Compellent

Start a Discussion

Dell Storage Manager Client / log4j update

Any info when there will be a new Dell Storage Manager Client released ?
Our antivirus software doesn't like the current version with the vulnerable log4j library

Replies (26)
Moderator
Moderator

Hello Stephan The Valley,

 

Dell is aware of the Apache Log4j Remote Code Execution vulnerability (CVE-2021-44228). Protecting our customers is our top priority, and we are assessing the impact to the security of our products.

 

For the most up to date details on the vulnerability response from Dell, please visit this landing page KB article: https://www.dell.com/support/kbdoc/en-us/000194372/dsn-2021-007-dell-response-to-apache-log4j-remote.... From this main page you can access links to the latest mitigations and security updates, as well as lists showing what product lines are/are not impacted, and the recommended security best practices.

 

For a full list of Dell products, their impact and remediations, please review the Apache Log4j Knowledge Base Article (https://www.dell.com/support/kbdoc/000194414). We will continuously update this document with the latest information.

 

2 Bronze
2 Bronze

Any news ? 

Because there is no remediation / mitigation / patch is pending ...

But the vulnerability is still here...

Hello clementBer,

 

All mitigations and security updates are posted at https://dell.to/3H2R3in, You can also subscribe to the Security Alerts and receive the latest updates.

 

Please ask me if you have any questions.

Maria Januszka

Social Media and Communities Professional

Dell Technologies| Enterprise Support Services

#Iwork4Dell

 

Did I answer your query? Please click on ‘Accept as Solution’

‘Kudo’ the posts you like!


Maria J
Social Media and Communities Professional
Dell Technologies | Enterprise Support Services
#Iwork4Dell

Did I answer your query? Please click on ‘Accept as Solution’
‘Kudo’ the posts you like!

Hi Maria Januszka,

as i said there is no remediation / mitigation / patch is pending for Dell Storage Manager, 

clementBer_0-1640184272737.png

Can you provide any usefull information ? Because we are vulnerable thanks to the Storage Manager, which serves to replication between our Compellent storage.

Hello clementBer,

 

I see current status: Patch pending  for Storage Center - Dell Storage Manager.

I can recommend Monitor this page (https://www.dell.com/support/kbdoc/000194414) and sign up for updates here (https://www.dell.com/support/security/en-us)

 

We are actively addressing this issue. Dell is aware of the Apache Log4j Remote Code Execution vulnerability CVE-2021-44228 (https://nvd.nist.gov/vuln/detail/CVE-2021-44228). Protecting our customers is our top priority, and we are assessing the impact to the security of our products.

 

We will post any mitigations and security updates at  https://www.dell.com/support/security, where you can also subscribe to the Security Alerts. A list of Dell products that are impacted, not impacted, or under review can be found at the following knowledge base link:  Apache Log4j Knowledge Base Article (https://www.dell.com/support/kbdoc/000194414)

@clementBer 

Oh... my understanding was that DSM referrers to the DSM Client because our file scan showing a log4j-2.x a week ago. Its a client app and we temporarily removed it from our admin consoles and leave only one left in a secured backend.
Because you speak about "replication" and thats what the DataCollector is needed for. The DC Appliance cant easily scanned because of a challenge Response code needed to get root access. For sure you can mount the vDisk in a nother Linux VM.

Can Dell please says which product is effected? I expect both because because Compellent use Java or ages. To make it more confusing is that Data Collector is also available as a Windows App.

Regards,
Joerg

This page seems to indicate they are the same thing:

https://dell.to/3pk0xj6

 

I'll have to put in a request to the Storage group to verify.

 

For sure they are completely different things. But since the Enterprise Manager was renamed to Dell Storage Manager the package contains different things like DataCollector or Client.  DataCollector and SCOS offering also a WebGUI names Unisphere so when uninstalling the DSM Client isnt a big deal and you will survive the next weeks until a new version comes around.
Because of ongoing flaws in log4j 2.0.15, 16 they released 17 a couple of days ago. All Vendors which patched their products already have to do it again.

I spoke with a storage engineer and was advised, Dell Storage Manager contains 2 different things. The Data Collector and the Client (DSM/Unisphere). They will both be updated together.  Based on the link it looks like it will be in January:  Patch expected 1/10/22

https://www.dell.com/support/kbdoc/000194414


Dell -Charles R
Social Media and Communities Professional
Dell Technologies | Enterprise Support Services
#IWork4Dell

Did I answer your query? Please click on ‘Accept as Solution’. ‘Kudo’ the posts you like!

Top Contributor
Latest Solutions