Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.
Sign In Create an Account Dell Financial Services Premier Sign In Partner Program Sign In
Contact Us

Your Dell.com Carts

Article Number: 000221770

DSA-2024-070: Security Update for Dell Avamar, Dell Avamar Virtual Edition Multiple Security Vulnerabilities

Summary: Dell Avamar, Dell Avamar Virtual Edition remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Article Content

Impact

Critical

Details

Third-party Component CVEs More Information
Apache Commons BeanUtils CVE-2019-10086 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Apache CXF CVE-2019-12419 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Batik XML utility library CVE-2018-8013 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
c3p0:JDBC DataSources/Resource Pools CVE-2018-20433 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Data Mapper for Jackson CVE-2019-10202 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
dom4j: flexible XML framework for Java CVE-2020-10683 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
jackson-databind CVE-2019-14893 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
PostgreSQL JDBC Driver (pgjdbc) CVE-2022-26520 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
spring-security-oauth CVE-2018-1260 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
SQLite CVE-2020-11656 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
thymeleaf-spring5 CVE-2021-43466 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
XMLBeans CVE-2021-23926 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
iText, a JAVA-PDF library CVE-2017-9096 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
dom4j: flexible XML framework for Java CVE-2019-9928 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
jackson-databind CVE-2021-46877 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Dell BSAFE Crypto-C Micro Edition CVE-2020-35169, CVE-2013-6078, CVE-2020-29505, CVE-2020-29504, CVE-2019-3728, CVE-2018-11058, CVE-2018-11054, CVE-2015-0536, CVE-2015-0535, CVE-2015-0534, CVE-2015-0533 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.DSA-2020-286, DSA-2019-079
RabbitMQ CVE-2019-11281, CVE-2019-11287, CVE-2019-11291 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

