DSA-2025-062: Security Update for Dell PowerProtect Data Manager Multiple Security Vulnerabilities
摘要: Dell PowerProtect Data Manager remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
本文适用于
本文不适用于
本文并非针对某种特定的产品。
本文并非包含所有产品版本。
影响
Critical
详情
|
Third Party Component |
CVEs |
More Information |
|---|---|---|
|
Jetty: Java based HTTP/1.x, HTTP/2, Servlet, WebSocket Server9.4.53.20231009 |
CVE-2024-8184, CVE-2024-6763 |
|
|
Quartz Enterprise Job Scheduler2.3.2 |
CVE-2023-39017 |
|
|
rollup4.20.0 |
CVE-2024-47068 |
|
|
Request - Simple HTTP Client2.88.2 |
CVE-2023-28155 |
|
|
http-proxy-middleware2.0.6 |
CVE-2024-21536 |
|
|
Python Programming Language 3.11.9 |
CVE-2023-41105, CVE-2023-36632, CVE-2007-4559, CVE-2023-40217, CVE-2023-24329, CVE-2023-52425, CVE-2023-52426, CVE-2023-50782, CVE-2023-49083, CVE-2024-0727, CVE-2021-3711, CVE-2022-2068,CVE-2022-1292, CVE-2023-4807, CVE-2023-0215, CVE-2022-4450, CVE-2022-0778, CVE-2021-23840,CVE-2023-0464, CVE-2021-3450, CVE-2023-0286, CVE-2021-3712, CVE-2023-2650, CVE-2021-3449, CVE-2022-4304, CVE-2021-23841, CVE-2023-0466, CVE-2023-5678, CVE-2022-2097, CVE-2023-0465, CVE-2023-3817, CVE-2023-23931 |
|
|
zlib 1.3.1 |
CVE-2023-45853 |
|
|
java-17-openjdk 17.0.14 |
CVE-2024-21235, CVE-2024-21208, CVE-2024-21210, CVE-2024-21217, CVE-2025-21502 |
|
|
libcurl4, curl |
CVE-2025-0725, CVE-2025-0167 |
|
|
golang.org/x/crypto/ssh |
CVE-2024-45337 |
|
|
golang.org/x/net/html |
CVE-2024-45338 |
|
|
logback-1.4.7 |
CVE-2023-6378 |
|
|
Spring framework 6.1.8 |
CVE-2024-38820 |
|
|
libxml2-2=2.9.14-150400.5.38.1 libxml2-tools=2.9.14-150400.5.38.1 |
CVE-2024-56171, CVE-2025-24928, CVE-2025-27113 |
|
|
ucode-intel=20250211-150200.53.1 |
CVE-2024-31068, CVE-2024-36293, CVE-2024-37020, CVE-2024-39355 |
|
|
kernel-default=5.14.21-150400.24.150.1 |
CVE-2024-50199, CVE-2024-53104, CVE-2024-53166, CVE-2024-53177, CVE-2024-56600, CVE-2024-56601, CVE-2024-56602, CVE-2024-56623, CVE-2024-56631, CVE-2024-56642, CVE-2024-56645, CVE-2024-56648, CVE-2024-56650, CVE-2024-56658, CVE-2024-56661, CVE-2024-56664, CVE-2024-56704, CVE-2024-56759, CVE-2024-57791, CVE-2024-57792, CVE-2024-57798, CVE-2024-57849, CVE-2024-57893, CVE-2024-57897 |
|
|
openssh-clients=8.4p1-150300.3.42.1 libxml2-tools=2.9.14-150400.5.38.1 openssh-fips=8.4p1-150300.3.42.1 openssh-server=8.4p1-150300.3.42.1 openssh=8.4p1-150300.3.42.1 |
CVE-2025-26465 |
|
|
emacs-info=27.2-150400.3.23.2 emacs-nox=27.2-150400.3.23.2 emacs=27.2-150400.3.23.2 etags=27.2-150400.3.23.2 |
CVE-2025-1244 |
|
|
libopenssl1_1-hmac=1.1.1l-150400.7.78.1 libopenssl1_1=1.1.1l-150400.7.78.1 openssl-1_1=1.1.1l-150400.7.78.1 |
CVE-2024-13176 |
|
|
libruby2_5-2_5=2.5.9-150000.4.36.1 ruby2.5-stdlib=2.5.9-150000.4.36.1 ruby2.5=2.5.9-150000.4.36.1 |
CVE-2024-47220, CVE-2024-49761 |
|
|
libpq5=17.4-150200.5.10.1 postgresql14-server=14.17-150200.5.55.1 postgresql14=14.17-150200.5.55.1 |
CVE-2025-1094 |
|
|
glibc-extra=2.31-150300.92.1 glibc-lang=2.31-150300.92.1 glibc-locale-base=2.31-150300.92.1 glibc-locale=2.31-150300.92.1 glibc=2.31-150300.92.1 |
CVE-2025-0395 |
|
|
bind-utils=9.16.50-150400.5.46.1 python3-bind=9.16.50-150400.5.46.1 |
CVE-2024-11187 |
|
|
libtasn1-6=4.13-150000.4.11.1 libtasn1=4.13-150000.4.11.1 |
CVE-2024-12133 |
|
|
curl=8.0.1-150400.5.62.1 libcurl4=8.0.1-150400.5.62.1 |
CVE-2024-11053, CVE-2025-0167, CVE-2025-0725 |
|
|
grub2-i386-pc=2.06-150400.11.55.2 grub2-snapper-plugin=2.06-150400.11.55.2 grub2-systemd-sleep-plugin=2.06-150400.11.55.2 grub2-x86_64-efi=2.06-150400.11.55.2 grub2=2.06-150400.11.55.2 |
