Vitajte
Vitajte v spoločnosti Dell!
Moje konto
- Zadávajte objednávky rýchlo a jednoducho
- Pozrite si svoje objednávky a sledujte priebeh doručenia
- Vytvorte si zoznam svojich produktov a majte ho vždy poruke
- Spravujte svoje lokality Dell EMC, produkty a kontaktné informácie na úrovni produktov pomocou Správy informácií o spoločnosti.
Číslo článku: 000222618
DSA-2024-107: Security Update for Data Protection Advisor Multiple Vulnerabilities.
Zhrnutie: Data Protection Advisor remediation is available for multiple vulnerabilities that could be exploited by malicious users to compromise the affected system.
Obsah článku
Dosah
Critical
Podrobnosti
| Third-party Component | CVEs | More Information |
|---|---|---|
| Apache Tomcat | CVE-2016-6816, CVE-2016-8735, CVE-2017-5647, CVE-2017-5648, CVE-2017-5650, CVE-2017-5651, CVE-2017-5664, CVE-2016-6817, CVE-2016-8745, CVE-2017-7674, CVE-2017-7675, CVE-2017-12617, CVE-2018-1305, CVE-2018-1304, CVE-2018-8014, CVE-2018-8034, CVE-2018-1336, CVE-2018-8037, CVE-2018-11784, CVE-2019-0199, CVE-2019-0232, CVE-2019-2684, CVE-2019-0221, CVE-2019-10072, CVE-2019-17563, CVE-2019-12418, CVE-2020-1935, CVE-2020-1938, CVE-2020-11996, CVE-2020-13934, CVE-2020-13935, CVE-2020-13943, CVE-2021-30640, CVE-2021-33037, CVE-2021-43980, CVE-2023-28708, CVE-2023-41080, CVE-2023-42795, CVE-2023-45648 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/  |
| Spring Framework | CVE-2016-9878, CVE-2018-1199, CVE-2018-1270, CVE-2018-1271, CVE-2018-1272, CVE-2018-1275, CVE-2018-1257, CVE-2018-11039, CVE-2018-11040, CVE-2018-15756, CVE-2020-5421, CVE-2022-22950, CVE-2022-22968, CVE-2022-22970, CVE-2022-22971, CVE-2023-20861, CVE-2023-20863 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
| Spring Boot | CVE-2017-8046, CVE-2018-1196, CVE-2022-27772, CVE-2022-22965, CVE-2023-20873, CVE-2023-20883, CVE-2023-34055 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
| SnakeYAML | CVE-2017-18640, CVE-2022-38749, CVE-2022-38750, CVE-2022-38751, CVE-2022-38752, CVE-2022-41854 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
| Webpack | CVE-2023-28154 | NVD - CVE-2023-28154 (nist.gov) |
| Loader-utils | CVE-2022-37599, CVE-2022-37601, CVE-2022-37603 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
| http-cache-semantics | CVE-2022-25881 | NVD - CVE-2022-25881 (nist.gov) |
| json5 | CVE-2022-46175 | NVD - CVE-2022-46175 (nist.gov) |
| terser | CVE-2022-25858 | NVD - CVE-2022-25858 (nist.gov) |
| Moment | CVE-2022-31129 | NVD - CVE-2022-31129 (nist.gov) |
| Oracle Java 8u391 | CVE-2023-22025, CVE-2023-22067, CVE-2023-22081 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
Dotknuté produkty a riešenie problému
| Product | Affected Version | Remediated Versions | Link |
|---|---|---|---|
| Dell Protection Advisor | Version 19.9 | Version 19.10 | https://www.dell.com/support/home/product-support/product/data-protection-advisor/drivers |
| Integrated Data Protection Appliance (PowerProtect DP Series) | Version 2.7.6 | Version 2.7.6 with DPA 19.10 patch build 22 | Link to PowerProtect DP Series Software 2.7.6 https://www.dell.com/support/home/product-support/product/integrated-data-protection-appliance/drivers Link to DPA 19.10 patch build 22 https://www.dell.com/support/home/product-support/product/data-protection-advisor/drivers DPA out of band upgrade KB https://www.dell.com/support/kbdoc/en-ie/000205649/powerprotect-dp-series-appliance-and-idpa-steps-to-upgrade-dpa-or-data-protection-advisor-component-out-of-band-within-the-appliance |
| Product | Affected Version | Remediated Versions | Link |
|---|---|---|---|
| Dell Protection Advisor | Version 19.9 | Version 19.10 | https://www.dell.com/support/home/product-support/product/data-protection-advisor/drivers |
| Integrated Data Protection Appliance (PowerProtect DP Series) | Version 2.7.6 | Version 2.7.6 with DPA 19.10 patch build 22 | Link to PowerProtect DP Series Software 2.7.6 https://www.dell.com/support/home/product-support/product/integrated-data-protection-appliance/drivers Link to DPA 19.10 patch build 22 https://www.dell.com/support/home/product-support/product/data-protection-advisor/drivers DPA out of band upgrade KB https://www.dell.com/support/kbdoc/en-ie/000205649/powerprotect-dp-series-appliance-and-idpa-steps-to-upgrade-dpa-or-data-protection-advisor-component-out-of-band-within-the-appliance |
The Affected Products and Remediation table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
- Dell recommends that you always upgrade to the latest release/version for your product
- To schedule platform security patch installation, or to upgrade your server, contact Dell Customer Support at https://www.dell.com/support/home/en-us/.
História revízií
| Revision | Date | Description |
| 1.0 | 2024-02-29 | Initial Release |
| 2.0 | 2024-04-02 | Added "Integrated Data Protection Appliance (PowerProtect DP Series)" product under "Affected Products and Remediation" section |
| 3.0 | 2024-04-04 | Updated for enhanced format presentation with no change to content |
Súvisiace informácie
Právne informácie
Vlastnosti článku
Dotknutý produkt
Data Protection Advisor, PowerProtect Data Protection Software, Integrated Data Protection Appliance Family, Integrated Data Protection Appliance Software, Product Security Information
Dátum posledného zverejnenia
03 apr 2024
Verzia
4
Typ článku
Dell Security Advisory