Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
Sign In Create an Account Dell Financial Services Premier Sign In Partner Program Sign In
Contact Us

Your Dell.com Carts

DSA-2024-092: Flere sikkerhetsproblemer sikkerhetsoppdatering for Dell RecoverPoint for virtuelle maskiner

Summary: Utbedring av Dell RecoverPoint for Virtual Machines er tilgjengelig for flere sikkerhetssårbarheter som ondsinnede brukere kan utnytte for å skade det berørte systemet.

This article applies to   This article does not apply to 
Check out resources for

Impact

Critical

Details

Tredjepartskomponent CVE-er Mer informasjon
Apache Commons FileUpload CVE-2023-24998 Se NVD-lenken nedenfor for poengsum for denne CVE-en. 
https://nvd.nist.gov/vuln/detail/CVE-2023-24998Denne hyperkoblingen tar deg til et nettsted utenfor Dell Technologies.
AWS SDK for Java CVE-2022-31159 Se NVD-lenken nedenfor for poengsum for denne CVE-en. 
https://nvd.nist.gov/vuln/detail/CVE-2022-31159Denne hyperkoblingen tar deg til et nettsted utenfor Dell Technologies.
azure-storage-blob CVE-2022-30187 Se NVD-lenken nedenfor for poengsum for denne CVE-en.
https://nvd.nist.gov/vuln/detail/CVE-2022-30187Denne hyperkoblingen tar deg til et nettsted utenfor Dell Technologies.
GNU C-biblioteket CVE-2009-5029, CVE-2010-4051, CVE-2010-4052, CVE-2011-1071, CVE-2011-1089, CVE-2011-1095, CVE-2011-1658, CVE-2011-1659, CVE-2011-2702, CVE-2011-4609, CVE-2011-5320, CVE-2012-3405, CVE-2011-1658, CVE-2011-1659, CVE-2011-2702, CVE-2011-4609, CVE-2011-5320, CVE-2012-3405, CVE-2011-3405 e-2012-3480, CVE-2012-4412, CVE-2012-4424, CVE-2012-6656, CVE-2013-1914, CVE-2013-2207, CVE-2013-4237, CVE-2013-4332, CVE-2013-4458, CVE-2013-4788, CVE-2013-7424, CVE-2015-0235 Se NVD-lenken nedenfor for individuelle poengsummer for hver CVE. 
http://nvd.nist.gov/Denne hyperkoblingen tar deg til et nettsted utenfor Dell Technologies.
H2-databasemotor CVE-2021-23463, CVE-2021-42392, CVE-2022-23221, CVE-2022-45868 Se NVD-lenken nedenfor for individuelle poengsummer for hver CVE. 
http://nvd.nist.gov/Denne hyperkoblingen tar deg til et nettsted utenfor Dell Technologies.
JSON-java CVE-2022-45688 Se NVD-lenken nedenfor for poengsum for denne CVE-en.
https://nvd.nist.gov/vuln/detail/CVE-2022-45688Denne hyperkoblingen tar deg til et nettsted utenfor Dell Technologies.
json-smart CVE-2021-31684 Se NVD-lenken nedenfor for poengsum for denne CVE-en.
https://nvd.nist.gov/vuln/detail/CVE-2021-31684Denne hyperkoblingen tar deg til et nettsted utenfor Dell Technologies.
Linux-kjernen CVE-2014-3534, CVE-2014-5077, CVE-2014-5206, CVE-2014-6418, CVE-2014-9940, CVE-2015-8660, CVE-2016-4558, CVE-2016-9777, CVE-2017-1000405, CVE-2017-12146, CVE-2017-17053, CVE-2017-17712, CVE-2017-18202, CVE-2017-6874, CVE-2017-7477, CVE-2018-15471, CVE-2018-18559, CVE-2019-14815, CVE-2019-15917, CVE-2020-12465, CVE-2020-27784, CVE-2020-29369, CVE-2020-35499, CVE-2021-22600, CVE-2021-23133, CVE-2021-29657, CVE-2021-4197, CVE-2022-1651, CVE-2022-1671, CVE-2022-1882, CVE-2022-1943, CVE-2022-1973, CVE-2022-2196, CVE-2022-28796, CVE-2022-28893, CVE-2022-2959, CVE-2022-32250, CVE-2022-3545, CVE-2022-39189, CVE-2022-41222, CVE-2022-4139, CVE-2022-4379, CVE-2022-47518, CVE-2022-47519, CVE-2022-2022 2-47520, CVE-2022-48424, CVE-2023-0045, CVE-2023-0266, CVE-2023-0386, CVE-2023-0461, CVE-2023-1252, CVE-2023-1390, CVE-2023-1652, CVE-2023-1855, CVE-2023-2006, CVE-2023-2008, CVE-2023-2248, CVE-2023-28464, CVE-2023-28466 Se NVD-lenken nedenfor for individuelle poengsummer for hver CVE. 
http://nvd.nist.gov/Denne hyperkoblingen tar deg til et nettsted utenfor Dell Technologies.
Lua CVE-2020-15888 Se NVD-lenken nedenfor for poengsum for denne CVE-en.
https://nvd.nist.gov/vuln/detail/CVE-2020-15888Denne hyperkoblingen tar deg til et nettsted utenfor Dell Technologies.
OpenSSL CVE-2006-7250, CVE-2009-0590, CVE-2009-0591, CVE-2009-0789, CVE-2009-1377, CVE-2009-1378, CVE-2009-1387, CVE-2009-2409, CVE-2009-3245, CVE-2009-3555, CVE-2009-4355, CVE-2010-0433, CVE-2010-0740, CVE-2010-0742, CVE-2010-3864, CVE-2010-4180, CVE-2009-4180 e-2010-4252, CVE-2011-0014, CVE-2011-1473, CVE-2011-1945, CVE-2011-3207, CVE-2011-3210, CVE-2011-4108, CVE-2011-4109, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619, CVE-2012-0027, CVE-2012-0884, CVE-2012-1165, CVE-2012-2110, CVE-2012-2333, CVE-2012-2686, CVE-2013-0166, CVE-2013-0169, CVE-2013-4353, CVE-2013-6449, CVE-2013-6450, CVE-2014-0076, CVE-2014-0160, CVE-2014-3569 Se NVD-lenken nedenfor for individuelle poengsummer for hver CVE. 