CVE-2024-45774, CVE-2024-45775, CVE-2024-45776, CVE-2024-45777, CVE-2024-45778, CVE-2024-45779, CVE-2024-45780, CVE-2024-45781, CVE-2024-45782, CVE-2024-45783, CVE-2024-56737, CVE-2025-0622, CVE-2025-0624, CVE-2025-0677, CVE-2025-0678, CVE-2025-0684, CVE-2025-0685, CVE-2025-0686, CVE-2025-0689, CVE-2025-0690, CVE-2025-1118, CVE-2025-1125 |
|
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
|---|---|---|---|
|
CVE-2025-23375 |
Dell PowerProtect Data Manager Reporting, version(s) 19.17, contain(s) an Incorrect Use of Privileged APIs vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. |
7.8 |
|
|
CVE-2025-23376 |
Dell PowerProtect Data Manager Reporting, version(s) 19.16, 19.17, 19.18, contain(s) an Improper Neutralization of Special Elements Used in a Template Engine vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information disclosure. |
2.3 |
|
|
CVE-2025-23377 |
Dell PowerProtect Data Manager Reporting, version(s) 19.17, 19.18 contain(s) an Improper Encoding or Escaping of Output vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability to inject arbitrary web script or html in reporting outputs. |
4.2 |
|
|
CVE-2025-27691 |
Dell PowerProtect Agent Service, version(s) 19.16, 19.17, and 19.18, contain(s) a Plaintext Storage of a Password vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the Postgres, Oracle, and cache environments with privileges of the compromised account. |
7.5 |
|
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
|---|---|---|---|
|
CVE-2025-23375 |
Dell PowerProtect Data Manager Reporting, version(s) 19.17, contain(s) an Incorrect Use of Privileged APIs vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. |
7.8 |
|
|
CVE-2025-23376 |
Dell PowerProtect Data Manager Reporting, version(s) 19.16, 19.17, 19.18, contain(s) an Improper Neutralization of Special Elements Used in a Template Engine vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information disclosure. |
2.3 |
|
|
CVE-2025-23377 |
Dell PowerProtect Data Manager Reporting, version(s) 19.17, 19.18 contain(s) an Improper Encoding or Escaping of Output vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability to inject arbitrary web script or html in reporting outputs. |
4.2 |
|
|
CVE-2025-27691 |
Dell PowerProtect Agent Service, version(s) 19.16, 19.17, and 19.18, contain(s) a Plaintext Storage of a Password vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the Postgres, Oracle, and cache environments with privileges of the compromised account. |
7.5 |
受影响的产品和补救措施
|
Product |
Software/Firmware |
Affected Versions |
Remediated Versions |
Link |
|---|---|---|---|---|
|
PowerProtect Data Manager |
PowerProtect Data Manager Software 19.19.0-15 |
Versions 19.15.0 through 19.18.0-23 |
Version 19.19.0-15 or later |
|
Product |
Software/Firmware |
Affected Versions |
Remediated Versions |
Link |
|---|---|---|---|---|
|
PowerProtect Data Manager |
PowerProtect Data Manager Software 19.19.0-15 |
Versions 19.15.0 through 19.18.0-23 |
Version 19.19.0-15 or later |
修订历史记录
|
Revision |
Date |
Description |
|---|---|---|
|
1.0 |
2025-04-24 |
Initial Release |
|
2.0 |
2025-04-24 |
Updated for enhanced presentation with no changes to content |
|
3.0 |
2025-04-25 |
Updated for enhanced presentation with no changes to content |
|
4.0 |
2025-05-07 |
Updated CVE Identifier and Third Party Components section to remove Node.js 22.13.0 references |
|
5.0 |
2025-05-28 |
Updated the Proprietary Code section: Added CVE-2025-27691 details. |
相关信息
法律免责声明
受影响的产品
PowerProtect Data Manager文章属性
文章编号: 000311083
文章类型: Dell Security Advisory
上次修改时间: 28 5月 2025
从其他戴尔用户那里查找问题的答案
支持服务
检查您的设备是否在支持服务涵盖的范围内。