DSA-2026-091: Security Update for Dell Disk Library for mainframe Vulnerabilities

Zusammenfassung: Dell Disk Library for mainframe remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Dieser Artikel gilt für Dieser Artikel gilt nicht für Dieser Artikel ist nicht an ein bestimmtes Produkt gebunden. In diesem Artikel werden nicht alle Produktversionen aufgeführt.
Andere Ressourcen ansehen

Auswirkungen

Critical

Details

Third-party Component CVEs More Information
PowerEdge Platform BIOS CVE-2025-24305, CVE-2025-21090, CVE-2025-20109, CVE-2024-36293, CVE-2024-28047, CVE-2025-20068, CVE-2025-20105, CVE-2025-20028, CVE-2025-20027, CVE-2025-20073, CVE-2024-21859, CVE-2024-31155, CVE-2024-38796, CVE-2024-45332, CVE-2025-20054, CVE-2024-39279, CVE-2024-31157, CVE-2025-20064 DSA-2025-297 , DSA-2025-156 , DSA-2025-041 , DSA-2025-297 , DSA-2025-042 , DSA-2025-038 , DSA-2025-156
SUSE Linux Enterprise Server 15 SP4 CVE-2025-69420, CVE-2025-69421, CVE-2026-22795, CVE-2026-22796 https://suse.com This hyperlink is taking you to a website outside of Dell Technologies.
Angular CVE-2021-4231 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies.
Babel CVE-2023-45133 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies.
Moment.js CVE-2022-24785, CVE-2022-31129 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies.
ansi-html CVE-2021-23424 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies.
jQuery CVE-2020-11022, CVE-2020-11023 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies.
bn.js CVE-2026-2739 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies.
body-parser CVE-2024-45590 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies.
brace-expansion CVE-2025-5889 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies.
browserify-sign CVE-2023-46234 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies.
chart.js CVE-2020-7746 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies.
cipher-base CVE-2025-9287 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies.
cookie CVE-2024-47764 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies.
cross-spawn CVE-2024-21538 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies.
debug CVE-2017-16137 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies.
decode-uri-component CVE-2022-38900 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies.
Elliptic CVE-2024-48949, CVE-2024-42461, CVE-2025-14505, CVE-2024-42460, CVE-2024-42459, CVE-2024-48948, CVE-2021-44906 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies.
flatted CVE-2026-32141, CVE-2026-33228 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies.
follow-redirects CVE-2024-28849, CVE-2023-26159 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies.
form-data CVE-2025-7783 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies.
http-cache-semantics CVE-2022-25881 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies.
ip CVE-2023-42282 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies.
js-yaml CVE-2025-64718 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies.
JSON5 CVE-2022-46175 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies.
lodash CVE-2025-13465 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies.
Minimist CVE-2020-7598 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies.
node-tar CVE-2024-28863 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies.
nth-check CVE-2021-3803 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies.
on-headers CVE-2025-7339 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies.
parse-uri CVE-2024-36751 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies.
path-to-regexp CVE-2024-45296, CVE-2024-52798 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies.
pbkdf2 CVE-2025-6547, CVE-2025-6545 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies.
postcss CVE-2021-23382, CVE-2021-23368 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies.
rollup CVE-2026-27606 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies.
send CVE-2024-43799 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies.
sha.js CVE-2025-9288 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies.
socket.io-parser CVE-2026-33151, CVE-2023-32695, CVE-2022-2421, CVE-2020-36049 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies.
terser CVE-2022-25858 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies.
tough-cookie CVE-2023-26136 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies.
validator CVE-2025-56200, CVE-2021-3765, CVE-2025-12758 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies.
webpack-subresource-integrity CVE-2020-15262 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies.
ws CVE-2024-37890 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies.
xml2js CVE-2023-0842 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies.
xmlhttprequest CVE-2020-28502 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies.
xmlhttprequest-ssl CVE-2021-31597 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies.

 

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2026-23773 Dell Disk Library for Mainframe, version(s) DLm 8700/2700 contain(s) a Server-Side Request Forgery (SSRF) vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Server-side request forgery.  4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N This hyperlink is taking you to a website outside of Dell Technologies.

 

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2026-23773 Dell Disk Library for Mainframe, version(s) DLm 8700/2700 contain(s) a Server-Side Request Forgery (SSRF) vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Server-side request forgery.  4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N This hyperlink is taking you to a website outside of Dell Technologies.

 

Dell Technologies empfiehlt allen Kunden, sowohl die CVSS-Gesamtbewertung als auch alle relevanten zeitlichen und umweltbezogenen Bewertungen zu berücksichtigen, die sich auf den potenziellen Schweregrad einer bestimmten Sicherheitsschwachstelle auswirken können.

Betroffene Produkte und Korrektur

Product Affected Versions Remediated Versions Link
Disk Library for mainframe DLm8700 Versions prior to 7.0.1.0 Version 7.0.1.0 or later https://www.dell.com/support/product-details/product/disk-library-for-mainframe-dlm8700/drivers
Disk Library for mainframe DLm2700 Versions prior to 7.0.1.0 Version 7.0.1.0 or later https://www.dell.com/support/product-details/product/disk-library-for-mainframe-dlm2700/drivers

 

Product Affected Versions Remediated Versions Link
Disk Library for mainframe DLm8700 Versions prior to 7.0.1.0 Version 7.0.1.0 or later https://www.dell.com/support/product-details/product/disk-library-for-mainframe-dlm8700/drivers
Disk Library for mainframe DLm2700 Versions prior to 7.0.1.0 Version 7.0.1.0 or later https://www.dell.com/support/product-details/product/disk-library-for-mainframe-dlm2700/drivers

 

Revisionsverlauf

RevisionDateDescription
1.02026-04-28Initial Release
2.02026-04-28Updated CVE description for CVE-2026-23773
3.02026-04-29Added CVE-2024-39279, CVE-2024-31157, CVE-2025-20064 to the advisory

 

Zugehörige Informationen

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Rechtlicher Hinweis

Betroffene Produkte

Disk Library, Disk Library for mainframe, Disk Library for mainframe DLm2700, Disk Library for mainframe DLm8700
Artikeleigenschaften
Artikelnummer: 000458131
Artikeltyp: Dell Security Advisory
Zuletzt geändert: 29 Apr. 2026
Antworten auf Ihre Fragen erhalten Sie von anderen Dell NutzerInnen
Support Services
Prüfen Sie, ob Ihr Gerät durch Support Services abgedeckt ist.