DSA-2021-274: Dell EMC Data Domain Security Update for Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228 and CVE-2021-45046)

概要: Dell EMC Data Domain workaround and mitigation is available before remediation for the Apache Log4j Remote Code Execution Vulnerability that may be exploited by malicious users to compromise the affected system. Dell recommends implementing this remediation as soon as possible in light of the critical severity of the vulnerability. ...

この記事は次に適用されます: この記事は次には適用されません: この記事は、特定の製品に関連付けられていません。 すべての製品パージョンがこの記事に記載されているわけではありません。
他のリソースを確認する

影響

Critical

詳細

Third-party Component CVEs More information
Apache Log4J CVE-2021-44228 Apache Log4j Remote Code Execution 
  CVE-2021-45046  Apache Log4j Remote Code Execution
Third-party Component CVEs More information
Apache Log4J CVE-2021-44228 Apache Log4j Remote Code Execution 
  CVE-2021-45046  Apache Log4j Remote Code Execution
デル・テクノロジーズでは、すべてのお客様に対して、CVSSベース スコアに加えて、特定のセキュリティの脆弱性に付随する潜在的な重要度に影響する可能性のある現状スコアや環境スコアも考慮することをお勧めしています。

影響を受ける製品と修復

Product  Affected Versions  Updated Versions  Link to Update 
Data Domain (PowerProtect DD DDMC and DDSM) 
 		 Versions from 7.3.0.5 to 7.7.0.6  
 
Note: All 6.x,7.0.x,7.1.x,7.2.x. 7.7.0.7 and later, 7.6.0.30 and later are not impacted.		 7.8.0.0 or later
7.7.1.0 or later		 7.8.0.0 upgrades DDOS to 7.8 release
7.7.1.0 upgrades DDOS to 7.7 release

These releases include log4j 2.17.1.
For more details about DDOS versions available for download, see the Dell KB article links below (requires log in to Dell Support to view articles):
https://www.dell.com/support/kbdoc/334649 
https://www.dell.com/support/kbdoc/525902 
Versions from 7.3.0.5 to 7.7.0.6. 
 
Note: All 6.x,7.0.x,7.1.x,7.2.x. 7.7.0.7 and later, 7.6.0.30 and later are not impacted. 		 No change  Minimum Disruptive Upgrades (MDU) Log4j to 2.17.1 with no change to the DDOS version. See the Dell KB article link below for instructions and download (requires log in to Dell Support to view article):
https://www.dell.com/support/kbdoc/000195510


Notes:

  • Log4j 2.16 resolves the vulnerabilities for CVE-2021-44228 and CVE-2021-45046.
  • Log4j 2.17 or later is required to resolve CVE-2021-45105 and CVE-2021-44832, but they do not impact PowerProtect DD DDMC and DDSM. See Dell KB article 186467: Dell EMC DataDomain False Positive Security Vulnerabilities for details.
  • Log4j 2.17.1 is also available in DDOS 7.2 (DDOS 7.2.0.90 or later) and DDOS 6.2 (DDOS 6.2.1.80 or later).
Product  Affected Versions  Updated Versions  Link to Update 
Data Domain (PowerProtect DD DDMC and DDSM) 
 		 Versions from 7.3.0.5 to 7.7.0.6  
 
Note: All 6.x,7.0.x,7.1.x,7.2.x. 7.7.0.7 and later, 7.6.0.30 and later are not impacted.		 7.8.0.0 or later
7.7.1.0 or later		 7.8.0.0 upgrades DDOS to 7.8 release
7.7.1.0 upgrades DDOS to 7.7 release

These releases include log4j 2.17.1.
For more details about DDOS versions available for download, see the Dell KB article links below (requires log in to Dell Support to view articles):
https://www.dell.com/support/kbdoc/334649 
https://www.dell.com/support/kbdoc/525902 
Versions from 7.3.0.5 to 7.7.0.6. 
 
Note: All 6.x,7.0.x,7.1.x,7.2.x. 7.7.0.7 and later, 7.6.0.30 and later are not impacted. 		 No change  Minimum Disruptive Upgrades (MDU) Log4j to 2.17.1 with no change to the DDOS version. See the Dell KB article link below for instructions and download (requires log in to Dell Support to view article):
https://www.dell.com/support/kbdoc/000195510


Notes:

  • Log4j 2.16 resolves the vulnerabilities for CVE-2021-44228 and CVE-2021-45046.
  • Log4j 2.17 or later is required to resolve CVE-2021-45105 and CVE-2021-44832, but they do not impact PowerProtect DD DDMC and DDSM. See Dell KB article 186467: Dell EMC DataDomain False Positive Security Vulnerabilities for details.
  • Log4j 2.17.1 is also available in DDOS 7.2 (DDOS 7.2.0.90 or later) and DDOS 6.2 (DDOS 6.2.1.80 or later).

回避策と緩和策

Disable UI using command "adminaccess disable HTTP" and "adminaccess disable HTTPS"

See Dell KB article 126375: PowerProtect and Data Domain core documents to view the Dell EMC DD OS Command Reference Guide for details.

変更履歴

RevisionDateDescription
1.02021-12-15Initial Release
1.12021-12-17Update released
1.22021-12-29updated versions and workaround section
1.32022-01-04Added not impacted products
1.42022-01-28Added updated version 7.7.1.0
1.52022-04-20Updated Affected Products table

関連情報

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

法的免責事項

対象製品

Data Domain, Data Domain, Product Security Information
文書のプロパティ
文書番号: 000194503
文書の種類: Dell Security Advisory
最終更新: 19 9月 2025
質問に対する他のDellユーザーからの回答を見つける
サポート サービス
お使いのデバイスがサポート サービスの対象かどうかを確認してください。