Article Number: 000221720

DSA-2024-063 : Security Update for Dell Data Protection Search Multiple Security Vulnerabilities

Summary: Dell Data Protection Search remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

This article may have been automatically translated. If you have any feedback regarding its quality, please let us know using the form at the bottom of this page.

Article Content

Impact

Critical

Details

Third-party Component	CVEs	More Information
Oracle JRE	CVE-2023-22043, CVE-2023-22041, CVE-2023-22051, CVE-2023-25193, CVE-2023-22044, CVE-2023-22045, CVE-2023-22049, CVE-2023-22036, CVE-2023-22006	cpujul2023
Nginx	CVE-2022-41742, CVE-2022-41741	K28112382, K81926432
openssl	CVE-2023-0286, CVE-2023-0215, CVE-2022-4450, CVE-2022-4304	See NVD link below for individual scores for each CVE. http://nvd.nist.gov/
Linux kernel	CVE-2023-30772, CVE-2023-3483, CVE-2023-2162, CVE-2023-2124, CVE-2023-1998, CVE-2023-1990, CVE-2023-1989, CVE-2023-1855, CVE-2023-1670, CVE-2023-1611	See NVD link below for individual scores for each CVE. http://nvd.nist.gov/
Kernel-default	CVE-2022-20141, CVE-2022-29581, CVE-2021-4202, CVE-2021-39713, CVE-2022-0435, CVE-2021-4157	See NVD link below for individual scores for each CVE. http://nvd.nist.gov/
libtiff	CVE-2019-17546, CVE-2017-17095	See NVD link below for individual scores for each CVE. http://nvd.nist.gov/
Apache Log4j	CVE-2021-44832	https://nvd.nist.gov/vuln/detail/CVE-2021-44832

Proprietary Code CVEs	Description	CVSS Base Score	CVSS Vector String
CVE-2024-22433	Dell Data Protection Search 19.2.0 and above contain an exposed password opportunity in plain text when using LdapSettings.get_ldap_info in DP Search. A remote unauthorized unauthenticated attacker could potentially exploit this vulnerability leading to a loss of Confidentiality, Integrity, Protection, and remote takeover of the system. This is a high-severity vulnerability as it allows an attacker to take complete control of DP Search to affect downstream protected devices.	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L

Proprietary Code CVEs	Description	CVSS Base Score	CVSS Vector String
CVE-2024-22433	Dell Data Protection Search 19.2.0 and above contain an exposed password opportunity in plain text when using LdapSettings.get_ldap_info in DP Search. A remote unauthorized unauthenticated attacker could potentially exploit this vulnerability leading to a loss of Confidentiality, Integrity, Protection, and remote takeover of the system. This is a high-severity vulnerability as it allows an attacker to take complete control of DP Search to affect downstream protected devices.	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

CVEs Addressed	Product	Affected Versions	Remediated Versions	Link
CVE-2023-22043, CVE-2023-22041, CVE-2023-22051, CVE-2023-25193, CVE-2023-22044, CVE-2023-22045, CVE-2023-22049, CVE-2023-22036, CVE-2023-22006, CVE-2022-41742, CVE-2022-41741, CVE-2023-0286, CVE-2023-0215, CVE-2022-4450, CVE-2022-4304, CVE-2023-30772, CVE-2023-3483, CVE-2023-2162, CVE-2023-2124, CVE-2023-1998, CVE-2023-1990, CVE-2023-1989, CVE-2023-1855, CVE-2023-1670, CVE-2023-1611, CVE-2022-20141, CVE-2022-29581, CVE-2021-4202, CVE-2021-39713, CVE-2022-0435, CVE-2021-4157, CVE-2019-17546, CVE-2017-17095, CVE-2021-44832, CVE-2024-22433	Dell Data Protection Search	Versions 19.2.0, 19.3.0, 19.4.0, 19.5.0, 19.5.1, 19.6.0, 19.6.1, 19.6.2 and 19.6.3	Version 19.6.4 or later	https://dl.dell.com/downloads/VC8K2_Search-19.6.4-upgrade-package.z ip

CVEs Addressed	Product	Affected Versions	Remediated Versions	Link
CVE-2023-22043, CVE-2023-22041, CVE-2023-22051, CVE-2023-25193, CVE-2023-22044, CVE-2023-22045, CVE-2023-22049, CVE-2023-22036, CVE-2023-22006, CVE-2022-41742, CVE-2022-41741, CVE-2023-0286, CVE-2023-0215, CVE-2022-4450, CVE-2022-4304, CVE-2023-30772, CVE-2023-3483, CVE-2023-2162, CVE-2023-2124, CVE-2023-1998, CVE-2023-1990, CVE-2023-1989, CVE-2023-1855, CVE-2023-1670, CVE-2023-1611, CVE-2022-20141, CVE-2022-29581, CVE-2021-4202, CVE-2021-39713, CVE-2022-0435, CVE-2021-4157, CVE-2019-17546, CVE-2017-17095, CVE-2021-44832, CVE-2024-22433	Dell Data Protection Search	Versions 19.2.0, 19.3.0, 19.4.0, 19.5.0, 19.5.1, 19.6.0, 19.6.1, 19.6.2 and 19.6.3	Version 19.6.4 or later	https://dl.dell.com/downloads/VC8K2_Search-19.6.4-upgrade-package.z ip

The Affected Products and Remediation table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.

Dell recommends customers to upgrade at the earliest opportunity.

Revision History

Revision	Date	Description
1.0	2024-02-01	Initial Release
2.0	2024-05-22	Updated for enhanced presentation with no changes to conent.

DSA-2024-063 : Security Update for Dell Data Protection Search Multiple Security Vulnerabilities

Summary: Dell Data Protection Search remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Article Content

Impact

Details

Affected Products and Remediation

Revision History

Related Information

Legal Information

Article Properties

Affected Product

Last Published Date

Article Type

Welcome

Welcome to Dell

DSA-2024-063 : Security Update for Dell Data Protection Search Multiple Security Vulnerabilities

Summary: Dell Data Protection Search remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Article Content

Impact

Details

Affected Products and Remediation

Revision History

Related Information

Legal Information

Article Properties

Affected Product

Last Published Date

Article Type