http://nvd.nist.gov/Denne hyperkoblingen tar deg til et nettsted utenfor Dell Technologies.
PostgreSQL JDBC-driver (pgjdbc) CVE-2022-21724, CVE-2022-26520, CVE-2022-31197, CVE-2022-41946 Se NVD-lenken nedenfor for individuelle poengsummer for hver CVE. 
http://nvd.nist.gov/Denne hyperkoblingen tar deg til et nettsted utenfor Dell Technologies.
Spring Framework CVE-2021-22060, CVE-2021-22096, CVE-2021-22118 Se NVD-lenken nedenfor for individuelle poengsummer for hver CVE. 
http://nvd.nist.gov/Denne hyperkoblingen tar deg til et nettsted utenfor Dell Technologies.
SQLite
 		 CVE-2015-3414, CVE-2015-3415, CVE-2015-3416, CVE-2015-3717, CVE-2015-5895, CVE-2015-6607, CVE-2016-6153, CVE-2017-10989, CVE-2018-20346, CVE-2018-20505, CVE-2018-20506, CVE-2018-8740, CVE-2019-1188 11, CVE-2019-16168, CVE-2019-19645, CVE-2019-19646, CVE-2019-8457, CVE-2020-11655, CVE-2020-11656, CVE-2020-13434, CVE-2020-13435, CVE-2020-13630, CVE-2020-13631, CVE-2020-13632, CVE-2020-15358 Se NVD-lenken nedenfor for individuelle poengsummer for hver CVE. 
http://nvd.nist.gov/Denne hyperkoblingen tar deg til et nettsted utenfor Dell Technologies.
Apache Tomcat CVE-2020-9484, CVE-2020-11996, CVE-2022-29885, CVE-2020-17527, CVE-2021-24122, CVE-2021-33037, CVE-2022-22965, CVE-2021-30640, CVE-2022-42252, CVE-2020-13943, CVE-2021-25122, CVE-2020-9494, CVE-2021-25329, CVE-2022-34305, CVE-2020-13934, CVE-2020-13935, CVE-2021-41079, CVE-2022-23181 Se NVD-lenken nedenfor for individuelle poengsummer for hver CVE. 
http://nvd.nist.gov/Denne hyperkoblingen tar deg til et nettsted utenfor Dell Technologies.
OpenSSH CVE-2021-28041 Se NVD-lenken nedenfor for individuelle score for CVE. 
http://nvd.nist.gov/Denne hyperkoblingen tar deg til et nettsted utenfor Dell Technologies.
SUSE Enterprise Linux-sikkerhetsoppdatering CVE-2017-0386, CVE-2022-3515, CVE-2022-1664, CVE-2022-0529, CVE-2022-0530, CVE-2022-31081, CVE-2022-2795, CVE-2022-38177, CVE-2022-38178, CVE-2022-1292, CVE-2022-2068, CVE-2022-29154, CVE-2022-43680, CVE-2022-31676, CVE-2021-28861, CVE-20222 -2963, CVE-2022-0561, CVE-2022-2519, CVE-2022-2520, CVE-2022-2521, CVE-2022-2867, CVE-2022-2868, CVE-2022-2869, CVE-2022-0562, CVE-2022-34266, CVE-2022-34526, CVE-2022-31252, CVE-2022-32206, CVE-2022-32208, CVE-2022-29458, CVE-2022-1615, CVE-2021-4203, CVE-2022-20368, CVE-2022-20369, CVE-2022-21385, CVE-2022-1462, CVE-2022-26373, CVE-2022-2639, CVE-2022-29581, CVE-2022-36879, CVE-2022-3028, CVE-2021-36690, CVE-2022-35737, CVE-2015-20107, CVE-2021-43527, CVE-2022-1587, CVE-2022-1587, CVE-2022-3028 -2022-2031, CVE-2022-32742, CVE-2022-32744, CVE-2022-32745, CVE-2022-32746, CVE-2022-24765, CVE-2022-29187, CVE-2022-24903, CVE-2022-21426, CVE-2022-21434, CVE-2022-21443, CVE-2022-21476, CVE-2022-21496, CVE-2016-3709, CVE-2021-46848, CVE-2022-1586, CVE-2022-21233, CVE-2020-12762, CVE-2022-29869, CVE-2022-40674, CVE-2020-29362, CVE-2022-2056, CVE-2022-2057, CVE-2022-2058, CVE-2022-21540, CVE-2022-21541, CVE-2022-34169, CVE-2020-35538, CVE-2015-8985, CVE-2020-26541 -2022-1012, CVE-2022-1679, CVE-2022-34903, CVE-2022-41848, CVE-2022-39188, CVE-2022-2663, CVE-2022-41218, CVE-2022-41973, CVE-2022-41974, CVE-2022-32221, CVE-2022-40303, CVE-2022-40304, CVE-2022-20132, CVE-2022-20141, CVE-2022-20154, CVE-2022-2318, CVE-2022-26365, CVE-2022-33740, CVE-2022-29900, CVE-2022-29901, CVE-2022-33981, CVE-2021-46828, CVE-2022-2097, CVE-2020-12825, CVE-2022-37434,CVE-2021-20266, CVE-2021-20271, CVE-2021-3421, CVE-2020-21913, CVE-2020-36557, CVE-2020-36558, CVE-2021-33655, CVE-2021-33656, CVE-2022-20166, CVE-2020-20166 22-36946, CVE-2021-3802, CVE-2022-2503, CVE-2022-20008, CVE-2020-36516, CVE-2022-2588, CVE-2022-2977, CVE-2021-4157, CVE-2022-3239 og CVE-2022-3303 Se SuSE-lenken nedenfor for individuelle poengsummer for CVE.
https://www.suse.com/Denne hyperkoblingen tar deg til et nettsted utenfor Dell Technologies.

