Impact
High
Details
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
CVE-2021-43588 |
Dell EMC Data Protection Central version 19.5 contains an Improper Input Validation Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to denial of service. |
4.3 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
CVE-2021-36349 |
Dell EMC Data Protection Central versions 19.5 and earlier contain a Server Side Request Forgery vulnerability in the DPC DNS client processing. A remote malicious user may potentially exploit this vulnerability, allowing port scanning of external hosts. |
4.3 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Third-party Component |
CVEs |
More information |
ntp |
CVE-2016-9310 |
See NVD (http://nvd.nist.gov/) for individual scores for each CVE |
Apache CXF |
CVE-2021-30468 |
CVE-2021-22696 |
CVE-2020-13954 |
OpenSSL |
CVE-2021-3712 |
Apache HttpClient |
CVE-2014-3577 |
CVE-2012-5783 |
CVE-2020-13956 |
CVE-2015-5262 |
CVE-2012-6153 |
Spring Framework |
CVE-2021-22118 |
Cron-utils |
CVE-2020-26238 |
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
CVE-2021-43588 |
Dell EMC Data Protection Central version 19.5 contains an Improper Input Validation Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to denial of service. |
4.3 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
CVE-2021-36349 |
Dell EMC Data Protection Central versions 19.5 and earlier contain a Server Side Request Forgery vulnerability in the DPC DNS client processing. A remote malicious user may potentially exploit this vulnerability, allowing port scanning of external hosts. |
4.3 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Third-party Component |
CVEs |
More information |
ntp |
CVE-2016-9310 |
See NVD (http://nvd.nist.gov/) for individual scores for each CVE |
Apache CXF |
CVE-2021-30468 |
CVE-2021-22696 |
CVE-2020-13954 |
OpenSSL |
CVE-2021-3712 |
Apache HttpClient |
CVE-2014-3577 |
CVE-2012-5783 |
CVE-2020-13956 |
CVE-2015-5262 |
CVE-2012-6153 |
Spring Framework |
CVE-2021-22118 |
Cron-utils |
CVE-2020-26238 |
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.
Affected Products and Remediation
Product |
Affected Versions |
Updated Versions |
Link to Update |
Dell EMC Data Protection Central |
Versions before 19.6 |
19.6 |
Link |
Dell EMC Integrated Data Protection Appliance (PowerProtect DP Series) |
Versions before 2.7.2 |
2.7.2 |
|
Product |
Affected Versions |
Updated Versions |
Link to Update |
Dell EMC Data Protection Central |
Versions before 19.6 |
19.6 |
Link |
Dell EMC Integrated Data Protection Appliance (PowerProtect DP Series) |
Versions before 2.7.2 |
2.7.2 |
|
Revision History
Revision | Date | Description |
1.0 | 2021/01/10 | Initial Release |
1.1 | 2021/01/21 | Corrected CVE Identifier |
1.2 | 2022-03-02 | Added Dell EMC Integrated Data Protection Appliance (PowerProtect DP Series) as affected product |
Related Information
Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide