Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products

DSA-2023-416: Security Update for Dell PowerProtect DP Series Appliance (IDPA) Infrastructure for Multiple Vulnerabilities.

Summary: Dell PowerProtect DP Series Appliance (IDPA) remediation is available for multiple security vulnerabilities in Infrastructure that could be exploited by malicious users to compromise the affected system. ...

This article applies to   This article does not apply to 

Impact

Critical

Details

Third-party Component

CVEs

More Information

VMWare (Hypervisor and Hypervisor Manager) 

CVE-2023-38408, CVE-2021-36368, CVE-2023-20892, CVE-2023-20893, CVE-2023-2089 , CVE-2023-20895, CVE-2023-20896, CVE-2022-22982, CVE-2022-31696, CVE-2022-31699, CVE-2021-21972, CVE-2022-21123, CVE-2022-21125, CVE-2022-21166, CVE-2022-29901, CVE-2022-28693, CVE-2022-23816, CVE-2022-23825, CVE-2022-26373, CVE-2022-31681, CVE-2021-22040, CVE-2021-22041, CVE-2021-22042, CVE-2021-22043, CVE-2021-22050, CVE-2022-22948, CVE-2023-34048, CVE-2023-34056, CVE-2023-20894 

See NVD link below for individual scores for each CVE.
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.

 

Dell iDRAC 

CVE-2022-34435 

DSA-2022-265

OpenSSL

CVE-2023-0215, CVE-2022-2068, CVE-2022-1292 

See NVD link below for individual scores for each CVE.  
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.

Oracle Java 

CVE-2023-21835, CVE-2023-21830, CVE-2023-21843, CVE-2022-39399, CVE-2022-34169, CVE-2022-21628, CVE-2022-21626, CVE-2022-21618, CVE-2022-21624, CVE-2022-21619, CVE-2022-21541, CVE-2022-21540, CVE-2022-21549, CVE‑2022‑39399, CVE‑2022‑34169, CVE‑2022‑21628, CVE-2022-21626, CVE-2022-21618, CVE-2022-21624, CVE-2022-21619, CVE-2022-21541, CVE-2022-21540, CVE-2022-21549

See NVD link below for individual scores for each CVE.  
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.

 

OpenLDAP

CVE-1999-0385 

https://nvd.nist.gov/vuln/detail/CVE-1999-0385 This hyperlink is taking you to a website outside of Dell Technologies.

OpenSSH

CVE-2008-5161 

https://www.suse.com/security/cve/CVE-2008-5161.htmlThis hyperlink is taking you to a website outside of Dell Technologies.

Apache Tomcat 

CVE-2022-45143, CVE-2022-42252, CVE-2022-34305, CVE-2022-29885, CVE-2021-43980, CVE-2021-30640 

See NVD link below for individual scores for each CVE.  
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.

 

Grub2 

CVE-2022-2601, CVE-2022-3775, CVE-2021-3695, CVE-2021- 3696, CVE-2021-3697, CVE-2021-3981 

See NVD link below for individual scores for each CVE.  
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.

Apache Log4j 

CVE-2021-44228, CVE-2021-45046 

Apache Log4j Remote Code ExecutionThis hyperlink is taking you to a website outside of Dell Technologies.

Erlang 

CVE-2022-37026 

https://nvd.nist.gov/vuln/detail/CVE-2022-37026This hyperlink is taking you to a website outside of Dell Technologies.

