Critical
Third-Party Component | CVE(s) | More information |
---|---|---|
Zlib | CVE-2022-37434, CVE-2018-25032 | https://nvd.nist.gov/vuln/detail/CVE-2022-37434, https://nvd.nist.gov/vuln/detail/cve-2018-25032 |
Apache Tomcat | CVE-2022-29885, CVE-2022-34305 | https://nvd.nist.gov/vuln/detail/CVE-2022-29885, https://nvd.nist.gov/vuln/detail/CVE-2022-34305 |
Expat | CVE-2022-40674, CVE-2022-25235, CVE-2022-25236, CVE-2022-25315, CVE-2021-45960, CVE-2021-46143, CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825, CVE-2022-22826, CVE-2022-22827, CVE-2022-23852 |
https://access.redhat.com/errata/RHSA-2022:6834, https://access.redhat.com/errata/RHSA-2022:1069 |
mozilla-nspr | CVE-2021-43527 | https://nvd.nist.gov/vuln/detail/CVE-2021-43527 |
Grub2 | CVE-2021-3695, CVE-2021-3696, CVE-2021-3697, CVE-2022-28733, CVE-2022-28734, CVE-2022-28736 | https://www.suse.com/support/update/announcement/2022/suse-su-20222038-1/ |
Dell IDRAC9 | CVE-2022-44640 | DSA-2023-162 |
CVEs Addressed | Product | Affected Versions | Remediated Versions | Link |
---|---|---|---|---|
CVE-2022-29885, CVE-2022-34305, CVE-2022-40674, CVE-2022-25235, CVE-2022-25236, CVE-2022-25315, CVE-2021-45960, CVE-2021-46143, CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825, CVE-2022-22826, CVE-2022-22827, CVE-2022-23852 |
PowerProtect DD DDOS and DDMC |
Versions 7.0 through 7.10 | Versions 7.11.0.0 or later, or 7.7.5.11 or later to stay on LTS2022 7.7, or 7.10.1.1 or later to stay on LTS2023 7.10 |
For more details about DDOS versions available for download, see the links below (requires log in to Dell Support to view articles): https://www.dell.com/support/kbdoc/334649 https://www.dell.com/support/kbdoc/525902 |
Versions prior to 6.2.1.90 | Versions 6.2.1.100 and later | |||
PowerProtect Data Manager Appliance model: DM5500 | Versions prior to 5.12 | Versions 5.13 or later | ||
CVE-2022-37434, CVE-2018-25032, CVE-2021-43527, CVE-2021-3695, CVE-2021-3696, CVE-2021-3697, CVE-2022-28733, CVE-2022-28734, CVE-2022-28736 |
PowerProtect DD SmartScale |
Versions 7.8 through 7.10 | Versions 7.11.0.0 or later, or 7.10.1.1 or later to stay on LTS2023 7.10 |
|
CVE-2021-43527 | PowerProtect DD DDOS and DDMC |
Versions 7.0 through 7.11 | Versions 7.11.0.0 or later, or 7.7.5.11 or later to stay on LTS2022 7.7, or 7.10.1.1 or later to stay on LTS2023 7.10 |
|
Versions prior to 6.2.1.90 | 6.2.1.100 and later | |||
PowerProtect DP Series Appliance (IDPA) | Versions prior to 2.7.3 | Versions 2.7.6 or later | ||
PowerProtect Data Manager Appliance model: DM5500 | Versions prior to 5.13 | Versions 5.13 or later | ||
CVE-2022-44640 | PowerProtect DD Appliance model: DD3300, DD6400, DD6900, DD9400, and DD9900 | Versions 7.0 through 7.10 | Versions 7.11.0.0 or later or 7.7.5.1 or later to stay on LTS2022 7.7 or 7.10.1.0 or later to stay on LTS2023 7.10 |
|
CVE-2022-29885, CVE-2022-34305, CVE-2022-40674, CVE-2022-25235, CVE-2022-25236, CVE-2022-25315, CVE-2021-45960, CVE-2021-46143, CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825, CVE-2022-22826, CVE-2022-22827, CVE-2022-23852 |
PowerProtect DP Series Appliance (IDPA) | Versions prior to 2.7.4 | PowerProtect DP Series Appliance (IDPA) Versions 2.7.2, 2.7.3, and 2.7.4 with DDOS 7.7.5.20 patch | IDPA : Allowed Point Product Upgrades Procedure to upgrade DataDomainOS |
CVEs Addressed | Product | Affected Versions | Remediated Versions | Link |
---|---|---|---|---|
CVE-2022-29885, CVE-2022-34305, CVE-2022-40674, CVE-2022-25235, CVE-2022-25236, CVE-2022-25315, CVE-2021-45960, CVE-2021-46143, CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825, CVE-2022-22826, CVE-2022-22827, CVE-2022-23852 |
PowerProtect DD DDOS and DDMC |
Versions 7.0 through 7.10 | Versions 7.11.0.0 or later, or 7.7.5.11 or later to stay on LTS2022 7.7, or 7.10.1.1 or later to stay on LTS2023 7.10 |
For more details about DDOS versions available for download, see the links below (requires log in to Dell Support to view articles): https://www.dell.com/support/kbdoc/334649 https://www.dell.com/support/kbdoc/525902 |
Versions prior to 6.2.1.90 | Versions 6.2.1.100 and later | |||
PowerProtect Data Manager Appliance model: DM5500 | Versions prior to 5.12 | Versions 5.13 or later | ||
