DSA-2021-134: Dell EMC Unisphere for PowerMax, Dell EMC Unisphere for PowerMax Virtual Appliance, Dell EMC Solutions Enabler Virtual Appliance, and Dell EMC PowerMax Embedded Management Security Update for Multiple Third-party Component Vulnerabilities

概要: Dell EMC Unisphere for PowerMax, Dell EMC Unisphere for PowerMax Virtual Appliance, Dell EMC Solutions Enabler Virtual Appliance, and Dell EMC PowerMax Embedded Management remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system. ...

影響

詳細

影響を受ける製品と修復

変更履歴

確認

法的免責事項

対象製品

フィードバックの提供

この記事は次に適用されます：この記事は次には適用されません：この記事は、特定の製品に関連付けられていません。すべての製品パージョンがこの記事に記載されているわけではありません。

他のリソースを確認する

影響

High

詳細

Proprietary Code CVE	Description	CVSSBase Score	CVSS Vector String
CVE-2021-21548	Dell EMC Unisphere for PowerMax versions before 9.1.0.27, Dell EMC Unisphere for PowerMax Virtual Appliance versions before 9.1.0.27, and PowerMax OS Release 5978 contain an improper certificate validation vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to carry out a man-in-the-middle attack by supplying a crafted certificate and intercepting the victim's traffic to view or modify a victim’s data in transit. Note: CVE-2021-21548 addresses incomplete fix for CVE-2020-5367.	7.4	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Third-party Component	CVEs	More information
JQuery	CVE-2015-9251	See NVD (http://nvd.nist.gov/) for individual scores for each CVE
sudo	CVE-2021-3156	See NVD (http://nvd.nist.gov/) for individual scores for each CVE
Oracle	CVE-2021-23841	See NVD (http://nvd.nist.gov/) for individual scores for each CVE
	CVE-2021-3450
	CVE-2021-2161
	CVE-2021-2163
Internet Explorer 11	CVE-2020-17052	See NVD (http://nvd.nist.gov/) for individual scores for each CVE
	CVE-2020-17053
	CVE-2020-17058
Microsoft .NET	CVE-2020-16937	See NVD (http://nvd.nist.gov/) for individual scores for each CVE
Windows 10	CVE-2020-0764	See NVD (http://nvd.nist.gov/) for individual scores for each CVE
	CVE-2020-1167
	CVE-2020-1599
	CVE-2020-16876
	CVE-2020-16887
	CVE-2020-16889
	CVE-2020-16890
	CVE-2020-16892
	CVE-2020-16895
	CVE-2020-16896
	CVE-2020-16897
	CVE-2020-16898
	CVE-2020-16899
	CVE-2020-16900
	CVE-2020-16902
	CVE-2020-16905
	CVE-2020-16907
	CVE-2020-16908
	CVE-2020-16909
	CVE-2020-16910
	CVE-2020-16911
	CVE-2020-16912
	CVE-2020-16913
	CVE-2020-16914
	CVE-2020-16915
	CVE-2020-16916
	CVE-2020-16919
	CVE-2020-16920
	CVE-2020-16921
	CVE-2020-16922
	CVE-2020-16923
	CVE-2020-16924
	CVE-2020-16927
	CVE-2020-16935
	CVE-2020-16936
	CVE-2020-16939
	CVE-2020-16940
	CVE-2020-16958
	CVE-2020-16959
	CVE-2020-16960
	CVE-2020-16961
	CVE-2020-16962
	CVE-2020-16963
	CVE-2020-16964
	CVE-2020-16967
	CVE-2020-16968
	CVE-2020-16972
	CVE-2020-16973
	CVE-2020-16974
	CVE-2020-16975
	CVE-2020-16976
	CVE-2020-16997
	CVE-2020-16998
	CVE-2020-16999
	CVE-2020-17000
	CVE-2020-17001
	CVE-2020-17004
	CVE-2020-17007
	CVE-2020-17011
	CVE-2020-17013
	CVE-2020-17014
	CVE-2020-17022
	CVE-2020-17024
	CVE-2020-17025
CVE-2020-17026
CVE-2020-17027
CVE-2020-17028
CVE-2020-17029
CVE-2020-17030
CVE-2020-17031
CVE-2020-17032
CVE-2020-17033
CVE-2020-17034
CVE-2020-17035
CVE-2020-17036
CVE-2020-17037
CVE-2020-17038
CVE-2020-17041
CVE-2020-17042
CVE-2020-17043
CVE-2020-17044
CVE-2020-17045
CVE-2020-17046
CVE-2020-17047
CVE-2020-17055
CVE-2020-17056
CVE-2020-17057
CVE-2020-17068
CVE-2020-17069
CVE-2020-17070
CVE-2020-17071
CVE-2020-17075
CVE-2020-17077
CVE-2020-17087
CVE-2020-17088
CVE-2020-17090
CVE-2020-17092
CVE-2020-17094
CVE-2020-17096
CVE-2020-17097
CVE-2020-17098
CVE-2020-17099
CVE-2020-17103
CVE-2020-17113
CVE-2020-17134
CVE-2020-17136
CVE-2020-17139
CVE-2020-17140
CVE-2021-1637
CVE-2021-1638
CVE-2021-1642
CVE-2021-1645
CVE-2021-1646
CVE-2021-1648
CVE-2021-1649
CVE-2021-1650
CVE-2021-1651
CVE-2021-1652
CVE-2021-1653
CVE-2021-1654
CVE-2021-1655
CVE-2021-1656
CVE-2021-1657
CVE-2021-1658
CVE-2021-1659
CVE-2021-1660
CVE-2021-1661
CVE-2021-1662
CVE-2021-1664
CVE-2021-1665
CVE-2021-1666
CVE-2021-1667
CVE-2021-1668
CVE-2021-1669
CVE-2021-1671
CVE-2021-1672
CVE-2021-1673
CVE-2021-1674
CVE-2021-1676
CVE-2021-1678
CVE-2021-1679
CVE-2021-1680
CVE-2021-1681
CVE-2021-1682
CVE-2021-1683
CVE-2021-1684
CVE-2021-1685
CVE-2021-1686
CVE-2021-1687
CVE-2021-1688
CVE-2021-1689
CVE-2021-1690
CVE-2021-1693
CVE-2021-1694
CVE-2021-1695
CVE-2021-1696
CVE-2021-1697
CVE-2021-1699
CVE-2021-1700
CVE-2021-1701
CVE-2021-1702
CVE-2021-1706
CVE-2021-1708
CVE-2021-1709
CVE-2021-1710

Proprietary Code CVE	Description	CVSSBase Score	CVSS Vector String
CVE-2021-21548	Dell EMC Unisphere for PowerMax versions before 9.1.0.27, Dell EMC Unisphere for PowerMax Virtual Appliance versions before 9.1.0.27, and PowerMax OS Release 5978 contain an improper certificate validation vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to carry out a man-in-the-middle attack by supplying a crafted certificate and intercepting the victim's traffic to view or modify a victim’s data in transit. Note: CVE-2021-21548 addresses incomplete fix for CVE-2020-5367.	7.4	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Third-party Component	CVEs	More information
JQuery	CVE-2015-9251	See NVD (http://nvd.nist.gov/) for individual scores for each CVE
sudo	CVE-2021-3156	See NVD (http://nvd.nist.gov/) for individual scores for each CVE
Oracle	CVE-2021-23841	See NVD (http://nvd.nist.gov/) for individual scores for each CVE
	CVE-2021-3450
	CVE-2021-2161
	CVE-2021-2163
Internet Explorer 11	CVE-2020-17052	See NVD (http://nvd.nist.gov/) for individual scores for each CVE
	CVE-2020-17053
	CVE-2020-17058
Microsoft .NET	CVE-2020-16937	See NVD (http://nvd.nist.gov/) for individual scores for each CVE
Windows 10	CVE-2020-0764	See NVD (http://nvd.nist.gov/) for individual scores for each CVE
	CVE-2020-1167
	CVE-2020-1599
	CVE-2020-16876
	CVE-2020-16887
	CVE-2020-16889
	CVE-2020-16890
	CVE-2020-16892
	CVE-2020-16895
	CVE-2020-16896
	CVE-2020-16897
	CVE-2020-16898
	CVE-2020-16899
	CVE-2020-16900
	CVE-2020-16902
	CVE-2020-16905
	CVE-2020-16907
	CVE-2020-16908
	CVE-2020-16909
	CVE-2020-16910
	CVE-2020-16911
	CVE-2020-16912
	CVE-2020-16913
	CVE-2020-16914
	CVE-2020-16915
	CVE-2020-16916
	CVE-2020-16919
	CVE-2020-16920
	CVE-2020-16921
	CVE-2020-16922
	CVE-2020-16923
	CVE-2020-16924
	CVE-2020-16927
	CVE-2020-16935
	CVE-2020-16936
	CVE-2020-16939
	CVE-2020-16940
	CVE-2020-16958
	CVE-2020-16959
	CVE-2020-16960
	CVE-2020-16961
	CVE-2020-16962
	CVE-2020-16963
	CVE-2020-16964
	CVE-2020-16967
	CVE-2020-16968
	CVE-2020-16972
	CVE-2020-16973
	CVE-2020-16974
	CVE-2020-16975
	CVE-2020-16976
	CVE-2020-16997
	CVE-2020-16998
	CVE-2020-16999
	CVE-2020-17000
	CVE-2020-17001
	CVE-2020-17004
	CVE-2020-17007
	CVE-2020-17011
	CVE-2020-17013
	CVE-2020-17014
	CVE-2020-17022
	CVE-2020-17024
	CVE-2020-17025
CVE-2020-17026
CVE-2020-17027
CVE-2020-17028
CVE-2020-17029
CVE-2020-17030
CVE-2020-17031
CVE-2020-17032
CVE-2020-17033
CVE-2020-17034
CVE-2020-17035
CVE-2020-17036
CVE-2020-17037
CVE-2020-17038
CVE-2020-17041
CVE-2020-17042
CVE-2020-17043
CVE-2020-17044
CVE-2020-17045
CVE-2020-17046
CVE-2020-17047
CVE-2020-17055
CVE-2020-17056
CVE-2020-17057
CVE-2020-17068
CVE-2020-17069
CVE-2020-17070
CVE-2020-17071
CVE-2020-17075
CVE-2020-17077
CVE-2020-17087
CVE-2020-17088
CVE-2020-17090
CVE-2020-17092
CVE-2020-17094
CVE-2020-17096
CVE-2020-17097
CVE-2020-17098
CVE-2020-17099
CVE-2020-17103
CVE-2020-17113
CVE-2020-17134
CVE-2020-17136
CVE-2020-17139
CVE-2020-17140
CVE-2021-1637
CVE-2021-1638
CVE-2021-1642
CVE-2021-1645
CVE-2021-1646
CVE-2021-1648
CVE-2021-1649
CVE-2021-1650
CVE-2021-1651
CVE-2021-1652
CVE-2021-1653
CVE-2021-1654
CVE-2021-1655
CVE-2021-1656
CVE-2021-1657
CVE-2021-1658
CVE-2021-1659
CVE-2021-1660
CVE-2021-1661
CVE-2021-1662
CVE-2021-1664
CVE-2021-1665
CVE-2021-1666
CVE-2021-1667
CVE-2021-1668
CVE-2021-1669
CVE-2021-1671
CVE-2021-1672
CVE-2021-1673
CVE-2021-1674
CVE-2021-1676
CVE-2021-1678
CVE-2021-1679
CVE-2021-1680
CVE-2021-1681
CVE-2021-1682
CVE-2021-1683
CVE-2021-1684
CVE-2021-1685
CVE-2021-1686
CVE-2021-1687
CVE-2021-1688
CVE-2021-1689
CVE-2021-1690
CVE-2021-1693
CVE-2021-1694
CVE-2021-1695
CVE-2021-1696
CVE-2021-1697
CVE-2021-1699
CVE-2021-1700
CVE-2021-1701
CVE-2021-1702
CVE-2021-1706
CVE-2021-1708
CVE-2021-1709
CVE-2021-1710

