Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
Sign In Create an Account Dell Financial Services Premier Sign In Partner Program Sign In
Contact Us

Your Dell.com Carts

DSA-2024-063 : Security Update for Dell Data Protection Search Multiple Security Vulnerabilities

Summary: Dell Data Protection Search remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

This article applies to   This article does not apply to 
Check out resources for

Impact

Critical

Details

Third-party Component CVEs More Information
Oracle JRE CVE-2023-22043, CVE-2023-22041, CVE-2023-22051, CVE-2023-25193, CVE-2023-22044, CVE-2023-22045, CVE-2023-22049, CVE-2023-22036, CVE-2023-22006 cpujul2023This hyperlink is taking you to a website outside of Dell Technologies.
Nginx CVE-2022-41742, CVE-2022-41741 K28112382This hyperlink is taking you to a website outside of Dell Technologies., K81926432This hyperlink is taking you to a website outside of Dell Technologies.
openssl CVE-2023-0286, CVE-2023-0215, CVE-2022-4450, CVE-2022-4304 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Linux kernel CVE-2023-30772, CVE-2023-3483, CVE-2023-2162, CVE-2023-2124, CVE-2023-1998, CVE-2023-1990, CVE-2023-1989, CVE-2023-1855, CVE-2023-1670, CVE-2023-1611 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Kernel-default CVE-2022-20141, CVE-2022-29581, CVE-2021-4202, CVE-2021-39713, CVE-2022-0435, CVE-2021-4157 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
libtiff CVE-2019-17546, CVE-2017-17095 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Apache Log4j CVE-2021-44832 https://nvd.nist.gov/vuln/detail/CVE-2021-44832This hyperlink is taking you to a website outside of Dell Technologies.

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2024-22433 Dell Data Protection Search 19.2.0 and above contain an exposed password opportunity in plain text when using LdapSettings.get_ldap_info in DP Search. A remote unauthorized unauthenticated attacker could potentially exploit this vulnerability leading to a loss of Confidentiality, Integrity, Protection, and remote takeover of the system. This is a high-severity vulnerability as it allows an attacker to take complete control of DP Search to affect downstream protected devices. 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:LThis hyperlink is taking you to a website outside of Dell Technologies.
Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2024-22433 Dell Data Protection Search 19.2.0 and above contain an exposed password opportunity in plain text when using LdapSettings.get_ldap_info in DP Search. A remote unauthorized unauthenticated attacker could potentially exploit this vulnerability leading to a loss of Confidentiality, Integrity, Protection, and remote takeover of the system. This is a high-severity vulnerability as it allows an attacker to take complete control of DP Search to affect downstream protected devices. 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:LThis hyperlink is taking you to a website outside of Dell Technologies.
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

CVEs Addressed Product Affected Versions Remediated Versions Link
CVE-2023-22043, CVE-2023-22041, CVE-2023-22051, CVE-2023-25193, CVE-2023-22044, CVE-2023-22045, CVE-2023-22049, CVE-2023-22036, CVE-2023-22006, CVE-2022-41742, CVE-2022-41741, CVE-2023-0286, CVE-2023-0215, CVE-2022-4450, CVE-2022-4304, CVE-2023-30772, CVE-2023-3483, CVE-2023-2162, CVE-2023-2124, CVE-2023-1998, CVE-2023-1990, CVE-2023-1989, CVE-2023-1855, CVE-2023-1670,  CVE-2023-1611, CVE-2022-20141, CVE-2022-29581, CVE-2021-4202, CVE-2021-39713, CVE-2022-0435, CVE-2021-4157, CVE-2019-17546, CVE-2017-17095, CVE-2021-44832, CVE-2024-22433 Dell Data Protection Search Versions
19.2.0,  19.3.0, 19.4.0, 19.5.0, 19.5.1, 19.6.0, 19.6.1, 19.6.2 and 19.6.3
 		 Version 19.6.4 or later https://dl.dell.com/downloads/VC8K2_Search-19.6.4-upgrade-package.zip
CVEs Addressed Product Affected Versions Remediated Versions Link
CVE-2023-22043, CVE-2023-22041, CVE-2023-22051, CVE-2023-25193, CVE-2023-22044, CVE-2023-22045, CVE-2023-22049, CVE-2023-22036, CVE-2023-22006, CVE-2022-41742, CVE-2022-41741, CVE-2023-0286, CVE-2023-0215, CVE-2022-4450, CVE-2022-4304, CVE-2023-30772, CVE-2023-3483, CVE-2023-2162, CVE-2023-2124, CVE-2023-1998, CVE-2023-1990, CVE-2023-1989, CVE-2023-1855, CVE-2023-1670,  CVE-2023-1611, CVE-2022-20141, CVE-2022-29581, CVE-2021-4202, CVE-2021-39713, CVE-2022-0435, CVE-2021-4157, CVE-2019-17546, CVE-2017-17095, CVE-2021-44832, CVE-2024-22433 Dell Data Protection Search Versions
19.2.0,  19.3.0, 19.4.0, 19.5.0, 19.5.1, 19.6.0, 19.6.1, 19.6.2 and 19.6.3
 		 Version 19.6.4 or later https://dl.dell.com/downloads/VC8K2_Search-19.6.4-upgrade-package.zip
The Affected Products and Remediation table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.

Dell recommends customers to upgrade at the earliest opportunity.

Revision History

Revision DateDescription
1.02024-02-01Initial Release
2.02024-05-22Updated for enhanced presentation with no changes to conent.

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Disclaimer

Affected Products

Data Protection Search, Data Protection Search