DSA-2024-092: Sikkerhedsopdatering til Dell RecoverPoint for Virtual Machines Flere sårbarheder
Summary: Dell RecoverPoint for Virtual Machines-afhjælpning er tilgængelig for flere sikkerhedssårbarheder, der kan udnyttes af ondsindede brugere til at kompromittere det berørte system.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Impact
Critical
Details
| Tredjepartskomponent | CVE'er | Yderligere oplysninger |
|---|---|---|
| Apache Commons-filupload | CVE-2023-24998 | Se NVD-linket nedenfor for score for denne CVE. https://nvd.nist.gov/vuln/detail/CVE-2023-24998  |
| AWS SDK til Java | CVE-2022-31159 | Se NVD-linket nedenfor for score for denne CVE. https://nvd.nist.gov/vuln/detail/CVE-2022-31159 |
| azure-storage-blob | CVE-2022-30187 | Se NVD-linket nedenfor for score for denne CVE. https://nvd.nist.gov/vuln/detail/CVE-2022-30187 |
| GNU C-bibliotek | CVE-2009-5029, CVE-2010-4051, CVE-2010-4052, CVE-2011-1071, CVE-2011-1089, CVE-2011-1095, CVE-2011-1658, CVE-2011-1659, CVE-2011-2702, CVE-2011-4609, CVE-2011-5320, CVE-2012-3405, CVE e-2012-3480, CVE-2012-4412, CVE-2012-4424, CVE-2012-6656, CVE-2013-1914, CVE-2013-2207, CVE-2013-4237, CVE-2013-4332, CVE-2013-4458, CVE-2013-4788, CVE-2013-7424, CVE-2015-0235 | Se NVD-linket nedenfor for individuelle scorer for hver CVE. http://nvd.nist.gov/ |
| H2-databaseprogram | CVE-2021-23463, CVE-2021-42392, CVE-2022-23221, CVE-2022-45868 | Se NVD-linket nedenfor for individuelle scorer for hver CVE. http://nvd.nist.gov/ |
| JSON-java | CVE-2022-45688 | Se NVD-linket nedenfor for score for denne CVE. https://nvd.nist.gov/vuln/detail/CVE-2022-45688 |
| JSON-Smart | CVE-2021-31684 | Se NVD-linket nedenfor for score for denne CVE. https://nvd.nist.gov/vuln/detail/CVE-2021-31684 |
| Linux-kerne | CVE-2014-3534, CVE-2014-5077, CVE-2014-5206, CVE-2014-6418, CVE-2014-9940, CVE-2015-8660, CVE-2016-4558, CVE-2016-9777, CVE-2017-1000405, CVE-2017-12146, CVE-2017-17053, CVE-2017-17712, CVE-2017-18202, CVE-2017-6874, CVE-2017-7477, CVE-2018-15471, CVE-2018-18559, CVE-2019-14815, CVE-2019-15917, CVE-2020-12465, CVE-2020-27784, CVE-2020-29369, CVE-2020-35499, CVE-2021-22600, CVE-2021-23133, CVE-2021-29657, CVE-2021-4197, CVE-2022-1651, CVE-2022-1671, CVE-2022-1882, CVE-2022-1943, CVE-2022-1973, CVE-2022-2196, CVE-2022-28796, CVE-2022-28893, CVE-2022-2959, CVE-2022-32250, CVE-2022-3545, CVE-2022-39189, CVE-2022-41222, CVE-2022-4139, CVE-2022-4379, CVE-2022-47518, CVE-2022-47519, CVE-2022-47519, CVE-2022-47519, CVE-202022-41222 2-47520, CVE-2022-48424, CVE-2023-0045, CVE-2023-0266, CVE-2023-0386, CVE-2023-0461, CVE-2023-1252, CVE-2023-1390, CVE-2023-1652, CVE-2023-1855, CVE-2023-2006, CVE-2023-2008, CVE-2023-2248, CVE-2023-28464, CVE-2023-28466 | Se NVD-linket nedenfor for individuelle scorer for hver CVE. http://nvd.nist.gov/ |
| Lua | CVE-2020-15888 | Se NVD-linket nedenfor for score for denne CVE. https://nvd.nist.gov/vuln/detail/CVE-2020-15888 |