CVE-er for rettighetsbeskyttet kode Beskrivelse CVSS-grunnpoengsum CVSS Vector-streng
CVE-2024-22426 Dell RecoverPoint for Virtual Machines 5.3.x inneholder et sikkerhetsproblem med OS-kommandoinjeksjon. En ekstern
angriper som ikke er autentisert, kan potensielt utnytte dette sikkerhetsproblemet, noe som kan føre til vilkårlige operativsystemkommandoer som kjøres i konteksten til rotbrukeren, slik at systemet blir skadet.		 7,2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HDenne hyperkoblingen tar deg til et nettsted utenfor Dell Technologies.
CVE-2024-22425 Dell RecoverPoint for Virtual Machines 5.3.x inneholder et sikkerhetsproblem med brute force/dictionary-angrep. En ekstern angriper som ikke er autentisert, kan potensielt utnytte dette sikkerhetsproblemet, noe som kan føre til et brute force-angrep eller et ordlisteangrep mot påloggingsskjemaet RecoverPoint. Dette gjør det mulig for angripere å tvinge passordet til gyldige brukere på en automatisert måte. 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NDenne hyperkoblingen tar deg til et nettsted utenfor Dell Technologies.
CVE-er for rettighetsbeskyttet kode Beskrivelse CVSS-grunnpoengsum CVSS Vector-streng
CVE-2024-22426 Dell RecoverPoint for Virtual Machines 5.3.x inneholder et sikkerhetsproblem med OS-kommandoinjeksjon. En ekstern
angriper som ikke er autentisert, kan potensielt utnytte dette sikkerhetsproblemet, noe som kan føre til vilkårlige operativsystemkommandoer som kjøres i konteksten til rotbrukeren, slik at systemet blir skadet.		 7,2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HDenne hyperkoblingen tar deg til et nettsted utenfor Dell Technologies.
CVE-2024-22425 Dell RecoverPoint for Virtual Machines 5.3.x inneholder et sikkerhetsproblem med brute force/dictionary-angrep. En ekstern angriper som ikke er autentisert, kan potensielt utnytte dette sikkerhetsproblemet, noe som kan føre til et brute force-angrep eller et ordlisteangrep mot påloggingsskjemaet RecoverPoint. Dette gjør det mulig for angripere å tvinge passordet til gyldige brukere på en automatisert måte. 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NDenne hyperkoblingen tar deg til et nettsted utenfor Dell Technologies.
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