CVE-2022-37434, CVE-2018-25032, CVE-2021-43527, CVE-2021-3695, CVE-2021-3696, CVE-2021-3697, CVE-2022-28733, CVE-2022-28734, CVE-2022-28736 |
PowerProtect DD SmartScale |
Versions 7.8 through 7.10 | Versions 7.11.0.0 or later, or 7.10.1.1 or later to stay on LTS2023 7.10 |
|
CVE-2021-43527 | PowerProtect DD DDOS and DDMC |
Versions 7.0 through 7.11 | Versions 7.11.0.0 or later, or 7.7.5.11 or later to stay on LTS2022 7.7, or 7.10.1.1 or later to stay on LTS2023 7.10 |
|
Versions prior to 6.2.1.90 | 6.2.1.100 and later | |||
PowerProtect DP Series Appliance (IDPA) | Versions prior to 2.7.3 | Versions 2.7.6 or later | ||
PowerProtect Data Manager Appliance model: DM5500 | Versions prior to 5.13 | Versions 5.13 or later | ||
CVE-2022-44640 | PowerProtect DD Appliance model: DD3300, DD6400, DD6900, DD9400, and DD9900 | Versions 7.0 through 7.10 | Versions 7.11.0.0 or later or 7.7.5.1 or later to stay on LTS2022 7.7 or 7.10.1.0 or later to stay on LTS2023 7.10 |
|
CVE-2022-29885, CVE-2022-34305, CVE-2022-40674, CVE-2022-25235, CVE-2022-25236, CVE-2022-25315, CVE-2021-45960, CVE-2021-46143, CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825, CVE-2022-22826, CVE-2022-22827, CVE-2022-23852 |
PowerProtect DP Series Appliance (IDPA) | Versions prior to 2.7.4 | PowerProtect DP Series Appliance (IDPA) Versions 2.7.2, 2.7.3, and 2.7.4 with DDOS 7.7.5.20 patch | IDPA : Allowed Point Product Upgrades Procedure to upgrade DataDomainOS |
To minimize exposure of these vulnerabilities in PowerProtect DD and PowerProtect DP Series Appliance (IDPA), limit HTTPS and SSH access to Data Domain system in Administration section of GUI. Additionally, host access can be configured using the net filter CLI. Please refer to the DD OS Administration Guide and Command Reference Guide for details. PowerProtect and Data Domain core documents can be found here.
Revision | Date | Description |
---|---|---|
1.0 | 2023-03-21 | Initial Release |
2.0 | 2023-03-23 | Updated "Affected Product" under "Article Properties" |
3.0 | 2023-03-27 | Updated the "Updated Versions" |
4.0 | 2023-03-28 | Updated Product Table - Added Integrated DataProtect Appliance model: DP4400 |
5.0 | 2023-03-29 | Updated CVE-2022-22852 to Correct CVE CVE-2022-23852 |
6.0 | 2023-04-28 | Updated Affected Products and Remediation Table - Updated versions for PowerProtect DD DDOS and DDMC, Updated Versions for PowerProtect DD SmartScale, Changed Integrated DataProtect Appliance Model: DP4400 to PowerProtect DP Series Appliance (IDPA), Added PowerProtect Data Manager Appliance model: DM5500, Added CVE-2021-43527 and Products Added Work Around and Mitigation |
7.0 | 2023-05-08 | Updated Affected Products and Remediation table the Updated versions for LTS 7.7 and 7.10 |
8.0 | 2023-0614 | Updated Affected Products and Remediation table replaced Next 7.7 after 7.7.5.1 to stay on LTS2022 7.7 with 7.7.5.11 and above to stay on LTS2022 7.7 for PowerProtect DD DDOS and DDMC |
9.0 | 2023-07-05 | Updated Affected Products and Remediation Table replaced Next 7.10 after 7.10.1.0 to stay on LTS2023 7.10 with 7.10.1.1 and above to stay on LTS2023 7.10 |
10.0 | 2023-07-11 | Added Affected Products and Remediation for CVE-2022-44640. |
11.0 | 2023-08-02 | Updated Affected Products under Article Properties |
12.0 | 2023-11-20 | Updated the Affected Products and Remediation Table - Affected Versions, Remediated Versions, and Link for PowerProtect DP Series Appliance (IDPA) for following CVE's: CVE-2022-29885, CVE-2022-34305, CVE-2022-40674, CVE-2022-25235, CVE-2022-25236, CVE-2022-25315, CVE-2021-45960, CVE-2021-46143, CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825, CVE-2022-22826, CVE-2022-22827, CVE-2022-23852 |
13.0 | 2024-04-25 | Updated for enhanced presentation with no changes to content |
14.0 | 2024-04-25 | Updated for enhanced presentation with no changes to content |
15.0 | 2024-04-25 | Updated for enhanced presentation with no changes to content |
16.0 | 2024-04-25 | Updated for enhanced presentation with no changes to content |
17.0 | 2024-04-25 | Updated Affected Products and Remediation section: Updated Remediated versions for Versions prior to 6.2.1.90, 2.7.3, and 5.13 |