| OpenSSL | CVE-2006-7250, CVE-2009-0590, CVE-2009-0591, CVE-2009-0789, CVE-2009-1377, CVE-2009-1378, CVE-2009-1387, CVE-2009-2409, CVE-2009-3245, CVE-2009-3555, CVE-2009-4355, CVE-2010-0433, CVE-2010-0740, CVE-2010-0742, CVE-2010-3864, CVE-2010-4180, CVE-2010-3864, CVE-2010-4180, CVE-2010-4355, CVE-2010-0433, CVE-2010-0740, CVE-2010-0742, CVE-2010-3864, CVE-2010-4180, CVE-2010-4355, CVE-2010-04333, CVE-2010-0740, CVE-2010-0742, CVE-2010-3864, CVE-2010-4180, CVE-2009-3245, CVE-2010-3555, CVE-2010-0433, CVE-2010-0740, CVE-2010-0740, CVE-2010-3864, CVE-2010-4180, CVE-2009-3245, CVE-2010-3555, CVE-2009-4355, CVE-2010-0433, CVE-2010-0740, CVE-2010-0740, CVE-2010-3864, CVE-2010-4180, CVE-2009-3245, CVE-2010-3555, CVE-2010-0433, CVE-2e-2010-4252, CVE-2011-0014, CVE-2011-1473, CVE-2011-1945, CVE-2011-3207, CVE-2011-3210, CVE-2011-4108, CVE-2011-4109, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619, CVE-2012-0027, CVE-2012-0884, CVE-2012-1165, CVE-2012-2110, CVE-2012-2333, CVE-2012-2686, CVE-2013-0166, CVE-2013-0169, CVE-2013-4353, CVE-2013-6449, CVE-2013-6450, CVE-2014-0076, CVE-2014-0160, CVE-2014-3569 | Se NVD-linket nedenfor for individuelle scorer for hver CVE. http://nvd.nist.gov/ |
| PostgreSQL JDBC-driver (pgjdbc) | CVE-2022-21724, CVE-2022-26520, CVE-2022-31197, CVE-2022-41946 | Se NVD-linket nedenfor for individuelle scorer for hver CVE. http://nvd.nist.gov/ |
| Forår rammer | CVE-2021-22060, CVE-2021-22096, CVE-2021-22118 | Se NVD-linket nedenfor for individuelle scorer for hver CVE. http://nvd.nist.gov/ |
| SQLite |
CVE-2015-3414, CVE-2015-3415, CVE-2015-3416, CVE-2015-3717, CVE-2015-5895, CVE-2015-6607, CVE-2016-6153, CVE-2017-10989, CVE-2018-20346, CVE-2018-20505, CVE-2018-20506, CVE-2018-8740, CVE-2019-11888 11, CVE-2019-16168, CVE-2019-19645, CVE-2019-19646, CVE-2019-8457, CVE-2020-11655, CVE-2020-11656, CVE-2020-13434, CVE-2020-13435, CVE-2020-13630, CVE-2020-13631, CVE-2020-13632, CVE-2020-15358 | Se NVD-linket nedenfor for individuelle scorer for hver CVE. http://nvd.nist.gov/ |
| Apache Tomcat | CVE-2020-9484, CVE-2020-11996, CVE-2022-29885, CVE-2020-17527, CVE-2021-24122, CVE-2021-33037, CVE-2022-22965, CVE-2021-30640, CVE-2022-42252, CVE-2020-13943, CVE-2021-25122, CVE-2020-9494, CVE-2021-25329, CVE-2022-34305, CVE-2020-13934, CVE-2020-13935, CVE-2021-41079, CVE-2022-23181 | Se NVD-linket nedenfor for individuelle scorer for hver CVE. http://nvd.nist.gov/ |
| OpenSSH | CVE-2021-28041 | Se NVD-linket nedenfor for individuelle scorer for CVE. http://nvd.nist.gov/ |
| Sikkerhedsopdatering til SUSE Enterprise Linux | CVE-2017-0386, CVE-2022-3515, CVE-2022-1664, CVE-2022-0529, CVE-2022-0530, CVE-2022-31081, CVE-2022-2795, CVE-2022-38177, CVE-2022-38178, CVE-2022-1292, CVE-2022-2068, CVE-2022-29154, CVE-2022-43680, CVE-2022-31676, CVE-2021-28861, CVE-20222 -2963, CVE-2022-0561, CVE-2022-2519, CVE-2022-2520, CVE-2022-2521, CVE-2022-2867, CVE-2022-2868, CVE-2022-2869, CVE-2022-0562, CVE-2022-34266, CVE-2022-34526, CVE-2022-31252, CVE-2022-32206, CVE-2022-32208, CVE-2022-29458, CVE-2022-1615, CVE-2021-4203, CVE-2022-20368, CVE-2022-20369, CVE-2022-21385, CVE-2022-1462, CVE-2022-26373, CVE-2022-2639, CVE-2022-29581, CVE-2022-36879, CVE-2022-3028, CVE-2021-36690, CVE-2022-35737, CVE-2015-20107, CVE-2021-43527, CVE-2022-1587, CVE-2022-3687, CVE-2022-3028, CVE-2021-36690, CVE-2022-35737, CVE-2015-20107, CVE-2021-43527, CVE-2022-1587, CVE-2022-36879, CVE-2022-3028, CVE-2021-36690, CVE-2022-35737, CVE-2015-20107, CVE-2021-43527, CVE-2022-1587, CVE-2022-36879, CVE-2022-3028, CVE-2021-36690, CVE-2022-35737, CVE-2015-20107, CVE-2021-43527, CVE-2022-1587, CVE-2022-36879, CVE-2022-3028, CVE-2021-36690, CVE-2022-35737, CVE-2022-1587, CVE-2022-36699, CVE-2022-3028, CVE-2021-36690, CVE-2022-35737, CVE-2022--2022-2031, CVE-2022-32742, CVE-2022-32744, CVE-2022-32745, CVE-2022-32746, CVE-2022-24765, CVE-2022-29187, CVE-2022-24903, CVE-2022-21426, CVE-2022-21434, CVE-2022-21443, CVE-2022-21476, CVE-2022-21496, CVE-2016-3709, CVE-2021-46848, CVE-2022-1586, CVE-2022-21233, CVE-2020-12762, CVE-2022-29869, CVE-2022-40674, CVE-2020-29362, CVE-2022-2056, CVE-2022-2057, CVE-2022-2058, CVE-2022-21540, CVE-2022-21541, CVE-2022-34169, CVE-2020-35538, CVE-2015-8985, CVE-2020-26541, CVE-2022-2020-26541, CVE-2022-21541, CVE-2022-21541, CVE-2020-35538, CVE-2015-8985, CVE-2020-26541, CVE-201540, CVE-2020-26541, CVE-2022-21541, CVE-2020-35538, CVE-201549, CVE-2020-35538, CVE-2015-8985, CVE-2020-26541, CVE-201540, CVE-2022-21541, CVE-2020-35538, CVE-2015169, CVE-2020-35538, CVE-2015-8985, CVE-2020-26541, CVE-201540, CVE-2022-21541, CVE-2022-34169, CVE-2020-35538, CVE-2015-8985, CVE-2020-26541, CVE-201540, CVE-2022-21541, CVE-20202-35538, CVE-2022-34169, CVE-20-2022-1012, CVE-2022-1679, CVE-2022-34903, CVE-2022-41848, CVE-2022-39188, CVE-2022-2663, CVE-2022-41218, CVE-2022-41973, CVE-2022-41974, CVE-2022-32221, CVE-2022-40303, CVE-2022-40304, CVE-2022-20132, CVE-2022-20141, CVE-2022-20154, CVE-2022-2318, CVE-2022-26365, CVE-2022-33740, CVE-2022-29900, CVE-2022-29901, CVE-2022-33981, CVE-2021-46828, CVE-2022-2097, CVE-2020-12825, CVE-2022-37434,CVE-2021-20266, CVE-2021-20271, CVE-2021-3421, CVE-2020-21913, CVE-2020-36557, CVE-2020-36558, CVE-2021-33655, CVE-2021-33656, CVE-2022-20166, CVE-202021-2021 22-36946, CVE-2021-3802, CVE-2022-2503, CVE-2022-20008, CVE-2020-36516, CVE-2022-2588, CVE-2022-2977, CVE-2021-4157, CVE-2022-3239, CVE-2022-3303 | Se SuSE-linket nedenfor for individuelle scorer for CVE. https://www.suse.com/ |
| Navnebeskyttede CVE-koder | Beskrivelse | CVSS Basisscore | CVSS Vektorstreng |
|---|---|---|---|
| CVE-2024-22426 | Dell RecoverPoint for Virtual Machines 5.3.x indeholder en sikkerhedsrisiko i forbindelse med indsættelse af operativsystemkommandoer. En ikke-godkendt fjernangriber kan potentielt udnytte denne sårbarhed, hvilket fører til udførelse af vilkårlige operativsystemkommandoer, som udføres i rodbrugerens kontekst, hvilket resulterer i en komplet systemkompromittering. |
7.2 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
