Zu den Hauptinhalten
Abmelden

Willkommen bei Dell

Mein Konto
  • Bestellungen schnell und einfach aufgeben
  • Bestellungen anzeigen und den Versandstatus verfolgen
  • Profitieren Sie von exklusiven Prämien und Rabatten für Mitglieder
  • Erstellen Sie eine Liste Ihrer Produkte, auf die Sie jederzeit zugreifen können.
Anmelden Konto erstellen Premier-Anmeldung Anmeldung beim Partnerprogramm
Kontakt

Ihr Warenkorb bei Dell.com

DSA-2024-280: Security Update for Dell Avamar and Dell Avamar Virtual Edition Multiple Security Vulnerabilities.

Zusammenfassung: Dell Avamar and Dell Avamar Virtual Edition remediation is available for multiple vulnerabilities that could be exploited by malicious users to compromise the affected system.

Dieser Artikel gilt für   Dieser Artikel gilt nicht für 
Sehen Sie sich die Ressourcen an für

Auswirkungen

Critical

Details

Third-party Component CVEs More Information
Apache Ant CVE-2020-11979, CVE-2021-36374 See NVD link below for individual scores for each CVE. 
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Apache Struts CVE-2023-34149, CVE-2023-34396, CVE-2023-41835, CVE-2023-50164 See NVD link below for individual scores for each CVE. 
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Jetty: Java based HTTP/1.x, HTTP/2, Servlet, WebSocket Server CVE-2023-41900 See NVD link below for individual scores for each CVE. 
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
SnakeYAML CVE-2017-18640 See NVD link below for individual scores for each CVE. 
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.

Dell Technologies empfiehlt allen Kunden, sowohl die CVSS-Gesamtbewertung als auch alle relevanten zeitlichen und umweltbezogenen Bewertungen zu berücksichtigen, die sich auf den potenziellen Schweregrad einer bestimmten Sicherheitsschwachstelle auswirken können.

Betroffene Produkte und Korrektur

CVEs Addressed

 Product Software/Firmware Affected Version(s) Remediated Version Link
CVE-2020-11979, CVE-2021-36374, CVE-2023-34149, CVE-2023-34396, CVE-2023-41835, CVE-2023-50164, CVE-2023-41900, CVE-2017-18640 Dell Avamar Data Store Gen5A, Gen4T Dell Avamar operating system Versions 19.4, 19.7,19.8,19.9 and 19.10 Avamar 19.10 SP1 https://dl.dell.com/downloads/KYC7K_Avamar-19.10-SP1-for-Server-and-AVE-Upgrades.avp
CVE-2020-11979, CVE-2021-36374, CVE-2023-34149, CVE-2023-34396, CVE-2023-41835, CVE-2023-50164, CVE-2023-41900, CVE-2017-18640 Avamar Virtual Edition for VMware ESXi and vSphere Dell Avamar operating system Versions 19.4, 19.7,19.8,19.9 and 19.10 Avamar 19.10 SP1 https://dl.dell.com/downloads/NRDN1_Avamar-19.10-SP1-Virtual-Edition-for-VMware-ESXi-and-vSphere.7z
CVE-2020-11979, CVE-2021-36374, CVE-2023-34149, CVE-2023-34396, CVE-2023-41835, CVE-2023-50164, CVE-2023-41900, CVE-2017-18640 Avamar Virtual Edition for VMware vSphere only Dell Avamar operating system Versions 19.4, 19.7,19.8,19.9 and 19.10 Avamar 19.10 SP1 https://dl.dell.com/downloads/V0RPW_Avamar-19.10-SP1-Virtual-Edition-for-VMware-vSphere-only.ova
CVE-2020-11979, CVE-2021-36374, CVE-2023-34149, CVE-2023-34396, CVE-2023-41835, CVE-2023-50164, CVE-2023-41900, CVE-2017-18640 Avamar Virtual Edition for Hyper-V 2012 Dell Avamar operating system Versions 19.4, 19.7,19.8,19.9 and 19.10 Avamar 19.10 SP1 https://dl.dell.com/downloads/X59J2_Avamar-19.10-SP1-Virtual-Edition-for-Hyper-V-2012.7z
CVE-2020-11979, CVE-2021-36374, CVE-2023-34149, CVE-2023-34396, CVE-2023-41835, CVE-2023-50164, CVE-2023-41900, CVE-2017-18640 Avamar Virtual Edition for Hyper-V 2012R2, Hyper-V 2016, and Hyper-V 2019 Dell Avamar operating system Versions 19.4, 19.7,19.8,19.9 and 19.10 Avamar 19.10 SP1 https://dl.dell.com/downloads/163H4_Avamar-19.10-SP1-Virtual-Edition-for-Hyper-V-2012R2,-Hyper-V-2016,-and-Hyper-V-2019.7z
CVE-2020-11979, CVE-2021-36374, CVE-2023-34149, CVE-2023-34396, CVE-2023-41835, CVE-2023-50164, CVE-2023-41900, CVE-2017-18640 Avamar Virtual Edition for KVM/Open Stack KVM Dell Avamar operating system Versions 19.4, 19.7,19.8,19.9 and 19.10 Avamar 19.10 SP1 https://dl.dell.com/downloads/D3F1V_Avamar-19.10-SP1-Virtual-Edition-for-KVM-OpenStack-KVM.7z
CVE-2020-11979, CVE-2021-36374, CVE-2023-34149, CVE-2023-34396, CVE-2023-41835, CVE-2023-50164, CVE-2023-41900, CVE-2017-18640 Dell PowerProtect DP Series Appliance (Integrated Data Protection Appliance) Dell Avamar operating system Versions 2.7.0 through 2.7.6 Version 2.7.7 https://dl.dell.com/downloads/NGXWR_PowerProtect-DP-Series-IDPA-2.7.7-Upgrade-for-DP4400-and-DP5900-Appliances.gz

