DSA-2024-092: Flere sikkerhetsproblemer sikkerhetsoppdatering for Dell RecoverPoint for virtuelle maskiner
Summary: Utbedring av Dell RecoverPoint for Virtual Machines er tilgjengelig for flere sikkerhetssårbarheter som ondsinnede brukere kan utnytte for å skade det berørte systemet.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Impact
Critical
Details
| Tredjepartskomponent | CVE-er | Mer informasjon |
|---|---|---|
| Apache Commons FileUpload | CVE-2023-24998 | Se NVD-lenken nedenfor for poengsum for denne CVE-en. https://nvd.nist.gov/vuln/detail/CVE-2023-24998  |
| AWS SDK for Java | CVE-2022-31159 | Se NVD-lenken nedenfor for poengsum for denne CVE-en. https://nvd.nist.gov/vuln/detail/CVE-2022-31159 |
| azure-storage-blob | CVE-2022-30187 | Se NVD-lenken nedenfor for poengsum for denne CVE-en. https://nvd.nist.gov/vuln/detail/CVE-2022-30187 |
| GNU C-biblioteket | CVE-2009-5029, CVE-2010-4051, CVE-2010-4052, CVE-2011-1071, CVE-2011-1089, CVE-2011-1095, CVE-2011-1658, CVE-2011-1659, CVE-2011-2702, CVE-2011-4609, CVE-2011-5320, CVE-2012-3405, CVE-2011-1658, CVE-2011-1659, CVE-2011-2702, CVE-2011-4609, CVE-2011-5320, CVE-2012-3405, CVE-2011-3405 e-2012-3480, CVE-2012-4412, CVE-2012-4424, CVE-2012-6656, CVE-2013-1914, CVE-2013-2207, CVE-2013-4237, CVE-2013-4332, CVE-2013-4458, CVE-2013-4788, CVE-2013-7424, CVE-2015-0235 | Se NVD-lenken nedenfor for individuelle poengsummer for hver CVE. http://nvd.nist.gov/ |
| H2-databasemotor | CVE-2021-23463, CVE-2021-42392, CVE-2022-23221, CVE-2022-45868 | Se NVD-lenken nedenfor for individuelle poengsummer for hver CVE. http://nvd.nist.gov/ |
| JSON-java | CVE-2022-45688 | Se NVD-lenken nedenfor for poengsum for denne CVE-en. https://nvd.nist.gov/vuln/detail/CVE-2022-45688 |
| json-smart | CVE-2021-31684 | Se NVD-lenken nedenfor for poengsum for denne CVE-en. https://nvd.nist.gov/vuln/detail/CVE-2021-31684 |
| Linux-kjernen | CVE-2014-3534, CVE-2014-5077, CVE-2014-5206, CVE-2014-6418, CVE-2014-9940, CVE-2015-8660, CVE-2016-4558, CVE-2016-9777, CVE-2017-1000405, CVE-2017-12146, CVE-2017-17053, CVE-2017-17712, CVE-2017-18202, CVE-2017-6874, CVE-2017-7477, CVE-2018-15471, CVE-2018-18559, CVE-2019-14815, CVE-2019-15917, CVE-2020-12465, CVE-2020-27784, CVE-2020-29369, CVE-2020-35499, CVE-2021-22600, CVE-2021-23133, CVE-2021-29657, CVE-2021-4197, CVE-2022-1651, CVE-2022-1671, CVE-2022-1882, CVE-2022-1943, CVE-2022-1973, CVE-2022-2196, CVE-2022-28796, CVE-2022-28893, CVE-2022-2959, CVE-2022-32250, CVE-2022-3545, CVE-2022-39189, CVE-2022-41222, CVE-2022-4139, CVE-2022-4379, CVE-2022-47518, CVE-2022-47519, CVE-2022-2022 2-47520, CVE-2022-48424, CVE-2023-0045, CVE-2023-0266, CVE-2023-0386, CVE-2023-0461, CVE-2023-1252, CVE-2023-1390, CVE-2023-1652, CVE-2023-1855, CVE-2023-2006, CVE-2023-2008, CVE-2023-2248, CVE-2023-28464, CVE-2023-28466 | Se NVD-lenken nedenfor for individuelle poengsummer for hver CVE. http://nvd.nist.gov/ |
| Lua | CVE-2020-15888 | Se NVD-lenken nedenfor for poengsum for denne CVE-en. https://nvd.nist.gov/vuln/detail/CVE-2020-15888 |
| OpenSSL | CVE-2006-7250, CVE-2009-0590, CVE-2009-0591, CVE-2009-0789, CVE-2009-1377, CVE-2009-1378, CVE-2009-1387, CVE-2009-2409, CVE-2009-3245, CVE-2009-3555, CVE-2009-4355, CVE-2010-0433, CVE-2010-0740, CVE-2010-0742, CVE-2010-3864, CVE-2010-4180, CVE-2009-4180 e-2010-4252, CVE-2011-0014, CVE-2011-1473, CVE-2011-1945, CVE-2011-3207, CVE-2011-3210, CVE-2011-4108, CVE-2011-4109, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619, CVE-2012-0027, CVE-2012-0884, CVE-2012-1165, CVE-2012-2110, CVE-2012-2333, CVE-2012-2686, CVE-2013-0166, CVE-2013-0169, CVE-2013-4353, CVE-2013-6449, CVE-2013-6450, CVE-2014-0076, CVE-2014-0160, CVE-2014-3569 | Se NVD-lenken nedenfor for individuelle poengsummer for hver CVE. http://nvd.nist.gov/ |
