DSA-2021-083: Dell Unity, Dell UnityVSA, and Dell Unity XT Security Update for Multiple Vulnerabilities

Resumen: Dell Unity, Dell UnityVSA, and Dell Unity XT remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

Este artículo se aplica a Este artículo no se aplica a Este artículo no está vinculado a ningún producto específico. No se identifican todas las versiones del producto en este artículo.
Consulte estos recursos

Impacto

Critical

Detalles

Proprietary Code CVE(s) Description CVSSBase Score CVSS Vector String
CVE-2021-21547 Dell Unity, UnityVSA, and Unity XT versions prior to 5.0.7.0.5.008 contain a plain-text password storage vulnerability when the Dell Upgrade Readiness Utility is run on the system. The credentials of the Unisphere Administrator are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user. 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
 
Third-Party Component
 		 CVE(s) More information
Apache-Tomcat CVE-2019-0221 See NVD (http://nvd.nist.gov/) for individual scores for each CVE
CVE-2019-0232
CVE-2020-1935
CVE-2020-1938
CVE-2020-9484
CVE-2019-12418
CVE-2020-13935
CVE-2019-17563
CVE-2019-17569
Oracle Java SE CVE-2020-14779 Oracle Critical Patch Update - October 2020
CVE-2020-14781
CVE-2020-14782
CVE-2020-14792
CVE-2020-14796
CVE-2020-14797
CVE-2020-14798
CVE-2020-14803
Apache2 CVE-2020-1927 See NVD (http://nvd.nist.gov/) for individual scores for each CVE
CVE-2020-1934
CVE-2020-1938
Python CVE-2020-8492 See NVD (http://nvd.nist.gov/) for individual scores for each CVE
CVE-2019-9674
CVE-2019-18348

Proprietary Code CVE(s) Description CVSSBase Score CVSS Vector String
CVE-2021-21547 Dell Unity, UnityVSA, and Unity XT versions prior to 5.0.7.0.5.008 contain a plain-text password storage vulnerability when the Dell Upgrade Readiness Utility is run on the system. The credentials of the Unisphere Administrator are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user. 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
 
Third-Party Component
 		 CVE(s) More information
Apache-Tomcat CVE-2019-0221 See NVD (http://nvd.nist.gov/) for individual scores for each CVE
CVE-2019-0232
CVE-2020-1935
CVE-2020-1938
CVE-2020-9484
CVE-2019-12418
CVE-2020-13935
CVE-2019-17563
CVE-2019-17569
Oracle Java SE CVE-2020-14779 Oracle Critical Patch Update - October 2020
CVE-2020-14781
CVE-2020-14782
CVE-2020-14792
CVE-2020-14796
CVE-2020-14797
CVE-2020-14798
CVE-2020-14803
Apache2 CVE-2020-1927 See NVD (http://nvd.nist.gov/) for individual scores for each CVE
CVE-2020-1934
CVE-2020-1938
Python CVE-2020-8492 See NVD (http://nvd.nist.gov/) for individual scores for each CVE
CVE-2019-9674
CVE-2019-18348

Dell Technologies recomienda que todos los clientes tengan en cuenta tanto la puntuación base como cualquier otra puntuación ambiental y temporal relevante que pueda afectar la posible gravedad asociada con la vulnerabilidad de seguridad en particular.

Corrección y productos afectados

Product Affected Version(s) Updated Version(s) Link to Update
Dell Unity Operating Environment (OE) Versions prior to 5.0.7.0.5.008 5.0.7.0.5.008 https://www.dell.com/support/home/en-us/product-support/product/unity-all-flash-family/drivers
Dell Unity XT Operating Environment (OE) Versions prior to 5.0.7.0.5.008 5.0.7.0.5.008
Dell UnityVSA Operating Environment (OE) Versions prior to 5.0.7.0.5.008 5.0.7.0.5.008

Product Affected Version(s) Updated Version(s) Link to Update
Dell Unity Operating Environment (OE) Versions prior to 5.0.7.0.5.008 5.0.7.0.5.008 https://www.dell.com/support/home/en-us/product-support/product/unity-all-flash-family/drivers
Dell Unity XT Operating Environment (OE) Versions prior to 5.0.7.0.5.008 5.0.7.0.5.008
Dell UnityVSA Operating Environment (OE) Versions prior to 5.0.7.0.5.008 5.0.7.0.5.008

Soluciones alternativas y mitigaciones

Proprietary Code CVE(s) Workaround
CVE-2021-21547 Be sure to always use the latest version of the Dell Upgrade Readiness Utility. Older versions of the Upgrade Readiness Utility may log Unisphere Administrator credentials on Dell Unity, Dell UnityVSA, and Dell Unity XT products running on versions prior to OE 5.0.7.0.5.008. If an older version of the Upgrade Readiness Utility has been run on Dell EMC , Dell UnityVSA, and Dell Unity XT products using versions prior to OE 5.0.7.0.5.008, then change the Administrator password immediately.

Historial de revisiones

RevisionDateDescription
1.02021-04-19Initial Release

Información relacionada

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Descargo de responsabilidad

Productos afectados

Dell EMC Unity, Product Security Information, Dell Unity 300, Dell EMC Unity 300F, Dell EMC Unity 350F, Dell EMC Unity XT 380, Dell EMC Unity XT 380F, Dell EMC Unity 400, Dell EMC Unity 400F, Dell EMC Unity 450F, Dell EMC Unity XT 480 , Dell EMC Unity XT 480F, Dell EMC Unity 500, Dell EMC Unity 500F, Dell EMC Unity 550F, Dell EMC Unity 600, Dell EMC Unity 600F, Dell EMC Unity XT 680, Dell EMC Unity XT 680F, Dell EMC Unity XT 880, Dell EMC Unity XT 880F ...
Propiedades del artículo
Número del artículo: 000185484
Tipo de artículo: Dell Security Advisory
Última modificación: 18 sept 2025
Encuentre respuestas a sus preguntas de otros usuarios de Dell
Servicios de soporte
Compruebe si el dispositivo está cubierto por los servicios de soporte.