| CVE-2024-22425 | Dell RecoverPoint for Virtual Machines 5.3.x indeholder en sikkerhedsrisiko mod brute force/ordbogsangreb. En ikke-godkendt fjernangriber kan potentielt udnytte denne sårbarhed, hvilket fører til at starte et brute force-angreb eller et ordbogsangreb mod RecoverPoint-loginformularen. Dette gør det muligt for angribere at brute-force adgangskoden til gyldige brugere på en automatiseret måde. | 6.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
| Navnebeskyttede CVE-koder | Beskrivelse | CVSS Basisscore | CVSS Vektorstreng |
|---|---|---|---|
| CVE-2024-22426 | Dell RecoverPoint for Virtual Machines 5.3.x indeholder en sikkerhedsrisiko i forbindelse med indsættelse af operativsystemkommandoer. En ikke-godkendt fjernangriber kan potentielt udnytte denne sårbarhed, hvilket fører til udførelse af vilkårlige operativsystemkommandoer, som udføres i rodbrugerens kontekst, hvilket resulterer i en komplet systemkompromittering. |
7.2 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
| CVE-2024-22425 | Dell RecoverPoint for Virtual Machines 5.3.x indeholder en sikkerhedsrisiko mod brute force/ordbogsangreb. En ikke-godkendt fjernangriber kan potentielt udnytte denne sårbarhed, hvilket fører til at starte et brute force-angreb eller et ordbogsangreb mod RecoverPoint-loginformularen. Dette gør det muligt for angribere at brute-force adgangskoden til gyldige brugere på en automatiseret måde. | 6.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
Affected Products & Remediation
| Produkt | Berørte versioner | Afhjælpede versioner | Link |
|---|---|---|---|
| RecoverPoint for Virtual Machines | Version 5.3 SP2, 5.3 SP2 P1, 5.3 SP2 P2, 5.3 SP2 P4, 5.3 SP3 P1 og 5.3 SP3 P2 | Version 5.3.4.0 eller nyere | https://www.dell.com/support/home/product-support/product/recoverpoint-for-virtual-machines/drivers |
| Produkt | Berørte versioner | Afhjælpede versioner | Link |
|---|---|---|---|
| RecoverPoint for Virtual Machines | Version 5.3 SP2, 5.3 SP2 P1, 5.3 SP2 P2, 5.3 SP2 P4, 5.3 SP3 P1 og 5.3 SP3 P2 | Version 5.3.4.0 eller nyere | https://www.dell.com/support/home/product-support/product/recoverpoint-for-virtual-machines/drivers |
Tabellen Berørte produkter og afhjælpning ovenfor er muligvis ikke en udtømmende liste over alle berørte understøttede versioner og kan blive opdateret, efterhånden som flere oplysninger bliver tilgængelige.
Dell anbefaler, at du altid opgraderer til den nyeste version/version af dit produkt
Dell anbefaler, at du altid opgraderer til den nyeste version/version af dit produkt
Revision History
| Revision | Dato | Beskrivelse |
|---|---|---|
| 1.0 | 2024-02-16 | Første version |
| 2.0 | 2024-07-18 | Opdateret til forbedret præsentation uden ændringer af indholdet. |
Related Information
Legal Disclaimer
Affected Products
RecoverPoint for Virtual MachinesArticle Properties
Article Number: 000222133
Article Type: Dell Security Advisory
Last Modified: 19 Jul 2024
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.