DSA-2026-024: Security Update for Dell NetWorker Multiple Third Party Component Vulnerabilities
Сводка: Dell NetWorker remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
Данная статья применяется к
Данная статья не применяется к
Эта статья не привязана к какому-либо конкретному продукту.
В этой статье указаны не все версии продуктов.
Влияние
Critical
Подробные сведения
| Third-party Component | CVEs | More Information |
| Angus Mail | CVE-2025-7962 | https://nvd.nist.gov/vuln/search |
| Apache Commons Configuration | CVE-2025-46392 | https://nvd.nist.gov/vuln/search |
| Apache Commons Lang | CVE-2025-48924 | https://nvd.nist.gov/vuln/search |
| Apache CXF | CVE-2024-29736, CVE-2024-32007, CVE-2025-23184, CVE-2024-41172, CVE-2025-48913 | https://nvd.nist.gov/vuln/search |
| Apache HttpClient | CVE-2020-13956, CVE-2014-3577, CVE-2015-5262, CVE-2012-5783 | https://nvd.nist.gov/vuln/search |
| Apache Tomcat | CVE-2025-31651, CVE-2025-31650, CVE-2025-48989 | https://nvd.nist.gov/vuln/search |
| FasterXML Jackson‑databind | CVE-2023-35116 | https://nvd.nist.gov/vuln/search |
| QOS.CH Logback | CVE-2025-11226 | https://nvd.nist.gov/vuln/search |
| Spring Framework | CVE-2025-41242, CVE-2025-41254, CVE-2025-22233, CVE-2025-41234 | https://nvd.nist.gov/vuln/search |
| Spring Security | CVE-2025-41248, CVE-2025-22228 | https://nvd.nist.gov/vuln/search |
Затронутые продукты и исправление
| CVEs Addressed | Product | Software/Firmware | Affected Versions | Remediated Versions | Link |
| CVE-2024-29736, CVE-2024-32007, CVE-2025-23184, CVE-2024-41172, CVE-2020-13956, CVE-2014-3577, CVE-2015-5262, CVE-2012-5783, CVE-2023-35116, CVE-2025-7962, CVE-2025-48913, CVE-2025-11226, CVE-2025-41242, CVE-2025-41254, CVE-2025-22233, CVE-2025-41234, CVE-2025-48924, CVE-2025-46392, CVE-2025-41248, CVE-2025-22228 | NetWorker | NetWorker File-Level Recovery (FLR) | Versions 19.9 through 19.13.0.2 | Version 19.14 or later | NetWorker Downloads Area |
| CVE-2024-29736, CVE-2024-32007, CVE-2025-23184, CVE-2024-41172, CVE-2020-13956, CVE-2014-3577, CVE-2015-5262, CVE-2012-5783, CVE-2023-35116, CVE-2025-7962, CVE-2025-48913, CVE-2025-11226, CVE-2025-41242, CVE-2025-41254, CVE-2025-22233, CVE-2025-41234, CVE-2025-48924, CVE-2025-46392, CVE-2025-41248, CVE-2025-48989, CVE-2025-22228, CVE-2025-31651, CVE-2025-31650, CVE-2025-48989 | NetWorker | NetWorker vCenter User Interface (VCUI) | Versions 19.9 through 19.13.0.2 | Version 19.14 or later | NetWorker Downloads Area |
| CVEs Addressed | Product | Software/Firmware | Affected Versions | Remediated Versions | Link |
| CVE-2024-29736, CVE-2024-32007, CVE-2025-23184, CVE-2024-41172, CVE-2020-13956, CVE-2014-3577, CVE-2015-5262, CVE-2012-5783, CVE-2023-35116, CVE-2025-7962, CVE-2025-48913, CVE-2025-11226, CVE-2025-41242, CVE-2025-41254, CVE-2025-22233, CVE-2025-41234, CVE-2025-48924, CVE-2025-46392, CVE-2025-41248, CVE-2025-22228 | NetWorker | NetWorker File-Level Recovery (FLR) | Versions 19.9 through 19.13.0.2 | Version 19.14 or later | NetWorker Downloads Area |
| CVE-2024-29736, CVE-2024-32007, CVE-2025-23184, CVE-2024-41172, CVE-2020-13956, CVE-2014-3577, CVE-2015-5262, CVE-2012-5783, CVE-2023-35116, CVE-2025-7962, CVE-2025-48913, CVE-2025-11226, CVE-2025-41242, CVE-2025-41254, CVE-2025-22233, CVE-2025-41234, CVE-2025-48924, CVE-2025-46392, CVE-2025-41248, CVE-2025-48989, CVE-2025-22228, CVE-2025-31651, CVE-2025-31650, CVE-2025-48989 | NetWorker | NetWorker vCenter User Interface (VCUI) | Versions 19.9 through 19.13.0.2 | Version 19.14 or later | NetWorker Downloads Area |
Notes:
- The Affected Products and Remediation table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
- Customers on any supported versions/releases listed in the ‘Affected Products and Remediation’ section can upgrade directly to the remediated 19.14 release. Version 19.13.0.3, released on February 20, 2026, is provided for environments or usage scenarios that require a lower remediated release.
- Unless specified as impacted, the term “later releases” encompasses all NetWorker releases, under standard support, that are of a higher minor or major version than the specified release. Dell recommends that you always upgrade to the latest release/version for your product.
- Platforms: Windows & Linux (All variants and flavors are impacted).
Временные решения и снижение риска
None
История изменений
| Revision | Date | Description |
| 1.0 | 2026-02-09 | Initial Release |
| 2.0 | 2026-02-12 | Minor update to map CVEs to the respective NetWorker components |
| 2.0 | 2026-03-11 | Minor update announcing the release of version 19.13.0.3. See the Additional Information section. |
Связанная информация
Правовая оговорка
Затронутые продукты
NetWorker Family, NetWorkerСвойства статьи
Номер статьи: 000425759
Тип статьи: Dell Security Advisory
Последнее изменение: 11 Mar 2026
Получите ответы на свои вопросы от других пользователей Dell
Услуги технической поддержки
Проверьте, распространяются ли на ваше устройство услуги технической поддержки.