Impact
High
Details
| Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
| CVE-2021-43588 |
Dell EMC Data Protection Central version 19.5 contains an Improper Input Validation Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to denial of service. |
4.3 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
| CVE-2021-36349 |
Dell EMC Data Protection Central versions 19.5 and earlier contain a Server Side Request Forgery vulnerability in the DPC DNS client processing. A remote malicious user may potentially exploit this vulnerability, allowing port scanning of external hosts. |
4.3 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
| Third-party Component |
CVEs |
More information |
| ntp |
CVE-2016-9310 |
See NVD (http://nvd.nist.gov/) for individual scores for each CVE |
| Apache CXF |
CVE-2021-30468 |
| CVE-2021-22696 |
| CVE-2020-13954 |
| OpenSSL |
CVE-2021-3712 |
| Apache HttpClient |
CVE-2014-3577 |
| CVE-2012-5783 |
| CVE-2020-13956 |
| CVE-2015-5262 |
| CVE-2012-6153 |
| Spring Framework |
CVE-2021-22118 |
| Cron-utils |
CVE-2020-26238 |
| Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
| CVE-2021-43588 |
Dell EMC Data Protection Central version 19.5 contains an Improper Input Validation Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to denial of service. |
4.3 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
| CVE-2021-36349 |
Dell EMC Data Protection Central versions 19.5 and earlier contain a Server Side Request Forgery vulnerability in the DPC DNS client processing. A remote malicious user may potentially exploit this vulnerability, allowing port scanning of external hosts. |
4.3 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
| Third-party Component |
CVEs |
More information |
| ntp |
CVE-2016-9310 |
See NVD (http://nvd.nist.gov/) for individual scores for each CVE |
| Apache CXF |
CVE-2021-30468 |
| CVE-2021-22696 |
| CVE-2020-13954 |
| OpenSSL |
CVE-2021-3712 |
| Apache HttpClient |
CVE-2014-3577 |
| CVE-2012-5783 |
| CVE-2020-13956 |
| CVE-2015-5262 |
| CVE-2012-6153 |
| Spring Framework |
CVE-2021-22118 |
| Cron-utils |
CVE-2020-26238 |
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.
Affected Products and Remediation
| Product |
Affected Versions |
Updated Versions |
Link to Update |
| Dell EMC Data Protection Central |
Versions before 19.6 |
19.6 |
Link |
|
Dell EMC Integrated Data Protection Appliance (PowerProtect DP Series)
|
Versions before 2.7.2 |
2.7.2 |
|
| Product |
Affected Versions |
Updated Versions |
Link to Update |
| Dell EMC Data Protection Central |
Versions before 19.6 |
19.6 |
Link |
|
Dell EMC Integrated Data Protection Appliance (PowerProtect DP Series)
|
Versions before 2.7.2 |
2.7.2 |
|
Revision History
| Revision | Date | Description |
| 1.0 | 2021/01/10 | Initial Release |
| 1.1 | 2021/01/21 | Corrected CVE Identifier |
| 1.2 | 2022-03-02 | Added Dell EMC Integrated Data Protection Appliance (PowerProtect DP Series) as affected product |
Related Information
Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide