Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.
Sign In Create an Account Dell Financial Services Premier Sign In Partner Program Sign In
Contact Us

Your Dell.com Carts

DSA-2024-280: Security Update for Dell Avamar and Dell Avamar Virtual Edition Multiple Security Vulnerabilities.

Summary: Dell Avamar and Dell Avamar Virtual Edition remediation is available for multiple vulnerabilities that could be exploited by malicious users to compromise the affected system.

This article applies to   This article does not apply to 
Check out resources for

Impact

Critical

Details

Third-party Component CVEs More Information
Apache Ant CVE-2020-11979, CVE-2021-36374 See NVD link below for individual scores for each CVE. 
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Apache Struts CVE-2023-34149, CVE-2023-34396, CVE-2023-41835, CVE-2023-50164 See NVD link below for individual scores for each CVE. 
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Jetty: Java based HTTP/1.x, HTTP/2, Servlet, WebSocket Server CVE-2023-41900 See NVD link below for individual scores for each CVE. 
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
SnakeYAML CVE-2017-18640 See NVD link below for individual scores for each CVE. 
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

CVEs Addressed

 Product Software/Firmware Affected Version(s) Remediated Version Link
CVE-2020-11979, CVE-2021-36374, CVE-2023-34149, CVE-2023-34396, CVE-2023-41835, CVE-2023-50164, CVE-2023-41900, CVE-2017-18640 Dell Avamar Data Store Gen5A, Gen4T Dell Avamar operating system Versions 19.4, 19.7,19.8,19.9 and 19.10 Avamar 19.10 SP1 https://dl.dell.com/downloads/KYC7K_Avamar-19.10-SP1-for-Server-and-AVE-Upgrades.avp
CVE-2020-11979, CVE-2021-36374, CVE-2023-34149, CVE-2023-34396, CVE-2023-41835, CVE-2023-50164, CVE-2023-41900, CVE-2017-18640 Avamar Virtual Edition for VMware ESXi and vSphere Dell Avamar operating system Versions 19.4, 19.7,19.8,19.9 and 19.10 Avamar 19.10 SP1 https://dl.dell.com/downloads/NRDN1_Avamar-19.10-SP1-Virtual-Edition-for-VMware-ESXi-and-vSphere.7z
CVE-2020-11979, CVE-2021-36374, CVE-2023-34149, CVE-2023-34396, CVE-2023-41835, CVE-2023-50164, CVE-2023-41900, CVE-2017-18640 Avamar Virtual Edition for VMware vSphere only Dell Avamar operating system Versions 19.4, 19.7,19.8,19.9 and 19.10 Avamar 19.10 SP1 https://dl.dell.com/downloads/V0RPW_Avamar-19.10-SP1-Virtual-Edition-for-VMware-vSphere-only.ova
CVE-2020-11979, CVE-2021-36374, CVE-2023-34149, CVE-2023-34396, CVE-2023-41835, CVE-2023-50164, CVE-2023-41900, CVE-2017-18640 Avamar Virtual Edition for Hyper-V 2012 Dell Avamar operating system Versions 19.4, 19.7,19.8,19.9 and 19.10 Avamar 19.10 SP1 https://dl.dell.com/downloads/X59J2_Avamar-19.10-SP1-Virtual-Edition-for-Hyper-V-2012.7z
CVE-2020-11979, CVE-2021-36374, CVE-2023-34149, CVE-2023-34396, CVE-2023-41835, CVE-2023-50164, CVE-2023-41900, CVE-2017-18640 Avamar Virtual Edition for Hyper-V 2012R2, Hyper-V 2016, and Hyper-V 2019 Dell Avamar operating system Versions 19.4, 19.7,19.8,19.9 and 19.10 Avamar 19.10 SP1 https://dl.dell.com/downloads/163H4_Avamar-19.10-SP1-Virtual-Edition-for-Hyper-V-2012R2,-Hyper-V-2016,-and-Hyper-V-2019.7z
CVE-2020-11979, CVE-2021-36374, CVE-2023-34149, CVE-2023-34396, CVE-2023-41835, CVE-2023-50164, CVE-2023-41900, CVE-2017-18640 Avamar Virtual Edition for KVM/Open Stack KVM Dell Avamar operating system Versions 19.4, 19.7,19.8,19.9 and 19.10 Avamar 19.10 SP1 https://dl.dell.com/downloads/D3F1V_Avamar-19.10-SP1-Virtual-Edition-for-KVM-OpenStack-KVM.7z

