Passer au contenu principal
  • Passer des commandes rapidement et facilement
  • Afficher les commandes et suivre l’état de votre expédition
  • Profitez de récompenses et de remises réservées aux membres
  • Créez et accédez à une liste de vos produits

DSA-2023-416: Security Update for Dell PowerProtect DP Series Appliance (IDPA) Infrastructure for Multiple Vulnerabilities.

Résumé: Dell PowerProtect DP Series Appliance (IDPA) remediation is available for multiple security vulnerabilities in Infrastructure that could be exploited by malicious users to compromise the affected system. ...

Cet article concerne Cet article ne concerne pas Cet article n’est associé à aucun produit spécifique. Toutes les versions du produit ne sont pas identifiées dans cet article.

Impact

Critical

Détails

Third-party Component

CVEs

More Information

VMWare (Hypervisor and Hypervisor Manager) 

CVE-2023-38408, CVE-2021-36368, CVE-2023-20892, CVE-2023-20893, CVE-2023-2089 , CVE-2023-20895, CVE-2023-20896, CVE-2022-22982, CVE-2022-31696, CVE-2022-31699, CVE-2021-21972, CVE-2022-21123, CVE-2022-21125, CVE-2022-21166, CVE-2022-29901, CVE-2022-28693, CVE-2022-23816, CVE-2022-23825, CVE-2022-26373, CVE-2022-31681, CVE-2021-22040, CVE-2021-22041, CVE-2021-22042, CVE-2021-22043, CVE-2021-22050, CVE-2022-22948, CVE-2023-34048, CVE-2023-34056, CVE-2023-20894 

See NVD link below for individual scores for each CVE.
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.

 

Dell iDRAC 

CVE-2022-34435 

DSA-2022-265

OpenSSL

CVE-2023-0215, CVE-2022-2068, CVE-2022-1292 

See NVD link below for individual scores for each CVE.  
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.

Oracle Java 

CVE-2023-21835, CVE-2023-21830, CVE-2023-21843, CVE-2022-39399, CVE-2022-34169, CVE-2022-21628, CVE-2022-21626, CVE-2022-21618, CVE-2022-21624, CVE-2022-21619, CVE-2022-21541, CVE-2022-21540, CVE-2022-21549, CVE‑2022‑39399, CVE‑2022‑34169, CVE‑2022‑21628, CVE-2022-21626, CVE-2022-21618, CVE-2022-21624, CVE-2022-21619, CVE-2022-21541, CVE-2022-21540, CVE-2022-21549

See NVD link below for individual scores for each CVE.  
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.

 

OpenLDAP

CVE-1999-0385 

https://nvd.nist.gov/vuln/detail/CVE-1999-0385 This hyperlink is taking you to a website outside of Dell Technologies.

OpenSSH

CVE-2008-5161 

https://www.suse.com/security/cve/CVE-2008-5161.htmlThis hyperlink is taking you to a website outside of Dell Technologies.

Apache Tomcat 

CVE-2022-45143, CVE-2022-42252, CVE-2022-34305, CVE-2022-29885, CVE-2021-43980, CVE-2021-30640 

See NVD link below for individual scores for each CVE.  
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.

 

Grub2 

CVE-2022-2601, CVE-2022-3775, CVE-2021-3695, CVE-2021- 3696, CVE-2021-3697, CVE-2021-3981 

See NVD link below for individual scores for each CVE.  
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.

Apache Log4j 

CVE-2021-44228, CVE-2021-45046 

Apache Log4j Remote Code ExecutionThis hyperlink is taking you to a website outside of Dell Technologies.

Erlang 

CVE-2022-37026 

https://nvd.nist.gov/vuln/detail/CVE-2022-37026This hyperlink is taking you to a website outside of Dell Technologies.

