022-1851, CVE-2022-2126, CVE-2022-2183, CVE-2022-1720, CVE-2021-4157, CVE-2022-2344, CVE-2020-35523, CVE-2021-3927, CVE-2022-2175, CVE-2021-4069, CVE-2021-4192, CVE-2022-23219, CVE-2021-4136, CVE-2021-4202, CVE-2022-0407, CVE-2022-1381, CVE-2022-0213, CVE-2021-30560, CVE-2021-3778, CVE-2022-2210, CVE-2022-0435, CVE-2022-2257, CVE-2022-1898, CVE-2022-2206, CVE-2021-43527, CVE-2022-25235, CVE-2022-23218, CVE-2021-20292, CVE-2022-20141, CVE-2022-0128, CVE-2022-0847, CVE-2021-3973, CVE-2021-3796, CVE-2022-2286, CVE-2022-1796, CVE-2022-1968, CVE-2022-1735, CVE-2021-3984, CVE-2021-3968, CVE-2022-1048, CVE-2021-39713, CVE-2021-4083, CVE-2020-35524, CVE-2022-2182, CVE-2021-45078, CVE-2022-2343, CVE-2022-2345, CVE-2022-1897, CVE-2021-0920, CVE-2022-2125, CVE-2022-0392, CVE-2022-25315, CVE-2022-25236, CVE-2022-23852, CVE-2022-24407, CVE-2022-2285, CVE-2019-17546, CVE-2021-3872, CVE-2021-0935, CVE-2021-3974, CVE-2022-1616, CVE-2022-2795, CVE-2022-38177, CVE-2023-38545, CVE-2023-38546

See SUSE link below for individual scores for each CVE. 
https://www.suse.com/security/cve/This hyperlink is taking you to a website outside of Dell Technologies.
Intel Ethernet 500 Series Controllers Firmware CVE-2022-36416, CVE-2022-36797 DSA-2023-016

A Dell Technologies recomenda que todos os clientes levem em consideração a pontuação base CVSS e as pontuações temporais e ambientais pertinentes que possam afetar a gravidade potencial associada a uma vulnerabilidade de segurança específica.

Produtos afetados e soluções

Product

Affected Versions

Remediated Versions 

Link 

Integrated Data Protection Appliance (PowerProtect DP Series)

2.7.4 and prior 

2.7.6 

https://www.dell.com/support/home/product-support/product/integrated-data-protection-appliance/drivers

Product

Affected Versions

Remediated Versions 

Link 

Integrated Data Protection Appliance (PowerProtect DP Series)

2.7.4 and prior 

2.7.6 

https://www.dell.com/support/home/product-support/product/integrated-data-protection-appliance/drivers
Link to PowerProtect DP Series Installation and Upgrade guide 
Dell EMC PowerProtect DP Series Appliance 2.7.6 Installation and Upgrade Guide 
 
NOTE: IDPA versions prior to 2.7.6 use an obsolete Operating System for ACM and DPA components. IDPA 2.7.6 has updated the Operating Systems of ACM and DPA components to a supported version.

Histórico de revisão

RevisionDateDescription
1.02023-23-21Initial release
2.02024-01-09Moved Installation & Upgrade guide to Additional Information section.
3.02024-01-09Updated 'More Information' column for Dell iDRAC & Apache Log4j
4.0-5.02024-01-09Added CVE-2023-38545, CVE-2023-38546 to SUSE Component
6.02024-01-22Updated for enhanced presentation with no changes to content.
7.02024-03-08Added CVE-2023-20894 to VMWare (Hypervisor and Hypervisor Manager) Component
8.02024-07-12Added Intel Ethernet 500 Series Controllers Firmware CVEs.

Informações relacionadas

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Aviso de isenção legal

Produtos afetados

PowerProtect Data Protection Appliance, PowerProtect Data Protection Software, Integrated Data Protection Appliance Family, PowerProtect Data Protection Hardware, Integrated Data Protection Appliance Software
Propriedades do artigo
Número do artigo: 000220651
Tipo de artigo: Dell Security Advisory
Último modificado: 19 set. 2025
Encontre as respostas de outros usuários da Dell para suas perguntas.
Serviços de suporte
Verifique se o dispositivo está coberto pelos serviços de suporte.