Dell closes countless security vulnerabilities in Avamar, iDRAC, and NetWorker
The backup solutions Dell Avamar and NetWorker and the server remote management iDRAC are vulnerable.
(Image: Tatiana Popova/Shutterstock.com)
Dell developers have fixed a large number of vulnerabilities in components such as Apache Tomcat and Spring Security used by the backup solutions Avamar and NetWorker. The server remote management iDRAC also receives a security update.
Vulnerable Backup Solutions
In three advisories, Dell lists the now-closed security vulnerabilities in third-party components affecting Avamar and NetWorker.
- Dell NetWorker Multiple Third-Party Component Vulnerabilities
- Dell NetWorker Multiple Third-Party Component Vulnerabilities
- Dell Avamar, Dell Networker Virtual Edition (NVE), and Dell PowerProtect DP Series Appliance / Dell Integrated Data Protection Appliance (IDPA) Multiple Third-Party Vulnerabilities
These include components such as Apache HTTP Server, Expat, OpenSSL, and Vim. The majority of the fixed vulnerabilities date back to 2025. Among them are “critical” vulnerabilities (e.g., Samba CVE-2025-10230) that can allow malicious code to enter systems. However, vulnerabilities that are over ten years old have also been fixed (e.g., Apache HttpClient CVE-2015-5262 “medium”).
Videos by heise
Further Danger
Server administrators should update iDRAC service modules for Linux and Windows to the latest version. If this is not done, attackers with low user privileges can gain higher user privileges due to errors in access control (CVE-2026-23856). In an advisory, the developers assure that the security problem has been resolved in version 5.4.1.1. All previous versions are said to be vulnerable.
(des)