| PostgreSQL JDBC-driver (pgjdbc) | CVE-2022-21724, CVE-2022-26520, CVE-2022-31197, CVE-2022-41946 | Se NVD-lenken nedenfor for individuelle poengsummer for hver CVE. http://nvd.nist.gov/ |
| Spring Framework | CVE-2021-22060, CVE-2021-22096, CVE-2021-22118 | Se NVD-lenken nedenfor for individuelle poengsummer for hver CVE. http://nvd.nist.gov/ |
| SQLite |
CVE-2015-3414, CVE-2015-3415, CVE-2015-3416, CVE-2015-3717, CVE-2015-5895, CVE-2015-6607, CVE-2016-6153, CVE-2017-10989, CVE-2018-20346, CVE-2018-20505, CVE-2018-20506, CVE-2018-8740, CVE-2019-1188 11, CVE-2019-16168, CVE-2019-19645, CVE-2019-19646, CVE-2019-8457, CVE-2020-11655, CVE-2020-11656, CVE-2020-13434, CVE-2020-13435, CVE-2020-13630, CVE-2020-13631, CVE-2020-13632, CVE-2020-15358 | Se NVD-lenken nedenfor for individuelle poengsummer for hver CVE. http://nvd.nist.gov/ |
| Apache Tomcat | CVE-2020-9484, CVE-2020-11996, CVE-2022-29885, CVE-2020-17527, CVE-2021-24122, CVE-2021-33037, CVE-2022-22965, CVE-2021-30640, CVE-2022-42252, CVE-2020-13943, CVE-2021-25122, CVE-2020-9494, CVE-2021-25329, CVE-2022-34305, CVE-2020-13934, CVE-2020-13935, CVE-2021-41079, CVE-2022-23181 | Se NVD-lenken nedenfor for individuelle poengsummer for hver CVE. http://nvd.nist.gov/ |
| OpenSSH | CVE-2021-28041 | Se NVD-lenken nedenfor for individuelle score for CVE. http://nvd.nist.gov/ |
| SUSE Enterprise Linux-sikkerhetsoppdatering | CVE-2017-0386, CVE-2022-3515, CVE-2022-1664, CVE-2022-0529, CVE-2022-0530, CVE-2022-31081, CVE-2022-2795, CVE-2022-38177, CVE-2022-38178, CVE-2022-1292, CVE-2022-2068, CVE-2022-29154, CVE-2022-43680, CVE-2022-31676, CVE-2021-28861, CVE-20222 -2963, CVE-2022-0561, CVE-2022-2519, CVE-2022-2520, CVE-2022-2521, CVE-2022-2867, CVE-2022-2868, CVE-2022-2869, CVE-2022-0562, CVE-2022-34266, CVE-2022-34526, CVE-2022-31252, CVE-2022-32206, CVE-2022-32208, CVE-2022-29458, CVE-2022-1615, CVE-2021-4203, CVE-2022-20368, CVE-2022-20369, CVE-2022-21385, CVE-2022-1462, CVE-2022-26373, CVE-2022-2639, CVE-2022-29581, CVE-2022-36879, CVE-2022-3028, CVE-2021-36690, CVE-2022-35737, CVE-2015-20107, CVE-2021-43527, CVE-2022-1587, CVE-2022-1587, CVE-2022-3028 -2022-2031, CVE-2022-32742, CVE-2022-32744, CVE-2022-32745, CVE-2022-32746, CVE-2022-24765, CVE-2022-29187, CVE-2022-24903, CVE-2022-21426, CVE-2022-21434, CVE-2022-21443, CVE-2022-21476, CVE-2022-21496, CVE-2016-3709, CVE-2021-46848, CVE-2022-1586, CVE-2022-21233, CVE-2020-12762, CVE-2022-29869, CVE-2022-40674, CVE-2020-29362, CVE-2022-2056, CVE-2022-2057, CVE-2022-2058, CVE-2022-21540, CVE-2022-21541, CVE-2022-34169, CVE-2020-35538, CVE-2015-8985, CVE-2020-26541 -2022-1012, CVE-2022-1679, CVE-2022-34903, CVE-2022-41848, CVE-2022-39188, CVE-2022-2663, CVE-2022-41218, CVE-2022-41973, CVE-2022-41974, CVE-2022-32221, CVE-2022-40303, CVE-2022-40304, CVE-2022-20132, CVE-2022-20141, CVE-2022-20154, CVE-2022-2318, CVE-2022-26365, CVE-2022-33740, CVE-2022-29900, CVE-2022-29901, CVE-2022-33981, CVE-2021-46828, CVE-2022-2097, CVE-2020-12825, CVE-2022-37434,CVE-2021-20266, CVE-2021-20271, CVE-2021-3421, CVE-2020-21913, CVE-2020-36557, CVE-2020-36558, CVE-2021-33655, CVE-2021-33656, CVE-2022-20166, CVE-2020-20166 22-36946, CVE-2021-3802, CVE-2022-2503, CVE-2022-20008, CVE-2020-36516, CVE-2022-2588, CVE-2022-2977, CVE-2021-4157, CVE-2022-3239 og CVE-2022-3303 | Se SuSE-lenken nedenfor for individuelle poengsummer for CVE. https://www.suse.com/ |
