Article Number: 000225088
DSA-2024-192: Security Update for Data Protection Advisor and PowerProtect DP Series Appliance (IDPA) for Multiple Vulnerabilities
Summary: Data Protection Advisor and PowerProtect DP Series Appliance (IDPA) remediation is available for multiple third-party vulnerabilities that could be exploited by malicious users to compromise the affected system. ...
Article Content
Impact
High
Details
| Third-party Component | CVEs | More Information |
|---|---|---|
| Oracle Java SE (JRE8u401) |
CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-20922, CVE-2024-20923, CVE-2024-20925, CVE-2024-20926, CVE-2024-20932, CVE-2024-20945, CVE-2024-20952 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/  |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2024-28974 | Dell Data Protection Advisor, version(s) 19.9, contain(s) an Inadequate Encryption Strength vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service. | 7.6 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2024-28974 | Dell Data Protection Advisor, version(s) 19.9, contain(s) an Inadequate Encryption Strength vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service. | 7.6 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H |
Affected Products and Remediation
| CVE(s) Addressed | Product | Affected Versions | Remediated Versions | Link |
|---|---|---|---|---|
| CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-20922, CVE-2024-20923, CVE-2024-20925, CVE-2024-20926, CVE-2024-20932, CVE-2024-20945, CVE-2024-20952, CVE-2024-28974 |
Dell Protection Advisor | Versions 19.5 through 19.9 | Data Protection Advisor Agent 19.9 Build B120 or later | https://www.dell.com/support/home/product-support/product/data-protection-advisor/drivers |
| CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-20922, CVE-2024-20923, CVE-2024-20925, CVE-2024-20926, CVE-2024-20932, CVE-2024-20945, CVE-2024-20952, CVE-2024-28974 | PowerProtect DP Series Appliance (IDPA) | Version 2.7.6 and prior | Version 2.7.6 with Data Protection Advisor Agent 19.9 Build B120 | https://www.dell.com/support/home/product-support/product/data-protection-advisor/drivers |
| CVE(s) Addressed | Product | Affected Versions | Remediated Versions | Link |
|---|---|---|---|---|
| CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-20922, CVE-2024-20923, CVE-2024-20925, CVE-2024-20926, CVE-2024-20932, CVE-2024-20945, CVE-2024-20952, CVE-2024-28974 |
Dell Protection Advisor | Versions 19.5 through 19.9 | Data Protection Advisor Agent 19.9 Build B120 or later | https://www.dell.com/support/home/product-support/product/data-protection-advisor/drivers |
| CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-20922, CVE-2024-20923, CVE-2024-20925, CVE-2024-20926, CVE-2024-20932, CVE-2024-20945, CVE-2024-20952, CVE-2024-28974 | PowerProtect DP Series Appliance (IDPA) | Version 2.7.6 and prior | Version 2.7.6 with Data Protection Advisor Agent 19.9 Build B120 | https://www.dell.com/support/home/product-support/product/data-protection-advisor/drivers |
Revision History
| Revision | Date | Description |
| 1.0 | 2024-05-15 | Initial Release |
| 2.0 | 2024-05-27 | Added CVE-2024-28974 to "PROPRIERTARY CODE" as well as "AFFECTED PRODUCTS AND REMEDIATION" section. |
| 3.0 | 2024-05-28 | Updated for enhanced format presentation with no change to content |
Related Information
Legal Information
Article Properties
Affected Product
Data Protection Advisor, Integrated Data Protection Appliance Family, Integrated Data Protection Appliance Software, Product Security Information
Last Published Date
28 May 2024
Article Type
Dell Security Advisory