CVEs Addressed Product Software/Firmware Affected Versions Remediated Versions Link
CVE-2019-10086, CVE-2019-12419, CVE-2018-8013, CVE-2018-20433, CVE-2019-10202, CVE-2020-10683, CVE-2019-14893, CVE-2022-26520, CVE-2018-1260, CVE-2020-11656, CVE-2021-43466, CVE-2021-23926, CVE-2017-9096, CVE-2019-9928, CVE-2021-46877, CVE-2020-35169, CVE-2013-6078, CVE-2020-29505, CVE-2020-29504, CVE-2019-3728, CVE-2018-11058, CVE-2018-11054, CVE-2015-0536, CVE-2015-0535, CVE-2015-0534, CVE-2015-0533, CVE-2019-11287, CVE-2019-11281, CVE-2019-11291 Dell Avamar Data Store Gen4T, Gen5A Dell Avamar Operating System Version 19.4, 19.7, 19.8 and 19.9  Version 19.10 or later AvamarInstallSles-19.10.0-135.avp
CVE-2019-10086, CVE-2019-12419, CVE-2018-8013, CVE-2018-20433, CVE-2019-10202, CVE-2020-10683, CVE-2019-14893, CVE-2022-26520, CVE-2018-1260, CVE-2020-11656, CVE-2021-43466, CVE-2021-23926, CVE-2017-9096, CVE-2019-9928, CVE-2021-46877, CVE-2020-35169, CVE-2013-6078, CVE-2020-29505, CVE-2020-29504, CVE-2019-3728, CVE-2018-11058, CVE-2018-11054, CVE-2015-0536, CVE-2015-0535, CVE-2015-0534, CVE-2015-0533, CVE-2019-11287, CVE-2019-11281, CVE-2019-11291 Avamar 19.10 Virtual Edition for VMware ESXi and vSphere Dell Avamar Operating System Version 19.4, 19.7, 19.8 and 19.9 Version 19.10 or later AVE-19.10.0.135.ovf.7z
CVE-2019-10086, CVE-2019-12419, CVE-2018-8013, CVE-2018-20433, CVE-2019-10202, CVE-2020-10683, CVE-2019-14893, CVE-2022-26520, CVE-2018-1260, CVE-2020-11656, CVE-2021-43466, CVE-2021-23926, CVE-2017-9096, CVE-2019-9928, CVE-2021-46877, CVE-2020-35169, CVE-2013-6078, CVE-2020-29505, CVE-2020-29504, CVE-2019-3728, CVE-2018-11058, CVE-2018-11054, CVE-2015-0536, CVE-2015-0535, CVE-2015-0534, CVE-2015-0533, CVE-2019-11287, CVE-2019-11281, CVE-2019-11291 Avamar 19.10 Virtual Edition for VMware vSphere only Dell Avamar Operating System Version 19.4, 19.7, 19.8 and 19.9 Version 19.10 or later AVE-19.10.0.135.ova
CVE-2019-10086, CVE-2019-12419, CVE-2018-8013, CVE-2018-20433, CVE-2019-10202, CVE-2020-10683, CVE-2019-14893, CVE-2022-26520, CVE-2018-1260, CVE-2020-11656, CVE-2021-43466, CVE-2021-23926, CVE-2017-9096, CVE-2019-9928, CVE-2021-46877, CVE-2020-35169, CVE-2013-6078, CVE-2020-29505, CVE-2020-29504, CVE-2019-3728, CVE-2018-11058, CVE-2018-11054, CVE-2015-0536, CVE-2015-0535, CVE-2015-0534, CVE-2015-0533, CVE-2019-11287, CVE-2019-11281, CVE-2019-11291 Avamar 19.10 Virtual Edition for Hyper-V 2012 Dell Avamar Operating System Version 19.4, 19.7, 19.8 and 19.9 Version 19.10 or later AAVE-19.10.0.135-2012.7z
CVE-2019-10086, CVE-2019-12419, CVE-2018-8013, CVE-2018-20433, CVE-2019-10202, CVE-2020-10683, CVE-2019-14893, CVE-2022-26520, CVE-2018-1260, CVE-2020-11656, CVE-2021-43466, CVE-2021-23926, CVE-2017-9096, CVE-2019-9928, CVE-2021-46877, CVE-2020-35169, CVE-2013-6078, CVE-2020-29505, CVE-2020-29504, CVE-2019-3728, CVE-2018-11058, CVE-2018-11054, CVE-2015-0536, CVE-2015-0535, CVE-2015-0534, CVE-2015-0533, CVE-2019-11287, CVE-2019-11281, CVE-2019-11291 Avamar 19.10 Virtual Edition for Hyper-V 2012R2, Hyper-V 2016, and Hyper-V 2019 Dell Avamar Operating System Version 19.4, 19.7, 19.8 and 19.9 Version 19.10 or later AAVE-19.10.0.135.7z
CVE-2019-10086, CVE-2019-12419, CVE-2018-8013, CVE-2018-20433, CVE-2019-10202, CVE-2020-10683, CVE-2019-14893, CVE-2022-26520, CVE-2018-1260, CVE-2020-11656, CVE-2021-43466, CVE-2021-23926, CVE-2017-9096, CVE-2019-9928, CVE-2021-46877, CVE-2020-35169, CVE-2013-6078, CVE-2020-29505, CVE-2020-29504, CVE-2019-3728, CVE-2018-11058, CVE-2018-11054, CVE-2015-0536, CVE-2015-0535, CVE-2015-0534, CVE-2015-0533, CVE-2019-11287, CVE-2019-11281, 
CVE-2019-11291		 Avamar 19.10 Virtual Edition for KVM/OpenStack KVM Dell Avamar Operating System Version 19.4, 19.7, 19.8 and 19.9 Version 19.10 or later AVE-19.10.0.135.qcow2.7z
CVEs Addressed Product Software/Firmware Affected Versions Remediated Versions Link
CVE-2019-10086, CVE-2019-12419, CVE-2018-8013, CVE-2018-20433, CVE-2019-10202, CVE-2020-10683, CVE-2019-14893, CVE-2022-26520, CVE-2018-1260, CVE-2020-11656, CVE-2021-43466, CVE-2021-23926, CVE-2017-9096, CVE-2019-9928, CVE-2021-46877, CVE-2020-35169, CVE-2013-6078, CVE-2020-29505, CVE-2020-29504, CVE-2019-3728, CVE-2018-11058, CVE-2018-11054, CVE-2015-0536, CVE-2015-0535, CVE-2015-0534, CVE-2015-0533, CVE-2019-11287, CVE-2019-11281, CVE-2019-11291 Dell Avamar Data Store Gen4T, Gen5A Dell Avamar Operating System Version 19.4, 19.7, 19.8 and 19.9  Version 19.10 or later AvamarInstallSles-19.10.0-135.avp
