DSA-2024-107: Security Update for Data Protection Advisor Multiple Vulnerabilities.
Zhrnutie: Data Protection Advisor remediation is available for multiple vulnerabilities that could be exploited by malicious users to compromise the affected system.
Tento článok sa vzťahuje na
Tento článok sa nevzťahuje na
Tento článok nie je viazaný na žiadny konkrétny produkt.
V tomto článku nie sú uvedené všetky verzie produktov.
Dosah
Critical
Podrobnosti
| Third-party Component | CVEs | More Information |
|---|---|---|
| Apache Tomcat | CVE-2016-6816, CVE-2016-8735, CVE-2017-5647, CVE-2017-5648, CVE-2017-5650, CVE-2017-5651, CVE-2017-5664, CVE-2016-6817, CVE-2016-8745, CVE-2017-7674, CVE-2017-7675, CVE-2017-12617, CVE-2018-1305, CVE-2018-1304, CVE-2018-8014, CVE-2018-8034, CVE-2018-1336, CVE-2018-8037, CVE-2018-11784, CVE-2019-0199, CVE-2019-0232, CVE-2019-2684, CVE-2019-0221, CVE-2019-10072, CVE-2019-17563, CVE-2019-12418, CVE-2020-1935, CVE-2020-1938, CVE-2020-11996, CVE-2020-13934, CVE-2020-13935, CVE-2020-13943, CVE-2021-30640, CVE-2021-33037, CVE-2021-43980, CVE-2023-28708, CVE-2023-41080, CVE-2023-42795, CVE-2023-45648 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/  |
| Spring Framework | CVE-2016-9878, CVE-2018-1199, CVE-2018-1270, CVE-2018-1271, CVE-2018-1272, CVE-2018-1275, CVE-2018-1257, CVE-2018-11039, CVE-2018-11040, CVE-2018-15756, CVE-2020-5421, CVE-2022-22950, CVE-2022-22968, CVE-2022-22970, CVE-2022-22971, CVE-2023-20861, CVE-2023-20863 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
| Spring Boot | CVE-2017-8046, CVE-2018-1196, CVE-2022-27772, CVE-2022-22965, CVE-2023-20873, CVE-2023-20883, CVE-2023-34055 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
| SnakeYAML | CVE-2017-18640, CVE-2022-38749, CVE-2022-38750, CVE-2022-38751, CVE-2022-38752, CVE-2022-41854 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
| Webpack | CVE-2023-28154 | NVD - CVE-2023-28154 (nist.gov) |
| Loader-utils | CVE-2022-37599, CVE-2022-37601, CVE-2022-37603 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
| http-cache-semantics | CVE-2022-25881 | NVD - CVE-2022-25881 (nist.gov) |
| json5 | CVE-2022-46175 | NVD - CVE-2022-46175 (nist.gov) |
| terser | CVE-2022-25858 | NVD - CVE-2022-25858 (nist.gov) |
| Moment | CVE-2022-31129 | NVD - CVE-2022-31129 (nist.gov) |
| Oracle Java 8u391 | CVE-2023-22025, CVE-2023-22067, CVE-2023-22081 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
Dotknuté produkty a riešenie problému
| Product | Affected Version | Remediated Versions | Link |
|---|---|---|---|
| Dell Protection Advisor | Version 19.9 | Version 19.10 | https://www.dell.com/support/home/product-support/product/data-protection-advisor/drivers |
| Integrated Data Protection Appliance (PowerProtect DP Series) | Version 2.7.6 | Version 2.7.6 with DPA 19.10 patch build 22 | Link to PowerProtect DP Series Software 2.7.6 https://www.dell.com/support/home/product-support/product/integrated-data-protection-appliance/drivers Link to DPA 19.10 patch build 22 https://www.dell.com/support/home/product-support/product/data-protection-advisor/drivers DPA out of band upgrade KB https://www.dell.com/support/kbdoc/en-ie/000205649/powerprotect-dp-series-appliance-and-idpa-steps-to-upgrade-dpa-or-data-protection-advisor-component-out-of-band-within-the-appliance |
| Product | Affected Version | Remediated Versions | Link |
|---|---|---|---|
| Dell Protection Advisor | Version 19.9 | Version 19.10 | https://www.dell.com/support/home/product-support/product/data-protection-advisor/drivers |
| Integrated Data Protection Appliance (PowerProtect DP Series) | Version 2.7.6 | Version 2.7.6 with DPA 19.10 patch build 22 | Link to PowerProtect DP Series Software 2.7.6 https://www.dell.com/support/home/product-support/product/integrated-data-protection-appliance/drivers Link to DPA 19.10 patch build 22 https://www.dell.com/support/home/product-support/product/data-protection-advisor/drivers DPA out of band upgrade KB https://www.dell.com/support/kbdoc/en-ie/000205649/powerprotect-dp-series-appliance-and-idpa-steps-to-upgrade-dpa-or-data-protection-advisor-component-out-of-band-within-the-appliance |
The Affected Products and Remediation table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
- Dell recommends that you always upgrade to the latest release/version for your product
- To schedule platform security patch installation, or to upgrade your server, contact Dell Customer Support at https://www.dell.com/support/home/en-us/.
História revízií
| Revision | Date | Description |
| 1.0 | 2024-02-29 | Initial Release |
| 2.0 | 2024-04-02 | Added "Integrated Data Protection Appliance (PowerProtect DP Series)" product under "Affected Products and Remediation" section |
| 3.0 | 2024-04-04 | Updated for enhanced format presentation with no change to content |
Súvisiace informácie
Legal Disclaimer
Dotknuté produkty
Data Protection Advisor, PowerProtect Data Protection Software, Integrated Data Protection Appliance Family, Integrated Data Protection Appliance Software, Product Security InformationVlastnosti článku
Číslo článku: 000222618
Typ článku: Dell Security Advisory
Dátum poslednej úpravy: 09 sep 2025
Nájdite odpovede na svoje otázky od ostatných používateľov spoločnosti Dell
Služby podpory
Skontrolujte, či sa na vaše zariadenie vzťahujú služby podpory.