DSA-2025-071: Security update for Dell Avamar for Multiple Component Vulnerabilities.
摘要: Dell Avamar remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
本文章適用於
本文章不適用於
本文無關於任何特定產品。
本文未識別所有產品版本。
影響
Critical
詳細資料
|
Third-party Component |
CVEs |
More Information |
|
The FreeType Project |
CVE-2022-27404, CVE-2017-10672 |
See NVD link below for individual scores for each CVE. |
|
Dozer |
CVE-2014-9515 |
|
|
OpenSSH |
CVE-2023-38408 |
|
|
Curl |
CVE-2018-0500, CVE-2018-14618, CVE-2018-16839, CVE-2018-16842, CVE-2019-3822, CVE-2019-5481 |
See NVD link below for individual scores for each CVE. |
|
jackson-databind |
CVE-2019-14379, CVE-2019-14540, CVE-2019-16335, CVE-2019-16942, CVE-2019-16943, CVE-2019-17267, CVE-2019-17531, CVE-2019-20330, CVE-2020-8840, CVE-2020-9547, CVE-2020-9548, CVE-2020-10672, CVE-2020-10968, CVE-2020-10969, CVE-2020-11111, CVE-2020-11112, CVE-2020-11113, CVE-2020-11619, CVE-2020-11620, CVE-2020-14061, CVE-2020-14062, CVE-2020-14060, CVE-2020-14195, CVE-2020-25649 |
See NVD link below for individual scores for each CVE. |
|
POCO C++ Libraries |
CVE-2023-52389, CVE-2017-1000472 |
See NVD link below for individual scores for each CVE. |
|
mailx |
CVE-2014-7844 |
|
|
OpenSSL |
CVE-2011-4109 |
|
|
file |
CVE-2019-18218 |
|
|
TestNG |
CVE-2022-4065 |
|
|
Linux Kernel |
CVE-2017-1000112 |
|
|
Cyrus SASL |
CVE-2019-19906, CVE-2022-24407, CVE-2013-4122 |
See NVD link below for individual scores for each CVE. |
|
libffi |
CVE-2017-1000376 |
|
|
Gstreamer |
CVE-2021-3497, CVE-2021-3498, CVE-2022-1924, CVE-2022-1920, CVE-2022-1921, CVE-2022-1925, CVE-2022-2122, CVE-2021-3522, CVE-2006-4339, CVE-2022-1922, CVE-2022-1923 |
See NVD link below for individual scores for each CVE. |
|
e2fsprogs |
CVE-2019-5188 |
|
|
elfutils |
CVE-2018-18520 |
|
|
JBIG-KIT lossless image compression library 2 |
CVE-2013-6369 |
|
|
Jetty: Java based HTTP/1.x, HTTP/2, Servlet, WebSocket Server |
CVE-2021-34429 |
|
|
libpng |
CVE-2019-7317 |
|
|
LibYAML |
CVE-2014-9130 |
|
|
mutt |
CVE-2022-1328 |
|
|
OpenSC |
CVE-2018-16391 |
|
|
libgcrypt |
CVE-2018-0495 |
|
|
pypi/setuptools |
CVE-2022-40897 |
|
|
RPM |
CVE-2021-35939 |
|
|
util-linux |
CVE-2022-0563 |
|
|
Apache James MIME4J |
CVE-2022-45787 |
|
|
Network Time Protocol project (NTP) |
CVE-2023-26555 |
|
|
Readline |
CVE-2014-2524 |
|
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
|
CVE-2025-21117 |
Dell Avamar, version 19.4 or later, contains an access token reuse vulnerability in the AUI. A low privileged local attacker could potentially exploit this vulnerability, leading to fully impersonating the user. |
6.6 |
|
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
|
CVE-2025-21117 |
Dell Avamar, version 19.4 or later, contains an access token reuse vulnerability in the AUI. A low privileged local attacker could potentially exploit this vulnerability, leading to fully impersonating the user. |
6.6 |
受影響的產品與補救措施
|
Product |
Software/Firmware |
Affected Versions |
Remediated Versions |
Link |
|
Dell Avamar Data Store Gen5A, Gen4T |
Dell Avamar operating system |
Versions 19.4, 19.7,19.8,19.9,19.10 and 19.10 SP1 |
Version 19.12 or later |
https://dl.dell.com/downloads/TCM61_Avamar-19.12-for-Server-and-AVE-Upgrades.avp |
|
Avamar Virtual Edition for VMware ESXi and vSphere |
Dell Avamar operating system |
Versions 19.4, 19.7,19.8,19.9,19.10 and 19.10 SP1 |
Version 19.12 or later |
https://dl.dell.com/downloads/1GK63_Avamar-19.12-Virtual-Edition-for-VMware-ESXi-and-vSphere.7z |
|
Avamar Virtual Edition for VMware vSphere only |
Dell Avamar operating system |
Versions 19.4, 19.7,19.8,19.9,19.10 and 19.10 SP1 |