CVE-2019-10086, CVE-2019-12419, CVE-2018-8013, CVE-2018-20433, CVE-2019-10202, CVE-2020-10683, CVE-2019-14893, CVE-2022-26520, CVE-2018-1260, CVE-2020-11656, CVE-2021-43466, CVE-2021-23926, CVE-2017-9096, CVE-2019-9928, CVE-2021-46877, CVE-2020-35169, CVE-2013-6078, CVE-2020-29505, CVE-2020-29504, CVE-2019-3728, CVE-2018-11058, CVE-2018-11054, CVE-2015-0536, CVE-2015-0535, CVE-2015-0534, CVE-2015-0533, CVE-2019-11287, CVE-2019-11281, CVE-2019-11291 Avamar 19.10 Virtual Edition for VMware ESXi and vSphere Dell Avamar Operating System Version 19.4, 19.7, 19.8 and 19.9 Version 19.10 or later AVE-19.10.0.135.ovf.7z
CVE-2019-10086, CVE-2019-12419, CVE-2018-8013, CVE-2018-20433, CVE-2019-10202, CVE-2020-10683, CVE-2019-14893, CVE-2022-26520, CVE-2018-1260, CVE-2020-11656, CVE-2021-43466, CVE-2021-23926, CVE-2017-9096, CVE-2019-9928, CVE-2021-46877, CVE-2020-35169, CVE-2013-6078, CVE-2020-29505, CVE-2020-29504, CVE-2019-3728, CVE-2018-11058, CVE-2018-11054, CVE-2015-0536, CVE-2015-0535, CVE-2015-0534, CVE-2015-0533, CVE-2019-11287, CVE-2019-11281, CVE-2019-11291 Avamar 19.10 Virtual Edition for VMware vSphere only Dell Avamar Operating System Version 19.4, 19.7, 19.8 and 19.9 Version 19.10 or later AVE-19.10.0.135.ova
CVE-2019-10086, CVE-2019-12419, CVE-2018-8013, CVE-2018-20433, CVE-2019-10202, CVE-2020-10683, CVE-2019-14893, CVE-2022-26520, CVE-2018-1260, CVE-2020-11656, CVE-2021-43466, CVE-2021-23926, CVE-2017-9096, CVE-2019-9928, CVE-2021-46877, CVE-2020-35169, CVE-2013-6078, CVE-2020-29505, CVE-2020-29504, CVE-2019-3728, CVE-2018-11058, CVE-2018-11054, CVE-2015-0536, CVE-2015-0535, CVE-2015-0534, CVE-2015-0533, CVE-2019-11287, CVE-2019-11281, CVE-2019-11291 Avamar 19.10 Virtual Edition for Hyper-V 2012 Dell Avamar Operating System Version 19.4, 19.7, 19.8 and 19.9 Version 19.10 or later AAVE-19.10.0.135-2012.7z
CVE-2019-10086, CVE-2019-12419, CVE-2018-8013, CVE-2018-20433, CVE-2019-10202, CVE-2020-10683, CVE-2019-14893, CVE-2022-26520, CVE-2018-1260, CVE-2020-11656, CVE-2021-43466, CVE-2021-23926, CVE-2017-9096, CVE-2019-9928, CVE-2021-46877, CVE-2020-35169, CVE-2013-6078, CVE-2020-29505, CVE-2020-29504, CVE-2019-3728, CVE-2018-11058, CVE-2018-11054, CVE-2015-0536, CVE-2015-0535, CVE-2015-0534, CVE-2015-0533, CVE-2019-11287, CVE-2019-11281, CVE-2019-11291 Avamar 19.10 Virtual Edition for Hyper-V 2012R2, Hyper-V 2016, and Hyper-V 2019 Dell Avamar Operating System Version 19.4, 19.7, 19.8 and 19.9 Version 19.10 or later AAVE-19.10.0.135.7z
CVE-2019-10086, CVE-2019-12419, CVE-2018-8013, CVE-2018-20433, CVE-2019-10202, CVE-2020-10683, CVE-2019-14893, CVE-2022-26520, CVE-2018-1260, CVE-2020-11656, CVE-2021-43466, CVE-2021-23926, CVE-2017-9096, CVE-2019-9928, CVE-2021-46877, CVE-2020-35169, CVE-2013-6078, CVE-2020-29505, CVE-2020-29504, CVE-2019-3728, CVE-2018-11058, CVE-2018-11054, CVE-2015-0536, CVE-2015-0535, CVE-2015-0534, CVE-2015-0533, CVE-2019-11287, CVE-2019-11281, 
CVE-2019-11291		 Avamar 19.10 Virtual Edition for KVM/OpenStack KVM Dell Avamar Operating System Version 19.4, 19.7, 19.8 and 19.9 Version 19.10 or later AVE-19.10.0.135.qcow2.7z
NOTE: The Integrated Data Protection Appliance product team has confirmed impact and are preparing a remedy. Dell will update this Security Advisory once we have a remedy in place.


The Affected Products and Remediation table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
  • Dell recommends that you always upgrade to the latest release/version for your product.
  • Customers who want to remediate the security vulnerabilities are advised to upgrade to the latest version of Dell Avamar and Dell Avamar Virtual Edition - 19.10.
  • The existing instances of Dell Avamar, from 19.4,19.7,19.8 and 19.9 can be upgraded to Dell Avamar version 19.10 via the below upgrade packages.

Revision History

RevisionDateDescription
1.02024-02-02Initial Release
2.0 2024-02-14Updated for enhanced format presentation with no change to content
3.02024-02-15Updated to include Integrated Data Protection Appliance details

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Information

Article Properties

Affected Product

Avamar, Avamar, Avamar Data Store, Avamar Data Store Gen4T, Avamar Data Store Gen5A, Avamar Server, Avamar Virtual Edition, Integrated Data Protection Appliance Family, Integrated Data Protection Appliance Software, Product Security Information

Last Published Date

22 Feb 2024

Article Type

Dell Security Advisory

Back to Top