SUSE 

CVE-2022-0413, CVE-2022-0318, CVE-2021-4019, CVE-2022-2284, CVE-2022-0361, CVE-2022-1679, CVE-2020-0452, CVE-2022-1652, CVE-2022-1619, CVE-2022-0492, CVE-2022-0359, CVE-2017-17095, CVE-2022-24903, CVE-2022-2207, CVE-2022-1927, CVE-2022-2304, CVE-2021-4197, CVE-2022-27239, CVE-2022-1304, CVE-2022-2129, CVE-2022-2264, CVE-2022-29155, CVE-2022-2124, CVE-2022-0261, CVE-2022-1851, CVE-2022-2126, CVE-2022-2183, CVE-2022-1720, CVE-2021-4157, CVE-2022-2344, CVE-2020-35523, CVE-2021-3927, CVE-2022-2175, CVE-2021-4069, CVE-2021-4192, CVE-2022-23219, CVE-2021-4136, CVE-2021-4202, CVE-2022-0407, CVE-2022-1381, CVE-2022-0213, CVE-2021-30560, CVE-2021-3778, CVE-2022-2210, CVE-2022-0435, CVE-2022-2257, CVE-2022-1898, CVE-2022-2206, CVE-2021-43527, CVE-2022-25235, CVE-2022-23218, CVE-2021-20292, CVE-2022-20141, CVE-2022-0128, CVE-2022-0847, CVE-2021-3973, CVE-2021-3796, CVE-2022-2286, CVE-2022-1796, CVE-2022-1968, CVE-2022-1735, CVE-2021-3984, CVE-2021-3968, CVE-2022-1048, CVE-2021-39713, CVE-2021-4083, CVE-2020-35524, CVE-2022-2182, CVE-2021-45078, CVE-2022-2343, CVE-2022-2345, CVE-2022-1897, CVE-2021-0920, CVE-2022-2125, CVE-2022-0392, CVE-2022-25315, CVE-2022-25236, CVE-2022-23852, CVE-2022-24407, CVE-2022-2285, CVE-2019-17546, CVE-2021-3872, CVE-2021-0935, CVE-2021-3974, CVE-2022-1616, CVE-2022-2795, CVE-2022-38177, CVE-2023-38545, CVE-2023-38546

See SUSE link below for individual scores for each CVE. 
https://www.suse.com/security/cve/This hyperlink is taking you to a website outside of Dell Technologies.

Intel Ethernet 500 Series Controllers Firmware CVE-2022-36416, CVE-2022-36797 DSA-2023-016

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

Product

Affected Versions

Remediated Versions 

Link 

Integrated Data Protection Appliance (PowerProtect DP Series)

2.7.4 and prior 

2.7.6 

https://www.dell.com/support/home/product-support/product/integrated-data-protection-appliance/drivers

Product

Affected Versions

Remediated Versions 

Link 

Integrated Data Protection Appliance (PowerProtect DP Series)

2.7.4 and prior 

2.7.6 

https://www.dell.com/support/home/product-support/product/integrated-data-protection-appliance/drivers

Link to PowerProtect DP Series Installation and Upgrade guide 
Dell EMC PowerProtect DP Series Appliance 2.7.6 Installation and Upgrade Guide 
 
NOTE: IDPA versions prior to 2.7.6 use an obsolete Operating System for ACM and DPA components. IDPA 2.7.6 has updated the Operating Systems of ACM and DPA components to a supported version.

Revision History

RevisionDateDescription
1.02023-23-21Initial release
2.02024-01-09Moved Installation & Upgrade guide to Additional Information section.
3.02024-01-09Updated 'More Information' column for Dell iDRAC & Apache Log4j
4.0-5.02024-01-09Added CVE-2023-38545, CVE-2023-38546 to SUSE Component
6.02024-01-22Updated for enhanced presentation with no changes to content.
7.02024-03-08Added CVE-2023-20894 to VMWare (Hypervisor and Hypervisor Manager) Component
8.02024-07-12Added Intel Ethernet 500 Series Controllers Firmware CVEs.

Related Information

Affected Products

PowerProtect Data Protection Appliance, PowerProtect Data Protection Software, Integrated Data Protection Appliance Family, PowerProtect Data Protection Hardware, Integrated Data Protection Appliance Software
Article Properties
Article Number: 000220651
Article Type: Dell Security Advisory
Last Modified: 12 Jul 2024
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.