SUSE 

CVE-2022-0413, CVE-2022-0318, CVE-2021-4019, CVE-2022-2284, CVE-2022-0361, CVE-2022-1679, CVE-2020-0452, CVE-2022-1652, CVE-2022-1619, CVE-2022-0492, CVE-2022-0359, CVE-2017-17095, CVE-2022-24903, CVE-2022-2207, CVE-2022-1927, CVE-2022-2304, CVE-2021-4197, CVE-2022-27239, CVE-2022-1304, CVE-2022-2129, CVE-2022-2264, CVE-2022-29155, CVE-2022-2124, CVE-2022-0261, CVE-2022-1851, CVE-2022-2126, CVE-2022-2183, CVE-2022-1720, CVE-2021-4157, CVE-2022-2344, CVE-2020-35523, CVE-2021-3927, CVE-2022-2175, CVE-2021-4069, CVE-2021-4192, CVE-2022-23219, CVE-2021-4136, CVE-2021-4202, CVE-2022-0407, CVE-2022-1381, CVE-2022-0213, CVE-2021-30560, CVE-2021-3778, CVE-2022-2210, CVE-2022-0435, CVE-2022-2257, CVE-2022-1898, CVE-2022-2206, CVE-2021-43527, CVE-2022-25235, CVE-2022-23218, CVE-2021-20292, CVE-2022-20141, CVE-2022-0128, CVE-2022-0847, CVE-2021-3973, CVE-2021-3796, CVE-2022-2286, CVE-2022-1796, CVE-2022-1968, CVE-2022-1735, CVE-2021-3984, CVE-2021-3968, CVE-2022-1048, CVE-2021-39713, CVE-2021-4083, CVE-2020-35524, CVE-2022-2182, CVE-2021-45078, CVE-2022-2343, CVE-2022-2345, CVE-2022-1897, CVE-2021-0920, CVE-2022-2125, CVE-2022-0392, CVE-2022-25315, CVE-2022-25236, CVE-2022-23852, CVE-2022-24407, CVE-2022-2285, CVE-2019-17546, CVE-2021-3872, CVE-2021-0935, CVE-2021-3974, CVE-2022-1616, CVE-2022-2795, CVE-2022-38177, CVE-2023-38545, CVE-2023-38546

See SUSE link below for individual scores for each CVE. 
https://www.suse.com/security/cve/This hyperlink is taking you to a website outside of Dell Technologies.

Intel Ethernet 500 Series Controllers Firmware CVE-2022-36416, CVE-2022-36797 DSA-2023-016

Dell Technologies recommande à tous les clients de prendre en compte à la fois le score de base CVSS et les scores temporels et environnementaux pertinents qui peuvent avoir un impact sur la gravité potentielle associée à une faille de sécurité donnée.

Produits concernés et mesure corrective

Product

Affected Versions

Remediated Versions 

Link 

Integrated Data Protection Appliance (PowerProtect DP Series)

2.7.4 and prior 

2.7.6 

https://www.dell.com/support/home/product-support/product/integrated-data-protection-appliance/drivers

Product

Affected Versions

Remediated Versions 

Link 

Integrated Data Protection Appliance (PowerProtect DP Series)

2.7.4 and prior 

2.7.6 

https://www.dell.com/support/home/product-support/product/integrated-data-protection-appliance/drivers

Link to PowerProtect DP Series Installation and Upgrade guide 
Dell EMC PowerProtect DP Series Appliance 2.7.6 Installation and Upgrade Guide 
 
NOTE: IDPA versions prior to 2.7.6 use an obsolete Operating System for ACM and DPA components. IDPA 2.7.6 has updated the Operating Systems of ACM and DPA components to a supported version.

Historique des révisions

RevisionDateDescription
1.02023-23-21Initial release
2.02024-01-09Moved Installation & Upgrade guide to Additional Information section.
3.02024-01-09Updated 'More Information' column for Dell iDRAC & Apache Log4j
4.0-5.02024-01-09Added CVE-2023-38545, CVE-2023-38546 to SUSE Component
6.02024-01-22Updated for enhanced presentation with no changes to content.
7.02024-03-08Added CVE-2023-20894 to VMWare (Hypervisor and Hypervisor Manager) Component
8.02024-07-12Added Intel Ethernet 500 Series Controllers Firmware CVEs.

Informations connexes

Produits concernés

PowerProtect Data Protection Appliance, PowerProtect Data Protection Software, Integrated Data Protection Appliance Family, PowerProtect Data Protection Hardware, Integrated Data Protection Appliance Software
Propriétés de l’article
Numéro d’article: 000220651
Type d’article: Dell Security Advisory
Dernière modification: 12 juil. 2024
Trouvez des réponses à vos questions auprès d’autres utilisateurs Dell
Services de support
Vérifiez si votre appareil est couvert par les services de support.