Produkt Berørte versjoner Utbedrede versjoner Kobling
RecoverPoint for virtuelle maskiner Versjon 5.3 SP2, 5.3 SP2 P1, 5.3 SP2 P2, 5.3 SP2 P4, 5.3 SP3 P1 og 5.3 SP3 P2 Versjon 5.3.4.0 eller nyere https://www.dell.com/support/home/product-support/product/recoverpoint-for-virtual-machines/drivers
Produkt Berørte versjoner Utbedrede versjoner Kobling
RecoverPoint for virtuelle maskiner Versjon 5.3 SP2, 5.3 SP2 P1, 5.3 SP2 P2, 5.3 SP2 P4, 5.3 SP3 P1 og 5.3 SP3 P2 Versjon 5.3.4.0 eller nyere https://www.dell.com/support/home/product-support/product/recoverpoint-for-virtual-machines/drivers
Tabellen Berørte produkter og utbedring ovenfor er kanskje ikke en fullstendig liste over alle berørte støttede versjoner, og kan oppdateres etter hvert som mer informasjon blir tilgjengelig.

Dell anbefaler at du alltid oppgraderer til den nyeste versjonen/versjonen for produktet ditt

Revision History

RevisjonDatoBeskrivelse
1.02024-02-16Første lansering
2.02024-07-18Oppdatert for forbedret presentasjon uten endringer i innhold.

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Disclaimer

Affected Products

RecoverPoint for Virtual Machines