DSA-2026-091: Security Update for Dell Disk Library for mainframe Vulnerabilities

Oversigt: Dell Disk Library for mainframe remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Denne artikel gælder for Denne artikel gælder ikke for Denne artikel er ikke knyttet til et bestemt produkt. Det er ikke alle produktversioner, der er identificeret i denne artikel.
Udforsk andre ressourcer

Virkning

Critical

Oplysninger

Third-party Component CVEs More Information
PowerEdge Platform BIOS CVE-2025-24305, CVE-2025-21090, CVE-2025-20109, CVE-2024-36293, CVE-2024-28047, CVE-2025-20068, CVE-2025-20105, CVE-2025-20028, CVE-2025-20027, CVE-2025-20073, CVE-2024-21859, CVE-2024-31155, CVE-2024-38796, CVE-2024-45332, CVE-2025-20054, CVE-2024-39279, CVE-2024-31157, CVE-2025-20064 DSA-2025-297 , DSA-2025-156 , DSA-2025-041 , DSA-2025-297 , DSA-2025-042 , DSA-2025-038 , DSA-2025-156
SUSE Linux Enterprise Server 15 SP4 CVE-2025-69420, CVE-2025-69421, CVE-2026-22795, CVE-2026-22796 https://suse.com This hyperlink is taking you to a website outside of Dell Technologies.
Angular CVE-2021-4231 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies.
Babel CVE-2023-45133 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies.
Moment.js CVE-2022-24785, CVE-2022-31129 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies.
ansi-html CVE-2021-23424 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies.
jQuery CVE-2020-11022, CVE-2020-11023 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies.
bn.js CVE-2026-2739 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies.
body-parser CVE-2024-45590 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies.
brace-expansion CVE-2025-5889 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies.
browserify-sign CVE-2023-46234 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies.
chart.js CVE-2020-7746 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies.
cipher-base CVE-2025-9287 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies.
cookie CVE-2024-47764 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies.
cross-spawn CVE-2024-21538 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies.
debug CVE-2017-16137 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies.
decode-uri-component CVE-2022-38900 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies.
Elliptic CVE-2024-48949, CVE-2024-42461, CVE-2025-14505, CVE-2024-42460, CVE-2024-42459, CVE-2024-48948, CVE-2021-44906 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies.
flatted CVE-2026-32141, CVE-2026-33228 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies.
follow-redirects CVE-2024-28849, CVE-2023-26159 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies.
form-data CVE-2025-7783 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies.
http-cache-semantics CVE-2022-25881 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies.
ip CVE-2023-42282 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies.
js-yaml CVE-2025-64718 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies.
JSON5 CVE-2022-46175 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies.
lodash CVE-2025-13465 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies.
Minimist CVE-2020-7598 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies.
node-tar CVE-2024-28863 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies.
nth-check CVE-2021-3803 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies.
on-headers CVE-2025-7339 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies.
parse-uri CVE-2024-36751 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies.
path-to-regexp CVE-2024-45296, CVE-2024-52798 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies.
pbkdf2 CVE-2025-6547, CVE-2025-6545 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies.
postcss CVE-2021-23382, CVE-2021-23368 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies.
rollup CVE-2026-27606 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies.
send CVE-2024-43799 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies.
sha.js CVE-2025-9288 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies.
socket.io-parser CVE-2026-33151, CVE-2023-32695, CVE-2022-2421, CVE-2020-36049 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies.
terser CVE-2022-25858 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies.
tough-cookie CVE-2023-26136 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies.
validator CVE-2025-56200, CVE-2021-3765, CVE-2025-12758 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies.
webpack-subresource-integrity CVE-2020-15262 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies.
ws CVE-2024-37890 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies.
xml2js CVE-2023-0842 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies.
xmlhttprequest CVE-2020-28502 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies.
xmlhttprequest-ssl CVE-2021-31597 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies.

 

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2026-23773 Dell Disk Library for Mainframe, version(s) DLm 8700/2700 contain(s) a Server-Side Request Forgery (SSRF) vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Server-side request forgery.  4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N This hyperlink is taking you to a website outside of Dell Technologies.

 

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2026-23773 Dell Disk Library for Mainframe, version(s) DLm 8700/2700 contain(s) a Server-Side Request Forgery (SSRF) vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Server-side request forgery.  4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N This hyperlink is taking you to a website outside of Dell Technologies.

 

Dell Technologies anbefaler, at alle kunder tager hensyn til både CVSS-basisresultatet og alle relevante tidsmæssige og miljømæssige resultater, som kan have betydning for den potentielle alvorsgrad, der er forbundet med en bestemt sikkerhedsrisiko.

Berørte produkter og udbedring

Product Affected Versions Remediated Versions Link
Disk Library for mainframe DLm8700 Versions prior to 7.0.1.0 Version 7.0.1.0 or later https://www.dell.com/support/product-details/product/disk-library-for-mainframe-dlm8700/drivers
Disk Library for mainframe DLm2700 Versions prior to 7.0.1.0 Version 7.0.1.0 or later https://www.dell.com/support/product-details/product/disk-library-for-mainframe-dlm2700/drivers

 

Product Affected Versions Remediated Versions Link
Disk Library for mainframe DLm8700 Versions prior to 7.0.1.0 Version 7.0.1.0 or later https://www.dell.com/support/product-details/product/disk-library-for-mainframe-dlm8700/drivers
Disk Library for mainframe DLm2700 Versions prior to 7.0.1.0 Version 7.0.1.0 or later https://www.dell.com/support/product-details/product/disk-library-for-mainframe-dlm2700/drivers

 

Revisionshistorik

RevisionDateDescription
1.02026-04-28Initial Release
2.02026-04-28Updated CVE description for CVE-2026-23773
3.02026-04-29Added CVE-2024-39279, CVE-2024-31157, CVE-2025-20064 to the advisory

 

Relaterede oplysninger

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Ansvarsfraskrivelse

Berørte produkter

Disk Library, Disk Library for mainframe, Disk Library for mainframe DLm2700, Disk Library for mainframe DLm8700
Artikelegenskaber
Artikelnummer: 000458131
Artikeltype: Dell Security Advisory
Senest ændret: 29 apr. 2026
Find svar på dine spørgsmål fra andre Dell-brugere
Supportservices
Kontrollér, om din enhed er dækket af supportservices.