CVEs Addressed

 Product Software/Firmware Affected Version(s) Remediated Version Link
CVE-2020-11979, CVE-2021-36374, CVE-2023-34149, CVE-2023-34396, CVE-2023-41835, CVE-2023-50164, CVE-2023-41900, CVE-2017-18640 Dell Avamar Data Store Gen5A, Gen4T Dell Avamar operating system Versions 19.4, 19.7,19.8,19.9 and 19.10 Avamar 19.10 SP1 https://dl.dell.com/downloads/KYC7K_Avamar-19.10-SP1-for-Server-and-AVE-Upgrades.avp
CVE-2020-11979, CVE-2021-36374, CVE-2023-34149, CVE-2023-34396, CVE-2023-41835, CVE-2023-50164, CVE-2023-41900, CVE-2017-18640 Avamar Virtual Edition for VMware ESXi and vSphere Dell Avamar operating system Versions 19.4, 19.7,19.8,19.9 and 19.10 Avamar 19.10 SP1 https://dl.dell.com/downloads/NRDN1_Avamar-19.10-SP1-Virtual-Edition-for-VMware-ESXi-and-vSphere.7z
CVE-2020-11979, CVE-2021-36374, CVE-2023-34149, CVE-2023-34396, CVE-2023-41835, CVE-2023-50164, CVE-2023-41900, CVE-2017-18640 Avamar Virtual Edition for VMware vSphere only Dell Avamar operating system Versions 19.4, 19.7,19.8,19.9 and 19.10 Avamar 19.10 SP1 https://dl.dell.com/downloads/V0RPW_Avamar-19.10-SP1-Virtual-Edition-for-VMware-vSphere-only.ova
CVE-2020-11979, CVE-2021-36374, CVE-2023-34149, CVE-2023-34396, CVE-2023-41835, CVE-2023-50164, CVE-2023-41900, CVE-2017-18640 Avamar Virtual Edition for Hyper-V 2012 Dell Avamar operating system Versions 19.4, 19.7,19.8,19.9 and 19.10 Avamar 19.10 SP1 https://dl.dell.com/downloads/X59J2_Avamar-19.10-SP1-Virtual-Edition-for-Hyper-V-2012.7z
CVE-2020-11979, CVE-2021-36374, CVE-2023-34149, CVE-2023-34396, CVE-2023-41835, CVE-2023-50164, CVE-2023-41900, CVE-2017-18640 Avamar Virtual Edition for Hyper-V 2012R2, Hyper-V 2016, and Hyper-V 2019 Dell Avamar operating system Versions 19.4, 19.7,19.8,19.9 and 19.10 Avamar 19.10 SP1 https://dl.dell.com/downloads/163H4_Avamar-19.10-SP1-Virtual-Edition-for-Hyper-V-2012R2,-Hyper-V-2016,-and-Hyper-V-2019.7z
CVE-2020-11979, CVE-2021-36374, CVE-2023-34149, CVE-2023-34396, CVE-2023-41835, CVE-2023-50164, CVE-2023-41900, CVE-2017-18640 Avamar Virtual Edition for KVM/Open Stack KVM Dell Avamar operating system Versions 19.4, 19.7,19.8,19.9 and 19.10 Avamar 19.10 SP1 https://dl.dell.com/downloads/D3F1V_Avamar-19.10-SP1-Virtual-Edition-for-KVM-OpenStack-KVM.7z
  • The CVEs remedied by this security update are listed.  The list not only have the new CVEs remedied by this update, but all the past CVEs included in this cumulative update.
  • The OS Rollup 2024 R1 CVE are also remediated by this release. DSA-2024-198
  • Dell recommends that you always upgrade to the latest release/version for your product.
  • IDPA 2.7.6 and prior versions are impacted. Fix will be available in the upcoming IDPA release.
  • To schedule platform security patch installation, or to upgrade your server, contact Dell Customer Support at https://www.dell.com/support/home/product-support/product/avamar/drivers

Revision History

Revision DateDescription
1.02024-06-26 Initial Release

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Disclaimer

Affected Products

Avamar, Avamar, Avamar Data Store, Avamar Data Store Gen4T, Avamar Data Store Gen5A, Avamar Server, Avamar Virtual Edition, Integrated Data Protection Appliance Family, Integrated Data Protection Appliance Software, Product Security Information
Article Properties
Article Number: 000226407
Article Type: Dell Security Advisory
Last Modified: 26 Jun 2024
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.
Article Properties
Article Number: 000226407
Article Type: Dell Security Advisory
Last Modified: 26 Jun 2024
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.