Version 19.12 or later |
https://dl.dell.com/downloads/KF9JJ_Avamar-19.12-Virtual-Edition-for-VMware-vSphere-only.ova |
|
Avamar Virtual Edition for Hyper-V 2012 |
Dell Avamar operating system |
Versions 19.4, 19.7,19.8,19.9,19.10 and 19.10 SP1 |
Version 19.12 or later |
https://dl.dell.com/downloads/5X67J_Avamar-19.12-Virtual-Edition-for-Hyper-V-2012.7z |
|
Avamar Virtual Edition for Hyper-V 2012R2, Hyper-V 2016, and Hyper-V 2019 |
Dell Avamar operating system |
Versions 19.4, 19.7,19.8,19.9,19.10 and 19.10 SP1 |
Version 19.12 or later |
|
|
Avamar Virtual Edition for KVM/Open Stack KVM |
Dell Avamar operating system |
Versions 19.4, 19.7,19.8,19.9,19.10 and 19.10 SP1 |
Version 19.12 or later |
https://dl.dell.com/downloads/0CJC4_Avamar-19.12-Virtual-Edition-for-KVM-OpenStack-KVM.7z |
|
Product |
Software/Firmware |
Affected Versions |
Remediated Versions |
Link |
|
Dell Avamar Data Store Gen5A, Gen4T |
Dell Avamar operating system |
Versions 19.4, 19.7,19.8,19.9,19.10 and 19.10 SP1 |
Version 19.12 or later |
https://dl.dell.com/downloads/TCM61_Avamar-19.12-for-Server-and-AVE-Upgrades.avp |
|
Avamar Virtual Edition for VMware ESXi and vSphere |
Dell Avamar operating system |
Versions 19.4, 19.7,19.8,19.9,19.10 and 19.10 SP1 |
Version 19.12 or later |
https://dl.dell.com/downloads/1GK63_Avamar-19.12-Virtual-Edition-for-VMware-ESXi-and-vSphere.7z |
|
Avamar Virtual Edition for VMware vSphere only |
Dell Avamar operating system |
Versions 19.4, 19.7,19.8,19.9,19.10 and 19.10 SP1 |
Version 19.12 or later |
https://dl.dell.com/downloads/KF9JJ_Avamar-19.12-Virtual-Edition-for-VMware-vSphere-only.ova |
|
Avamar Virtual Edition for Hyper-V 2012 |
Dell Avamar operating system |
Versions 19.4, 19.7,19.8,19.9,19.10 and 19.10 SP1 |
Version 19.12 or later |
https://dl.dell.com/downloads/5X67J_Avamar-19.12-Virtual-Edition-for-Hyper-V-2012.7z |
|
Avamar Virtual Edition for Hyper-V 2012R2, Hyper-V 2016, and Hyper-V 2019 |
Dell Avamar operating system |
Versions 19.4, 19.7,19.8,19.9,19.10 and 19.10 SP1 |
Version 19.12 or later |
|
|
Avamar Virtual Edition for KVM/Open Stack KVM |
Dell Avamar operating system |
Versions 19.4, 19.7,19.8,19.9,19.10 and 19.10 SP1 |
Version 19.12 or later |
https://dl.dell.com/downloads/0CJC4_Avamar-19.12-Virtual-Edition-for-KVM-OpenStack-KVM.7z |
- The CVEs remedied by this security update are listed. The list not only have the new CVEs remedied by this update, but all the past CVEs included in this cumulative update. Due to dependencies on the above fixes, it cannot be backported.
- The OS Rollup 2024 R3 CVE is included in the 19.12 release. For further information on the OS Rollup 2024 R3 see. DSA-2024-433
- Dell recommends that you always upgrade to the latest release/version for your product.
- To schedule platform security patch installation, or to upgrade your server, contact Dell Customer Support at https://www.dell.com/support/home/product-support/product/avamar/drivers
- CVE-2014-9515 corresponding to Dozer Third Party Component is also remediated as a part of Version 19.10 SP1 corresponding to DSA-2024-280
修訂歷史記錄
|
Revision |
Date |
Description |
|
1.0 |
2025-02-05 |
Initial Release |
相關資訊
法律免責聲明
受影響的產品
Avamar, Avamar Client, Avamar Client for VMware, Avamar Client for Windows, Avamar Data Store, Avamar Data Store Gen4T, Avamar Data Store Gen5A, Avamar Desktop/Laptop Option, Avamar Plug-in for Hyper-V VSS, Avamar Plug-in for NDMP, Avamar Server
, Avamar Virtual Edition
...
文章屬性
文章編號: 000281275
文章類型: Dell Security Advisory
上次修改時間: 09 9月 2025
向其他 Dell 使用者尋求您問題的答案
支援服務
檢查您的裝置是否在支援服務的涵蓋範圍內。