DSA-2021-274: Dell EMC Data Domain Security Update for Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228 and CVE-2021-45046)

详细文章

影响

详情

受影响的产品和补救措施

解决方法和缓解措施

修订历史记录

摘要: Dell EMC Data Domain workaround and mitigation is available before remediation for the Apache Log4j Remote Code Execution Vulnerability that may be exploited by malicious users to compromise the affected system. Dell recommends implementing this remediation as soon as possible in light of the critical severity of the vulnerability. ...

本文适用于本文不适用于本文并非针对某种特定的产品。本文并非包含所有产品版本。

查看其他资源

影响

Critical

详情

Third-party Component	CVEs	More information
Apache Log4J	CVE-2021-44228	Apache Log4j Remote Code Execution
	CVE-2021-45046	Apache Log4j Remote Code Execution

Third-party Component	CVEs	More information
Apache Log4J	CVE-2021-44228	Apache Log4j Remote Code Execution
	CVE-2021-45046	Apache Log4j Remote Code Execution

Dell Technologies 建议所有客户考虑 CVSS 基本分数以及任何相关的时间和环境分数，这可能会影响与特定安全漏洞相关的潜在严重程度。

受影响的产品和补救措施

Product	Affected Versions	Updated Versions	Link to Update
Data Domain (PowerProtect DD DDMC and DDSM)	Versions from 7.3.0.5 to 7.7.0.6 Note: All 6.x,7.0.x,7.1.x,7.2.x. 7.7.0.7 and later, 7.6.0.30 and later are not impacted.	7.8.0.0 or later 7.7.1.0 or later	7.8.0.0 upgrades DDOS to 7.8 release 7.7.1.0 upgrades DDOS to 7.7 release These releases include log4j 2.17.1. For more details about DDOS versions available for download, see the Dell KB article links below (requires log in to Dell Support to view articles): https://www.dell.com/support/kbdoc/334649 https://www.dell.com/support/kbdoc/525902
Data Domain (PowerProtect DD DDMC and DDSM)	Versions from 7.3.0.5 to 7.7.0.6. Note: All 6.x,7.0.x,7.1.x,7.2.x. 7.7.0.7 and later, 7.6.0.30 and later are not impacted.	No change	Minimum Disruptive Upgrades (MDU) Log4j to 2.17.1 with no change to the DDOS version. See the Dell KB article link below for instructions and download (requires log in to Dell Support to view article): https://www.dell.com/support/kbdoc/000195510

Notes:

Log4j 2.16 resolves the vulnerabilities for CVE-2021-44228 and CVE-2021-45046.
Log4j 2.17 or later is required to resolve CVE-2021-45105 and CVE-2021-44832, but they do not impact PowerProtect DD DDMC and DDSM. See Dell KB article 186467: Dell EMC DataDomain False Positive Security Vulnerabilities for details.
Log4j 2.17.1 is also available in DDOS 7.2 (DDOS 7.2.0.90 or later) and DDOS 6.2 (DDOS 6.2.1.80 or later).

Product	Affected Versions	Updated Versions	Link to Update
Data Domain (PowerProtect DD DDMC and DDSM)	Versions from 7.3.0.5 to 7.7.0.6 Note: All 6.x,7.0.x,7.1.x,7.2.x. 7.7.0.7 and later, 7.6.0.30 and later are not impacted.	7.8.0.0 or later 7.7.1.0 or later	7.8.0.0 upgrades DDOS to 7.8 release 7.7.1.0 upgrades DDOS to 7.7 release These releases include log4j 2.17.1. For more details about DDOS versions available for download, see the Dell KB article links below (requires log in to Dell Support to view articles): https://www.dell.com/support/kbdoc/334649 https://www.dell.com/support/kbdoc/525902
Data Domain (PowerProtect DD DDMC and DDSM)	Versions from 7.3.0.5 to 7.7.0.6. Note: All 6.x,7.0.x,7.1.x,7.2.x. 7.7.0.7 and later, 7.6.0.30 and later are not impacted.	No change	Minimum Disruptive Upgrades (MDU) Log4j to 2.17.1 with no change to the DDOS version. See the Dell KB article link below for instructions and download (requires log in to Dell Support to view article): https://www.dell.com/support/kbdoc/000195510

Notes:

Log4j 2.16 resolves the vulnerabilities for CVE-2021-44228 and CVE-2021-45046.
Log4j 2.17 or later is required to resolve CVE-2021-45105 and CVE-2021-44832, but they do not impact PowerProtect DD DDMC and DDSM. See Dell KB article 186467: Dell EMC DataDomain False Positive Security Vulnerabilities for details.
Log4j 2.17.1 is also available in DDOS 7.2 (DDOS 7.2.0.90 or later) and DDOS 6.2 (DDOS 6.2.1.80 or later).

解决方法和缓解措施

Disable UI using command "adminaccess disable HTTP" and "adminaccess disable HTTPS"

See Dell KB article 126375: PowerProtect and Data Domain core documents to view the Dell EMC DD OS Command Reference Guide for details.

修订历史记录

Revision	Date	Description
1.0	2021-12-15	Initial Release
1.1	2021-12-17	Update released
1.2	2021-12-29	updated versions and workaround section
1.3	2022-01-04	Added not impacted products
1.4	2022-01-28	Added updated version 7.7.1.0
1.5	2022-04-20	Updated Affected Products table

法律免责声明

受影响的产品

Data Domain, Data Domain, Product Security Information

文章编号: 000194503

文章类型: Dell Security Advisory

上次修改时间: 19 9月 2025

DSA-2021-274: Dell EMC Data Domain Security Update for Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228 and CVE-2021-45046)

影响

详情

受影响的产品和补救措施

解决方法和缓解措施

修订历史记录

相关信息

法律免责声明

受影响的产品

文章属性

从其他戴尔用户那里查找问题的答案

支持服务

文章属性

从其他戴尔用户那里查找问题的答案

支持服务

DSA-2021-274: Dell EMC Data Domain Security Update for Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228 and CVE-2021-45046)

详细文章

影响

详情

受影响的产品和补救措施

解决方法和缓解措施

修订历史记录

相关信息

法律免责声明

受影响的产品

影响

详情

受影响的产品和补救措施

解决方法和缓解措施

修订历史记录

相关信息

法律免责声明

受影响的产品

文章属性

从其他戴尔用户那里查找问题的答案

支持服务

文章属性

从其他戴尔用户那里查找问题的答案

支持服务

DSA-2021-274: Dell EMC Data Domain Security Update for Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228 and CVE-2021-45046)