Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.
Sign In Create an Account Dell Financial Services Premier Sign In Partner Program Sign In
Contact Us

Your Dell.com Carts

Article Number: 000187283

DSA-2021-105: Dell Power Protect Data Manager Update for Multiple Third-Party Components Vulnerabilities

Summary: Dell Power Protect Data Manager remediation is available for multiple third-party components vulnerabilities that may be exploited by malicious users to compromise the affected system.

Article Content

Impact

High

Details

Third-party Component  CVE(s) More information
json-sanitizer CVE-2021-23899
CVE-2021-23900
 		 OWASP json-sanitizer before 1.2.2 may emit closing SCRIPT tags and CDATA section delimiters for crafted input. This allows an attacker to inject arbitrary HTML or XML into embedding documents.

OWASP json-sanitizer before 1.2.2 can output invalid JSON or throw an undeclared exception for crafted input. This may lead to denial of service if the application is not prepared to handle these situations
OpenSSL CVE-2020-1971  
SuSE CVE-2020-28374
CVE-2020-36158
CVE-2020-27825
CVE-2020-0466
CVE-2020-27068
CVE-2020-0465
CVE-2020-0444
CVE-2020-29660
CVE-2020-29661
CVE-2020-27777
CVE-2019-20934
CVE-2020-27786
CVE-2020-4788
CVE-2018-20669		  
Open JDK JRE CVE-2020-14803 (JDK-8247619)
 		 https://mail.openjdk.java.net/pipermail/jdk8u-dev/2021-January/013337.html
 
Third-party Component  CVE(s) More information
json-sanitizer CVE-2021-23899
CVE-2021-23900
 		 OWASP json-sanitizer before 1.2.2 may emit closing SCRIPT tags and CDATA section delimiters for crafted input. This allows an attacker to inject arbitrary HTML or XML into embedding documents.

OWASP json-sanitizer before 1.2.2 can output invalid JSON or throw an undeclared exception for crafted input. This may lead to denial of service if the application is not prepared to handle these situations
OpenSSL CVE-2020-1971  
SuSE CVE-2020-28374
CVE-2020-36158
CVE-2020-27825
CVE-2020-0466
CVE-2020-27068
CVE-2020-0465
CVE-2020-0444
CVE-2020-29660
CVE-2020-29661
CVE-2020-27777
CVE-2019-20934
CVE-2020-27786
CVE-2020-4788
CVE-2018-20669		  
Open JDK JRE CVE-2020-14803 (JDK-8247619)
 		 https://mail.openjdk.java.net/pipermail/jdk8u-dev/2021-January/013337.html
 
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

Product Affected Version(s) Updated Version(s) Link to Update  
Dell Power Protect Data Manager 19.7 and earlier  19.8    
 
 
Product Affected Version(s) Updated Version(s) Link to Update  
Dell Power Protect Data Manager 19.7 and earlier  19.8    
 
 

Workarounds and Mitigations

None

Revision History

RevisionDateDescription
1.02021-05-24Initial Release

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Information

Article Properties

Affected Product

PowerProtect Data Manager, Product Security Information

Last Published Date

24 May 2021

Article Type

Dell Security Advisory

Back to Top