DSA-2021-273: Dell EMC ECS Security Update for Apache Log4j Remote Code Execution Vulnerability

Oversigt: Dell EMC ECS remediation is available for the Apache Log4j Remote Code Execution Vulnerability that could be exploited by malicious users to compromise the affected system. Dell recommends implementing this remediation as soon as possible in light of the critical severity of the vulnerability. ...

Denne artikel gælder for Denne artikel gælder ikke for Denne artikel er ikke knyttet til et bestemt produkt. Det er ikke alle produktversioner, der er identificeret i denne artikel.
Udforsk andre ressourcer

Virkning

Critical

Oplysninger

Third-party Component CVEs More information
Apache Log4j CVE-2021-44228 Apache Log4j Remote Code Execution This hyperlink is taking you to a website outside of Dell Technologies.
Apache Log4j CVE-2021-45046
Apache Log4j CVE-2021-45105
Apache Log4j CVE-2021-44832


Third-party Component CVEs More information
Apache Log4j CVE-2021-44228 Apache Log4j Remote Code Execution This hyperlink is taking you to a website outside of Dell Technologies.
Apache Log4j CVE-2021-45046
Apache Log4j CVE-2021-45105
Apache Log4j CVE-2021-44832


Dell Technologies anbefaler, at alle kunder tager hensyn til både CVSS-basisresultatet og alle relevante tidsmæssige og miljømæssige resultater, som kan have betydning for den potentielle alvorsgrad, der er forbundet med en bestemt sikkerhedsrisiko.

Berørte produkter og udbedring

Product Affected Versions Updated Versions Link to Update
Dell EMC ECS
 		 3.3.x, 3.4.x, 3.5.x, 3.6.0.x, 3.6.1.x, and 3.6.2.0 ECS 3.7.0
Note: Apache Log4j is upgraded to 2.17.1.
https://www.dell.com/support/home/en-us/product-support/product/ecs-appliance-/overview
 
General Patch: 3.3.0.4, 3.4.0.6, 3.5.1.6, 3.6.2.1, 3.6.2.2
Note: Patches disable JNDI lookup class.
https://www.dell.com/support/home/en-us/product-support/product/ecs-appliance-/overview
 
Standalone Patch to “disable JNDI lookup class” for all affected versions. Apply patch
NOTE TO CUSTOMER: 
  • Dell requests this procedure of upgrading xdoctor and installation of the patch be done by Customers. This is the quickest and safest method as it avoids prolonged exposure to this Apache log4j vulnerability. All the steps are detailed in the ‘apply patch’ link.

Note: Although CVE-2021-45105 and CVE-2021-44832 were not exploitable in ECS, Apache Log4j is upgraded to 2.17.1 in ECS 3.7.0.
Product Affected Versions Updated Versions Link to Update
Dell EMC ECS
 		 3.3.x, 3.4.x, 3.5.x, 3.6.0.x, 3.6.1.x, and 3.6.2.0 ECS 3.7.0
Note: Apache Log4j is upgraded to 2.17.1.
https://www.dell.com/support/home/en-us/product-support/product/ecs-appliance-/overview
 
General Patch: 3.3.0.4, 3.4.0.6, 3.5.1.6, 3.6.2.1, 3.6.2.2
Note: Patches disable JNDI lookup class.
https://www.dell.com/support/home/en-us/product-support/product/ecs-appliance-/overview
 
Standalone Patch to “disable JNDI lookup class” for all affected versions. Apply patch
NOTE TO CUSTOMER: 
  • Dell requests this procedure of upgrading xdoctor and installation of the patch be done by Customers. This is the quickest and safest method as it avoids prolonged exposure to this Apache log4j vulnerability. All the steps are detailed in the ‘apply patch’ link.

Note: Although CVE-2021-45105 and CVE-2021-44832 were not exploitable in ECS, Apache Log4j is upgraded to 2.17.1 in ECS 3.7.0.

Revisionshistorik

RevisionDateDescription
1.02021-12-14'Initial Release'
1.12021-12-14‘Note to use standalone patch to mitigate added’
1.22021-12-16Updated the KB link to apply patch
1.32022-01-19Updated Note with General patch details.
1.42022-02-08Updated ECS 3.7 release details.

Relaterede oplysninger

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Ansvarsfraskrivelse

Berørte produkter

ECS Appliance

Produkter

ECS, Product Security Information
Artikelegenskaber
Artikelnummer: 000194612
Artikeltype: Dell Security Advisory
Senest ændret: 05 nov. 2025
Find svar på dine spørgsmål fra andre Dell-brugere
Supportservices
Kontrollér, om din enhed er dækket af supportservices.