Article Number: 000201824
DSA-2022-107: Dell Data Protection Advisor Security Update for Stored Cross Site Scripting Vulnerability
Summary: Dell Data Protection Advisor (DPA) remediation is available for the Stored Cross Site Scripting Vulnerability that may be exploited by malicious users to compromise affected systems.
Article Content
Impact
Medium
Details
| Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-33935 | Dell Data Protection Advisor versions 19.6 and earlier contains a Stored Cross Site Scripting vulnerability. An attacker may potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the web browser runs the malicious code in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
| Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-33935 | Dell Data Protection Advisor versions 19.6 and earlier contains a Stored Cross Site Scripting vulnerability. An attacker may potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the web browser runs the malicious code in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Affected Products and Remediation
| Product | Affected Versions | Updated Version | Link to Update |
| Data Protection Advisor |
19.6 and earlier |
19.7 Build B4 | https://www.dell.com/support/home/product-support/product/data-protection-advisor/drivers |
| PowerProtect DP Series Appliance (IDPA) | IDPA 2.7.3 and earlier | IDPA 2.7.2 or IDPA 2.7.3 with DP Advisor 19.8 Build B33 patch | Steps to upgrade: PowerProtect DP Series Appliance and IDPA: Steps to upgrade DPA or Data Protection Advisor component out of band within the appliance |
| Product | Affected Versions | Updated Version | Link to Update |
| Data Protection Advisor |
19.6 and earlier |
19.7 Build B4 | https://www.dell.com/support/home/product-support/product/data-protection-advisor/drivers |
| PowerProtect DP Series Appliance (IDPA) | IDPA 2.7.3 and earlier | IDPA 2.7.2 or IDPA 2.7.3 with DP Advisor 19.8 Build B33 patch | Steps to upgrade: PowerProtect DP Series Appliance and IDPA: Steps to upgrade DPA or Data Protection Advisor component out of band within the appliance |
Revision History
| Revision | Date | Description |
| 1.0 | 2022-07-25 | Initial Release |
| 2.0 | 2023-03-06 | Added PowerProtect DP Series Appliance (IDPA) to Affected Products and Remediation section. |
| 3.0 | 2023-03-13 | Made some minor changes to links under "Link to Updates column" and Updated the "Affected Products" section under "Article Properties" |
| 4.0 | 2023-03-14 | Made changes to IDPA product-> "Link to Update" column |
| 5.0 | 2023-04-03 | Made changes to "Updated Version" & "Link to update" columns under "Affected Products and Remediation" section |
Related Information
Legal Information
Article Properties
Affected Product
PowerProtect Data Protection Appliance, Data Protection Advisor, PowerProtect Data Protection Software, Integrated Data Protection Appliance Family, Integrated Data Protection Appliance Software, Product Security Information
Last Published Date
03 Apr 2023
Version
5
Article Type
Dell Security Advisory