デル・テクノロジーズでは、すべてのお客様に対して、CVSSベーススコアに加えて、特定のセキュリティの脆弱性に付随する潜在的な重要度に影響する可能性のある現状スコアや環境スコアも考慮することをお勧めしています。

影響を受ける製品と修復

Product	Affected Versions	Updated Versions	Link to Update
Unisphere for PowerMax	Versions before 9.1.0.27	9.1.0.27 EEM: 9.1.0.856	https://www.dell.com/support/home/product-support/product/unisphere-powermax/drivers
Unisphere for PowerMax Virtual Appliance	Versions before 9.1.0.27	9.1.0.27 EEM: 9.1.0.856	https://www.dell.com/support/home/product-support/product/unisphere-powermax/drivers
Unisphere for PowerMax	Versions before 9.2.1.8	9.2.1.8 EEM: 9.2.1.187	https://www.dell.com/support/home/product-support/product/unisphere-powermax/drivers
Unisphere for PowerMax Virtual Appliance	Versions before 9.2.1.8	9.2.1.8 EEM: 9.2.1.187	https://www.dell.com/support/home/product-support/product/unisphere-powermax/drivers
Solutions Enabler	Versions before 9.1.0.16	9.1.0.16 EEM: 9.1.0.856	https://www.dell.com/support/home/product-support/product/solutions-enabler/drivers
Solutions Enabler Virtual Appliance	Versions before 9.1.0.16	9.1.0.16 EEM: 9.1.0.856	https://www.dell.com/support/home/product-support/product/solutions-enabler/drivers
Solutions Enabler	Versions before 9.2.1.2	9.2.1.2 EEM: 9.2.1.187	https://www.dell.com/support/home/product-support/product/solutions-enabler/drivers
Solutions Enabler Virtual Appliance	Versions before 9.2.1.2	9.2.1.2 EEM: 9.2.1.187	https://www.dell.com/support/home/product-support/product/solutions-enabler/drivers
PowerMax OS	5978	5978	Request OPT 583679 for Foxtail SR and Hickory SR

Notes:

CVE-2020-5367 was not fully addressed in the Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17.
DSA-2021-134 addresses the improper certificate validation vulnerability in the Dell EMC Unisphere for PowerMax version 9.1.0.27(CVE-2021-21548).
Dell EMC highly recommends all users upgrade Dell EMC Unisphere for PowerMax to version 9.1.0.27 at their earliest opportunity.