| CVE-er for rettighetsbeskyttet kode | Beskrivelse | CVSS-grunnpoengsum | CVSS Vector-streng |
|---|---|---|---|
| CVE-2024-22426 | Dell RecoverPoint for Virtual Machines 5.3.x inneholder et sikkerhetsproblem med OS-kommandoinjeksjon. En ekstern angriper som ikke er autentisert, kan potensielt utnytte dette sikkerhetsproblemet, noe som kan føre til vilkårlige operativsystemkommandoer som kjøres i konteksten til rotbrukeren, slik at systemet blir skadet. |
7,2 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
| CVE-2024-22425 | Dell RecoverPoint for Virtual Machines 5.3.x inneholder et sikkerhetsproblem med brute force/dictionary-angrep. En ekstern angriper som ikke er autentisert, kan potensielt utnytte dette sikkerhetsproblemet, noe som kan føre til et brute force-angrep eller et ordlisteangrep mot påloggingsskjemaet RecoverPoint. Dette gjør det mulig for angripere å tvinge passordet til gyldige brukere på en automatisert måte. | 6.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
| CVE-er for rettighetsbeskyttet kode | Beskrivelse | CVSS-grunnpoengsum | CVSS Vector-streng |
|---|---|---|---|
| CVE-2024-22426 | Dell RecoverPoint for Virtual Machines 5.3.x inneholder et sikkerhetsproblem med OS-kommandoinjeksjon. En ekstern angriper som ikke er autentisert, kan potensielt utnytte dette sikkerhetsproblemet, noe som kan føre til vilkårlige operativsystemkommandoer som kjøres i konteksten til rotbrukeren, slik at systemet blir skadet. |
7,2 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
| CVE-2024-22425 | Dell RecoverPoint for Virtual Machines 5.3.x inneholder et sikkerhetsproblem med brute force/dictionary-angrep. En ekstern angriper som ikke er autentisert, kan potensielt utnytte dette sikkerhetsproblemet, noe som kan føre til et brute force-angrep eller et ordlisteangrep mot påloggingsskjemaet RecoverPoint. Dette gjør det mulig for angripere å tvinge passordet til gyldige brukere på en automatisert måte. | 6.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
Affected Products & Remediation
| Produkt | Berørte versjoner | Utbedrede versjoner | Kobling |
|---|---|---|---|
| RecoverPoint for virtuelle maskiner | Versjon 5.3 SP2, 5.3 SP2 P1, 5.3 SP2 P2, 5.3 SP2 P4, 5.3 SP3 P1 og 5.3 SP3 P2 | Versjon 5.3.4.0 eller nyere | https://www.dell.com/support/home/product-support/product/recoverpoint-for-virtual-machines/drivers |
| Produkt | Berørte versjoner | Utbedrede versjoner | Kobling |
|---|---|---|---|
| RecoverPoint for virtuelle maskiner | Versjon 5.3 SP2, 5.3 SP2 P1, 5.3 SP2 P2, 5.3 SP2 P4, 5.3 SP3 P1 og 5.3 SP3 P2 | Versjon 5.3.4.0 eller nyere | https://www.dell.com/support/home/product-support/product/recoverpoint-for-virtual-machines/drivers |
Tabellen Berørte produkter og utbedring ovenfor er kanskje ikke en fullstendig liste over alle berørte støttede versjoner, og kan oppdateres etter hvert som mer informasjon blir tilgjengelig.
Dell anbefaler at du alltid oppgraderer til den nyeste versjonen/versjonen for produktet ditt
Dell anbefaler at du alltid oppgraderer til den nyeste versjonen/versjonen for produktet ditt
Revision History
| Revisjon | Dato | Beskrivelse |
|---|---|---|
| 1.0 | 2024-02-16 | Første lansering |
| 2.0 | 2024-07-18 | Oppdatert for forbedret presentasjon uten endringer i innhold. |
Related Information
Legal Disclaimer
Affected Products
RecoverPoint for Virtual MachinesArticle Properties
Article Number: 000222133
Article Type: Dell Security Advisory
Last Modified: 19 Jul 2024
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.