CVEs Addressed

 Product Software/Firmware Affected Version(s) Remediated Version Link
CVE-2020-11979, CVE-2021-36374, CVE-2023-34149, CVE-2023-34396, CVE-2023-41835, CVE-2023-50164, CVE-2023-41900, CVE-2017-18640 Dell Avamar Data Store Gen5A, Gen4T Dell Avamar operating system Versions 19.4, 19.7,19.8,19.9 and 19.10 Avamar 19.10 SP1 https://dl.dell.com/downloads/KYC7K_Avamar-19.10-SP1-for-Server-and-AVE-Upgrades.avp
CVE-2020-11979, CVE-2021-36374, CVE-2023-34149, CVE-2023-34396, CVE-2023-41835, CVE-2023-50164, CVE-2023-41900, CVE-2017-18640 Avamar Virtual Edition for VMware ESXi and vSphere Dell Avamar operating system Versions 19.4, 19.7,19.8,19.9 and 19.10 Avamar 19.10 SP1 https://dl.dell.com/downloads/NRDN1_Avamar-19.10-SP1-Virtual-Edition-for-VMware-ESXi-and-vSphere.7z
CVE-2020-11979, CVE-2021-36374, CVE-2023-34149, CVE-2023-34396, CVE-2023-41835, CVE-2023-50164, CVE-2023-41900, CVE-2017-18640 Avamar Virtual Edition for VMware vSphere only Dell Avamar operating system Versions 19.4, 19.7,19.8,19.9 and 19.10 Avamar 19.10 SP1 https://dl.dell.com/downloads/V0RPW_Avamar-19.10-SP1-Virtual-Edition-for-VMware-vSphere-only.ova
CVE-2020-11979, CVE-2021-36374, CVE-2023-34149, CVE-2023-34396, CVE-2023-41835, CVE-2023-50164, CVE-2023-41900, CVE-2017-18640 Avamar Virtual Edition for Hyper-V 2012 Dell Avamar operating system Versions 19.4, 19.7,19.8,19.9 and 19.10 Avamar 19.10 SP1 https://dl.dell.com/downloads/X59J2_Avamar-19.10-SP1-Virtual-Edition-for-Hyper-V-2012.7z
CVE-2020-11979, CVE-2021-36374, CVE-2023-34149, CVE-2023-34396, CVE-2023-41835, CVE-2023-50164, CVE-2023-41900, CVE-2017-18640 Avamar Virtual Edition for Hyper-V 2012R2, Hyper-V 2016, and Hyper-V 2019 Dell Avamar operating system Versions 19.4, 19.7,19.8,19.9 and 19.10 Avamar 19.10 SP1 https://dl.dell.com/downloads/163H4_Avamar-19.10-SP1-Virtual-Edition-for-Hyper-V-2012R2,-Hyper-V-2016,-and-Hyper-V-2019.7z
CVE-2020-11979, CVE-2021-36374, CVE-2023-34149, CVE-2023-34396, CVE-2023-41835, CVE-2023-50164, CVE-2023-41900, CVE-2017-18640 Avamar Virtual Edition for KVM/Open Stack KVM Dell Avamar operating system Versions 19.4, 19.7,19.8,19.9 and 19.10 Avamar 19.10 SP1 https://dl.dell.com/downloads/D3F1V_Avamar-19.10-SP1-Virtual-Edition-for-KVM-OpenStack-KVM.7z
CVE-2020-11979, CVE-2021-36374, CVE-2023-34149, CVE-2023-34396, CVE-2023-41835, CVE-2023-50164, CVE-2023-41900, CVE-2017-18640 Dell PowerProtect DP Series Appliance (Integrated Data Protection Appliance) Dell Avamar operating system Versions 2.7.0 through 2.7.6 Version 2.7.7 https://dl.dell.com/downloads/NGXWR_PowerProtect-DP-Series-IDPA-2.7.7-Upgrade-for-DP4400-and-DP5900-Appliances.gz
  • The CVEs remedied by this security update are listed.  The list not only have the new CVEs remedied by this update, but all the past CVEs included in this cumulative update.
  • The OS Rollup 2024 R1 CVE are also remediated by this release. DSA-2024-198
  • Dell recommends that you always upgrade to the latest release/version for your product.
  • To schedule platform security patch installation, or to upgrade your server, contact Dell Customer Support at https://www.dell.com/support/home/product-support/product/avamar/drivers
  • Version19.10 SP1 will resolve the issues on proxy as well as AVE and ADS

Revisionsverlauf

Revision DateDescription
1.02024-06-26 Initial Release
2.02024-08-20Updated Advisory stating that version 19.10 SP1 will address issues related to the proxy, AVE, and ADS.
3.02024-08-28Updated Advisory as IDPA has announced the release of Version 2.7.7, which includes fixes for the disclosed vulnerability

Zugehörige Informationen

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Rechtlicher Hinweis

Betroffene Produkte

Avamar, PowerProtect Data Protection Appliance, Avamar, Avamar Data Store, Avamar Data Store Gen4T, Avamar Data Store Gen5A, Avamar Server, Avamar Virtual Edition, PowerProtect Data Protection Software, Integrated Data Protection Appliance Family , PowerProtect Data Protection Hardware, Integrated Data Protection Appliance Software, Product Security Information ...