DSA-2021-083: Dell Unity, Dell UnityVSA, and Dell Unity XT Security Update for Multiple Vulnerabilities

Résumé: Dell Unity, Dell UnityVSA, and Dell Unity XT remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

Cet article concerne Cet article ne concerne pas Cet article n’est associé à aucun produit spécifique. Toutes les versions du produit ne sont pas identifiées dans cet article.
Consulter d’autres ressources

Impact

Critical

Détails

Proprietary Code CVE(s) Description CVSSBase Score CVSS Vector String
CVE-2021-21547 Dell Unity, UnityVSA, and Unity XT versions prior to 5.0.7.0.5.008 contain a plain-text password storage vulnerability when the Dell Upgrade Readiness Utility is run on the system. The credentials of the Unisphere Administrator are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user. 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
 
Third-Party Component
 		 CVE(s) More information
Apache-Tomcat CVE-2019-0221 See NVD (http://nvd.nist.gov/) for individual scores for each CVE
CVE-2019-0232
CVE-2020-1935
CVE-2020-1938
CVE-2020-9484
CVE-2019-12418
CVE-2020-13935
CVE-2019-17563
CVE-2019-17569
Oracle Java SE CVE-2020-14779 Oracle Critical Patch Update - October 2020
CVE-2020-14781
CVE-2020-14782
CVE-2020-14792
CVE-2020-14796
CVE-2020-14797
CVE-2020-14798
CVE-2020-14803
Apache2 CVE-2020-1927 See NVD (http://nvd.nist.gov/) for individual scores for each CVE
CVE-2020-1934
CVE-2020-1938
Python CVE-2020-8492 See NVD (http://nvd.nist.gov/) for individual scores for each CVE
CVE-2019-9674
CVE-2019-18348

Proprietary Code CVE(s) Description CVSSBase Score CVSS Vector String
CVE-2021-21547 Dell Unity, UnityVSA, and Unity XT versions prior to 5.0.7.0.5.008 contain a plain-text password storage vulnerability when the Dell Upgrade Readiness Utility is run on the system. The credentials of the Unisphere Administrator are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user. 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
 
Third-Party Component
 		 CVE(s) More information
Apache-Tomcat CVE-2019-0221 See NVD (http://nvd.nist.gov/) for individual scores for each CVE
CVE-2019-0232
CVE-2020-1935
CVE-2020-1938
CVE-2020-9484
CVE-2019-12418
CVE-2020-13935
CVE-2019-17563
CVE-2019-17569
Oracle Java SE CVE-2020-14779 Oracle Critical Patch Update - October 2020
CVE-2020-14781
CVE-2020-14782
CVE-2020-14792
CVE-2020-14796
CVE-2020-14797
CVE-2020-14798
CVE-2020-14803
Apache2 CVE-2020-1927 See NVD (http://nvd.nist.gov/) for individual scores for each CVE
CVE-2020-1934
CVE-2020-1938
Python CVE-2020-8492 See NVD (http://nvd.nist.gov/) for individual scores for each CVE
CVE-2019-9674
CVE-2019-18348

Dell Technologies recommande à tous les clients de prendre en compte à la fois le score de base CVSS et les scores temporels et environnementaux pertinents qui peuvent avoir un impact sur la gravité potentielle associée à une faille de sécurité donnée.

Produits concernés et mesure corrective

Product Affected Version(s) Updated Version(s) Link to Update
Dell Unity Operating Environment (OE) Versions prior to 5.0.7.0.5.008 5.0.7.0.5.008 https://www.dell.com/support/home/en-us/product-support/product/unity-all-flash-family/drivers
Dell Unity XT Operating Environment (OE) Versions prior to 5.0.7.0.5.008 5.0.7.0.5.008
Dell UnityVSA Operating Environment (OE) Versions prior to 5.0.7.0.5.008 5.0.7.0.5.008

Product Affected Version(s) Updated Version(s) Link to Update
Dell Unity Operating Environment (OE) Versions prior to 5.0.7.0.5.008 5.0.7.0.5.008 https://www.dell.com/support/home/en-us/product-support/product/unity-all-flash-family/drivers
Dell Unity XT Operating Environment (OE) Versions prior to 5.0.7.0.5.008 5.0.7.0.5.008
Dell UnityVSA Operating Environment (OE) Versions prior to 5.0.7.0.5.008 5.0.7.0.5.008

Solutions de contournement et mesures d’atténuation

Proprietary Code CVE(s) Workaround
CVE-2021-21547 Be sure to always use the latest version of the Dell Upgrade Readiness Utility. Older versions of the Upgrade Readiness Utility may log Unisphere Administrator credentials on Dell Unity, Dell UnityVSA, and Dell Unity XT products running on versions prior to OE 5.0.7.0.5.008. If an older version of the Upgrade Readiness Utility has been run on Dell EMC , Dell UnityVSA, and Dell Unity XT products using versions prior to OE 5.0.7.0.5.008, then change the Administrator password immediately.

Historique des révisions

RevisionDateDescription
1.02021-04-19Initial Release

Informations connexes

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Mention légale

Produits concernés

Dell EMC Unity, Product Security Information, Dell Unity 300, Dell EMC Unity 300F, Dell EMC Unity 350F, Dell EMC Unity XT 380, Dell EMC Unity XT 380F, Dell EMC Unity 400, Dell EMC Unity 400F, Dell EMC Unity 450F, Dell EMC Unity XT 480 , Dell EMC Unity XT 480F, Dell EMC Unity 500, Dell EMC Unity 500F, Dell EMC Unity 550F, Dell EMC Unity 600, Dell EMC Unity 600F, Dell EMC Unity XT 680, Dell EMC Unity XT 680F, Dell EMC Unity XT 880, Dell EMC Unity XT 880F ...
Propriétés de l’article
Numéro d’article: 000185484
Type d’article: Dell Security Advisory
Dernière modification: 18 sept. 2025
Trouvez des réponses à vos questions auprès d’autres utilisateurs Dell
Services de support
Vérifiez si votre appareil est couvert par les services de support.