Article Number: 000226456
DSA-2024-279: Security Update for Data Protection Advisor for Multiple Vulnerabilities
Summary: Data Protection Advisor remediation is available for multiple vulnerabilities that could be exploited by malicious users to compromise the affected system.
Article Content
Impact
Critical
Details
| Third-party Component | CVEs | More Information |
|---|---|---|
| Oracle Java SE (JRE8u411) |
CVE-2024-21892, CVE-2023-41993, CVE-2024-20954, CVE-2024-21098, CVE-2024-21085, CVE-2024-21011, CVE-2024-21068, CVE-2024-21094, CVE-2024-21012, CVE-2024-21003, CVE-2024-21005, CVE-2024-21002, CVE-2024-21004 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/  |
| jackson-databind |
CVE-2020-25649, CVE-2020-36518, CVE-2022-42003, CVE-2022-42004, CVE-2021-46877, CVE-2023-35116 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2024-28974 | Dell Data Protection Advisor, version(s) 19.9, contain(s) an Inadequate Encryption Strength vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service. | 7.6 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2024-28974 | Dell Data Protection Advisor, version(s) 19.9, contain(s) an Inadequate Encryption Strength vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service. | 7.6 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H |
Affected Products and Remediation
| CVEs Addressed | Product | Affected Versions | Remediated Versions | Link |
|---|---|---|---|---|
| CVE-2024-21892, CVE-2023-41993, CVE-2024-20954, CVE-2024-21098, CVE-2024-21085, CVE-2024-21011, CVE-2024-21068, CVE-2024-21094, CVE-2024-21012, CVE-2024-21003, CVE-2024-21005, CVE-2024-21002, CVE-2024-21004, CVE-2024-28974, CVE-2020-25649, CVE-2020-36518, CVE-2022-42003, CVE-2022-42004, CVE-2021-46877, CVE-2023-35116 |
Dell Protection Advisor | Versions 19.7,19.8,19.9 and 19.10 | Version Data Protection Advisor Agent 19.10 - Build 46 | https://www.dell.com/support/home/product-support/product/data-protection-advisor/drivers |
| CVEs Addressed | Product | Affected Versions | Remediated Versions | Link |
|---|---|---|---|---|
| CVE-2024-21892, CVE-2023-41993, CVE-2024-20954, CVE-2024-21098, CVE-2024-21085, CVE-2024-21011, CVE-2024-21068, CVE-2024-21094, CVE-2024-21012, CVE-2024-21003, CVE-2024-21005, CVE-2024-21002, CVE-2024-21004, CVE-2024-28974, CVE-2020-25649, CVE-2020-36518, CVE-2022-42003, CVE-2022-42004, CVE-2021-46877, CVE-2023-35116 |
Dell Protection Advisor | Versions 19.7,19.8,19.9 and 19.10 | Version Data Protection Advisor Agent 19.10 - Build 46 | https://www.dell.com/support/home/product-support/product/data-protection-advisor/drivers |
The Affected Products and Remediation table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
- Dell recommends that you always upgrade to the latest release/version for your product
- IDPA 2.7.6 and prior versions are impacted. Fix will be available in the upcoming IDPA release.
- To schedule platform security patch installation, or to upgrade your server, contact Dell Customer Support at https://www.dell.com/support/home/en-us/.
Revision History
| Revision | Date | Description |
| 1.0 | 2024-06-27 | Initial Release |
| 2.0 | 2024-07-04 | Updated for enhanced format presentation with no change to content |
Related Information
Legal Information
Article Properties
Affected Product
PowerProtect Data Protection Appliance, Data Protection Advisor, PowerProtect Data Protection Software, Integrated Data Protection Appliance Family, PowerProtect Data Protection Hardware, Integrated Data Protection Appliance Software
, Product Security Information
...
Last Published Date
04 Jul 2024
Article Type
Dell Security Advisory