DSA-2022-107: Dell Data Protection Advisor Security Update for Stored Cross Site Scripting Vulnerability
Summary: Dell Data Protection Advisor (DPA) remediation is available for the Stored Cross Site Scripting Vulnerability that may be exploited by malicious users to compromise affected systems.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Impact
Medium
Details
| Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-33935 | Dell Data Protection Advisor versions 19.6 and earlier contains a Stored Cross Site Scripting vulnerability. An attacker may potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the web browser runs the malicious code in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
| Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-33935 | Dell Data Protection Advisor versions 19.6 and earlier contains a Stored Cross Site Scripting vulnerability. An attacker may potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the web browser runs the malicious code in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Affected Products & Remediation
| Product | Affected Versions | Updated Version | Link to Update |
| Data Protection Advisor |
19.6 and earlier |
19.7 Build B4 | https://www.dell.com/support/home/product-support/product/data-protection-advisor/drivers |
| PowerProtect DP Series Appliance (IDPA) | IDPA 2.7.3 and earlier | IDPA 2.7.2 or IDPA 2.7.3 with DP Advisor 19.8 Build B33 patch | Steps to upgrade: PowerProtect DP Series Appliance and IDPA: Steps to upgrade DPA or Data Protection Advisor component out of band within the appliance |
| Product | Affected Versions | Updated Version | Link to Update |
| Data Protection Advisor |
19.6 and earlier |
19.7 Build B4 | https://www.dell.com/support/home/product-support/product/data-protection-advisor/drivers |
| PowerProtect DP Series Appliance (IDPA) | IDPA 2.7.3 and earlier | IDPA 2.7.2 or IDPA 2.7.3 with DP Advisor 19.8 Build B33 patch | Steps to upgrade: PowerProtect DP Series Appliance and IDPA: Steps to upgrade DPA or Data Protection Advisor component out of band within the appliance |
Revision History
| Revision | Date | Description |
| 1.0 | 2022-07-25 | Initial Release |
| 2.0 | 2023-03-06 | Added PowerProtect DP Series Appliance (IDPA) to Affected Products and Remediation section. |
| 3.0 | 2023-03-13 | Made some minor changes to links under "Link to Updates column" and Updated the "Affected Products" section under "Article Properties" |
| 4.0 | 2023-03-14 | Made changes to IDPA product-> "Link to Update" column |
| 5.0 | 2023-04-03 | Made changes to "Updated Version" & "Link to update" columns under "Affected Products and Remediation" section |
Related Information
Legal Disclaimer
Affected Products
PowerProtect Data Protection Appliance, Data Protection Advisor, PowerProtect Data Protection Software, Integrated Data Protection Appliance Family, Integrated Data Protection Appliance Software, Product Security InformationArticle Properties
Article Number: 000201824
Article Type: Dell Security Advisory
Last Modified: 03 Apr 2023
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.