I was wondering which. if any Dell software is affected by the Log4j Vulnerability CVE-2021-44228? I did find an article which linked to a list of the software. However I cannot get to the list as it simply says, "This article is permission based. Find another article.".
DELL-Jesse L
Moderator
Moderator
•
16.7K Posts
0
December 20th, 2021 05:00
All, Information from our engineering team below/.
“Dell is reviewing the recent vulnerability disclosure in the Apache Log4j library to assess both our corporate network and our offerings. The security of our products and network is a top priority and critical to protecting our customers. We will communicate any security updates or mitigations, if necessary, at https://www.dell.com/support/security as they become available.”
jkupski
6 Posts
1
December 13th, 2021 12:00
Amazed that there is no consolidated response to this issue yet. Support states currently that iDRAC is unaffected but will not provide access to the text of the KB article with the statement "I understand the importance of the knowledge article, Our Senior engineer team is working diligently to find solutions, I would get back to you with the information as soon as possible."
I cannot wrap my head around how access to the "hey, are my systems going to be pwned by anyone who cares to" KB article is a "senior engineering team" issue, but that's the current guidance.
Johsm
1 Message
1
December 13th, 2021 15:00
Same issue did login with my Workaccount but are unable to fetch a list/article for impacted product/tools like DSM and other!
TeslaBMWandtherest
4 Posts
1
December 13th, 2021 23:00
same
varus99
1 Message
0
December 14th, 2021 01:00
Same
b4sty
2 Posts
0
December 14th, 2021 01:00
same
vys_james
1 Message
1
December 14th, 2021 07:00
Also experiencing this issue.
CeCe19
4 Posts
2
December 14th, 2021 09:00
I just got off a long support call with Dell. I was concerned about iDRAC and Open Manage - we don't use other Dell products. My tech support guy was informed by engineering that iDRAC is not affected. Open Manage Server is not affected. Open Manage Enterprise is affected, and a patch is expected to come out no sooner than Dec 17. The reason why my business account can't access the KB is unknown. He recommended contacting our Account Manager, although unfortunately he's out of office for a week.
BEPCWaco
2 Posts
0
December 14th, 2021 12:00
Same problem here. Spent an hour trying different ways to get to the KB article. Very frustrating. However, I was able to login using my boss' account and pull up the article. I have a Premier account with a whole bunch of computers and network devices registered. Yet I don't have the permission to view something that should have been public informaiton. How stupid is that!
CyberneticOrganism
3 Posts
0
December 14th, 2021 12:00
Then COPY & PASTE the article here; or at the very least: summarize it!
CyberneticOrganism
3 Posts
0
December 14th, 2021 12:00
Dell is getting like FaceBook - no TRUE support or response or accountability. It's a very sad state of affairs; and it's one reason people are abandoning Dell.
sanjivus
21 Posts
1
December 14th, 2021 12:00
same thing, cant access the page.
jkupski
6 Posts
0
December 14th, 2021 13:00
I got the same answer about iDRAC but they've also said SupportAssist Enterprise IS vulnerable, and iDRAC9 has some derivative of SupportAssist Enterprise built in. Not sure how these two datapoints square. My open support case sent me some KB article about how to get access to KB articles which was entirely unhelpful.
CeCe19
4 Posts
0
December 15th, 2021 07:00
I've been trying to copy/paste what I received from Dell but keep getting "Unexpected error". Possibly due to the formatting of the source. I'm going to try pasting to Notepad first then here.
Vulnerable Products
The following products are confirmed as impacted by the Apache Log4j vulnerability:
Product Mitigation/Workaround Security Update Release Timeline
APEX Console Patch in progress
APEX Data Storage Services Patch in progress
Cloud IQ Patch in progress
Connectrix B-Series SANnav Workaround expected 12/14
Data Domain OS Workaround expected 12/14
Dell EMC Avamar Workaround expected 12/14
Dell EMC Cloud Disaster Recovery Workaround expected 12/14
Dell EMC Data Protection Central TBD
Dell EMC Data Protection Search TBD
Dell EMC ECS Patch expected 12/14
Enterprise Hybrid Cloud TBD
Dell EMC Enterprise Storage Analytics for vRealize Operations Workaround expected 12/14
Dell EMC Integrated System for Microsoft Azure Stack Hub Workaround expected 12/14
Dell EMC NetWorker Workaround expected 12/14
Dell EMC PowerFlex Appliance Workaround expected 12/14
Dell EMC PowerFlex Rack TBD
Dell EMC PowerProtect Data Manager Workaround expected 12/14
Dell EMC PowerProtect DP Series Appliance (iDPA) Workaround expected 12/14
Dell EMC PowerStore TBD
Dell EMC RecoverPoint TBD
Dell EMC SRM vApp TBD
Dell EMC Streaming Data Platform TBD
Dell EMC Unity TBD
Dell EMC Vplex TBD
Dell EMC VxRail Workaround expected 12/14
Dell Open Management Enterprise - Modular TBD
DellEMC OpenManage Enterprise Services Patch expected 12/17
OpenManage Enterprise Patch expected 12/17
Secure Connect Gateway (SCG) 5.0 Appliance TBD
SupportAssist Enterprise TBD
Unisphere Central TBD
Vblock TBD
VNXe 1600 TBD
VNXe 3200 TBD
VxBlock TBD
VxFlex Ready Nodes Workaround expected 12/14
Wyse Management Suite Patch expected 12/14
Vulnerable Products
The following products are confirmed as impacted by the Apache Log4j vulnerability:
CeCe19
4 Posts
0
December 15th, 2021 08:00
Products still being reviewed:
• Dell Client Platforms (Latitude, OptiPlex, Alienware, Inspiron, Precision, XPS, Vostro, ChengMing) BIOS
• Connectrix (Cisco MDS 9000 switches)
• Connectrix (Cisco MDS DCNM)
• Dell EMC Container Storage Modules
• Dell EMC GeoDrive
• Dell EMC SourceOne
• Infinity MLK (firmware)
• ISG Comms
• ISG Drive & Storage Media
• ISG Memory
• Networking SD-WAN Edge
• Networking SD-WAN Edge (VEP Edge)
• Networking W-Series
• Riptide (firmware)
• SRS Policy Manager
• Warnado MLK (firmware)