Product	Affected Versions	Updated Versions	Link to Update
Unisphere for PowerMax	Versions before 9.1.0.27	9.1.0.27 EEM: 9.1.0.856	https://www.dell.com/support/home/product-support/product/unisphere-powermax/drivers
Unisphere for PowerMax Virtual Appliance	Versions before 9.1.0.27	9.1.0.27 EEM: 9.1.0.856	https://www.dell.com/support/home/product-support/product/unisphere-powermax/drivers
Unisphere for PowerMax	Versions before 9.2.1.8	9.2.1.8 EEM: 9.2.1.187	https://www.dell.com/support/home/product-support/product/unisphere-powermax/drivers
Unisphere for PowerMax Virtual Appliance	Versions before 9.2.1.8	9.2.1.8 EEM: 9.2.1.187	https://www.dell.com/support/home/product-support/product/unisphere-powermax/drivers
Solutions Enabler	Versions before 9.1.0.16	9.1.0.16 EEM: 9.1.0.856	https://www.dell.com/support/home/product-support/product/solutions-enabler/drivers
Solutions Enabler Virtual Appliance	Versions before 9.1.0.16	9.1.0.16 EEM: 9.1.0.856	https://www.dell.com/support/home/product-support/product/solutions-enabler/drivers
Solutions Enabler	Versions before 9.2.1.2	9.2.1.2 EEM: 9.2.1.187	https://www.dell.com/support/home/product-support/product/solutions-enabler/drivers
Solutions Enabler Virtual Appliance	Versions before 9.2.1.2	9.2.1.2 EEM: 9.2.1.187	https://www.dell.com/support/home/product-support/product/solutions-enabler/drivers
PowerMax OS	5978	5978	Request OPT 583679 for Foxtail SR and Hickory SR

Notes:

CVE-2020-5367 was not fully addressed in the Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17.
DSA-2021-134 addresses the improper certificate validation vulnerability in the Dell EMC Unisphere for PowerMax version 9.1.0.27(CVE-2021-21548).
Dell EMC highly recommends all users upgrade Dell EMC Unisphere for PowerMax to version 9.1.0.27 at their earliest opportunity.

変更履歴

Revision	Date	Description
1.0	2021-07-22	Initial release: Q2 2021 Security Release for PowerMax Foxtail SR and Hickory SR releases.
2.0	2021-10-04	Version update and Note in CVE Description added. Affected Products and Remediation updated with details concerning, Note: CVE-2021-21548 addresses incomplete fix for CVE-2020-5367.

確認

CVE-2021-21548: Dell would like to thank Thorsten Tüllmann for reporting the Unisphere for PowerMax certificate validation issue.

法的免責事項

対象製品

PowerMax, PowerMax 2000, PowerMax 8000, Product Security Information, Solutions Enabler, Solutions Enabler Series, Unisphere for PowerMax

文書番号: 000189606

文書の種類: Dell Security Advisory

最終更新: 04 10月 2021

お使いのデバイスがサポートサービスの対象かどうかを確認してください。

DSA-2021-134: Dell EMC Unisphere for PowerMax, Dell EMC Unisphere for PowerMax Virtual Appliance, Dell EMC Solutions Enabler Virtual Appliance, and Dell EMC PowerMax Embedded Management Security Update for Multiple Third-party Component Vulnerabilities

影響

詳細

影響を受ける製品と修復

変更履歴

確認

関連情報

法的免責事項

対象製品

影響

詳細

影響を受ける製品と修復

変更履歴

確認

関連情報

法的免責事項

対象製品

文書のプロパティ

質問に対する他のDellユーザーからの回答を見つける

サポートサービス

文書のプロパティ

質問に対する他のDellユーザーからの回答を見つける

サポートサービス

DSA-2021-134: Dell EMC Unisphere for PowerMax, Dell EMC Unisphere for PowerMax Virtual Appliance, Dell EMC Solutions Enabler Virtual Appliance, and Dell EMC PowerMax Embedded Management Security Update for Multiple Third-party Component Vulnerabilities

詳細記事

影響

詳細

影響を受ける製品と修復

変更履歴

確認

関連情報

法的免責事項

対象製品

文書のプロパティ

質問に対する他のDellユーザーからの回答を見つける

サポート サービス

文書のプロパティ

質問に対する他のDellユーザーからの回答を見つける

サポート サービス

サポートサービス

サポートサービス