Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.

Article Number: 000200893


DSA-2022-155: Dell SRM and Dell Storage Monitoring and Reporting Security Update for Multiple Third-Party Component Vulnerabilities

Summary: Multiple components within Dell SRM and Dell SMR require a security update to address various vulnerabilities.

Article Content


Impact

Critical

Details

Third-party Component CVEs More information (check for below links for individual scores for each CVE)
SuSE Linux Binaries
*Only for vApp.
CVE-2017-17095 https://www.suse.com/security/cve/CVE-2017-17095.html
CVE-2018-25032 https://www.suse.com/security/cve/CVE-2018-25032.html
CVE-2019-17546 https://www.suse.com/security/cve/CVE-2019-17546.html
CVE-2020-25721 https://www.suse.com/security/cve/CVE-2020-25721.html
CVE-2021-3800 https://www.suse.com/security/cve/CVE-2021-3800.html
CVE-2021-4115 https://www.suse.com/security/cve/CVE-2021-4115.html
CVE-2021-20316 https://www.suse.com/security/cve/CVE-2021-20316.html
CVE-2021-22946 https://www.suse.com/security/cve/CVE-2021-22946.html
CVE-2021-25220 https://www.suse.com/security/cve/CVE-2021-25220.html
CVE-2021-39713 https://www.suse.com/security/cve/CVE-2021-39713.html
CVE-2021-44142 https://www.suse.com/security/cve/CVE-2021-44142.html
CVE-2022-0336 https://www.suse.com/security/cve/CVE-2022-0336.html
CVE-2022-0778 https://www.suse.com/security/cve/CVE-2022-0778.html
CVE-2022-1271 https://www.suse.com/security/cve/CVE-2022-1271.html
CVE-2022-22844 https://www.suse.com/security/cve/CVE-2022-22844.html
CVE-2022-23219 https://www.suse.com/security/cve/CVE-2022-23219.html
CVE-2022-24407 https://www.suse.com/security/cve/CVE-2022-24407.html
CVE-2022-24448 https://www.suse.com/security/cve/CVE-2022-24448.html
CVE-2022-25235 https://www.suse.com/security/cve/CVE-2022-25235.html
CVE-2022-25236 https://www.suse.com/security/cve/CVE-2022-25236.html
CVE-2022-25315 https://www.suse.com/security/cve/CVE-2022-25315.html
Java CVE-2022-21271 https://nvd.nist.gov/vuln/detail/CVE-2022-21271
CVE-2022-21277 https://nvd.nist.gov/vuln/detail/CVE-2022-21277
CVE-2022-21282 https://nvd.nist.gov/vuln/detail/CVE-2022-21282
CVE-2022-21291 https://nvd.nist.gov/vuln/detail/CVE-2022-21291
CVE-2022-21293 https://nvd.nist.gov/vuln/detail/CVE-2022-21293
CVE-2022-21294 https://nvd.nist.gov/vuln/detail/CVE-2022-21294
CVE-2022-21296 https://nvd.nist.gov/vuln/detail/CVE-2022-21296
CVE-2022-21299 https://nvd.nist.gov/vuln/detail/CVE-2022-21299
CVE-2022-21305 https://nvd.nist.gov/vuln/detail/CVE-2022-21305
CVE-2022-21340 https://nvd.nist.gov/vuln/detail/CVE-2022-21340
CVE-2022-21341 https://nvd.nist.gov/vuln/detail/CVE-2022-21341
CVE-2022-21349 https://nvd.nist.gov/vuln/detail/CVE-2022-21349
CVE-2022-21360 https://nvd.nist.gov/vuln/detail/CVE-2022-21360
CVE-2022-21365 https://nvd.nist.gov/vuln/detail/CVE-2022-21365
MySQL CVE-2022-21270 https://nvd.nist.gov/vuln/detail/CVE-2022-21270
CVE-2022-21303 https://nvd.nist.gov/vuln/detail/CVE-2022-21303
CVE-2022-21304 https://nvd.nist.gov/vuln/detail/CVE-2022-21304
CVE-2022-21344 https://nvd.nist.gov/vuln/detail/CVE-2022-21344
CVE-2022-21367 https://nvd.nist.gov/vuln/detail/CVE-2022-21367
CVE-2021-22946 https://nvd.nist.gov/vuln/detail/CVE-2021-22946
Tomcat CVE-2022-23181 https://nvd.nist.gov/vuln/detail/CVE-2022-23181
Struts2 CVE-2021-31805 https://nvd.nist.gov/vuln/detail/CVE-2021-31805
Dom4j CVE-2020-10683 https://nvd.nist.gov/vuln/detail/CVE-2020-10683
Logback CVE-2017-5929 https://nvd.nist.gov/vuln/detail/CVE-2017-5929
Apache Camel CVE-2018-8027 https://nvd.nist.gov/vuln/detail/CVE-2018-8027
CVE-2020-11972 https://nvd.nist.gov/vuln/detail/CVE-2020-11972
Netty CVE-2019-20445 https://nvd.nist.gov/vuln/detail/CVE-2019-20445
H2 Database Engine CVE-2021-23463 https://nvd.nist.gov/vuln/detail/CVE-2021-23463
Spring Framework CVE-2018-1270 https://nvd.nist.gov/vuln/detail/CVE-2018-1270
 
CVE-2018-1275 https://nvd.nist.gov/vuln/detail/CVE-2018-1275

Third-party Component CVEs More information (check for below links for individual scores for each CVE)
SuSE Linux Binaries
*Only for vApp.
CVE-2017-17095 https://www.suse.com/security/cve/CVE-2017-17095.html
CVE-2018-25032 https://www.suse.com/security/cve/CVE-2018-25032.html
CVE-2019-17546 https://www.suse.com/security/cve/CVE-2019-17546.html
CVE-2020-25721 https://www.suse.com/security/cve/CVE-2020-25721.html
CVE-2021-3800 https://www.suse.com/security/cve/CVE-2021-3800.html
CVE-2021-4115 https://www.suse.com/security/cve/CVE-2021-4115.html
CVE-2021-20316 https://www.suse.com/security/cve/CVE-2021-20316.html
CVE-2021-22946 https://www.suse.com/security/cve/CVE-2021-22946.html
CVE-2021-25220 https://www.suse.com/security/cve/CVE-2021-25220.html
CVE-2021-39713 https://www.suse.com/security/cve/CVE-2021-39713.html
CVE-2021-44142 https://www.suse.com/security/cve/CVE-2021-44142.html
CVE-2022-0336 https://www.suse.com/security/cve/CVE-2022-0336.html
CVE-2022-0778 https://www.suse.com/security/cve/CVE-2022-0778.html
CVE-2022-1271 https://www.suse.com/security/cve/CVE-2022-1271.html
CVE-2022-22844 https://www.suse.com/security/cve/CVE-2022-22844.html
CVE-2022-23219 https://www.suse.com/security/cve/CVE-2022-23219.html
CVE-2022-24407 https://www.suse.com/security/cve/CVE-2022-24407.html
CVE-2022-24448 https://www.suse.com/security/cve/CVE-2022-24448.html
CVE-2022-25235 https://www.suse.com/security/cve/CVE-2022-25235.html
CVE-2022-25236 https://www.suse.com/security/cve/CVE-2022-25236.html
CVE-2022-25315 https://www.suse.com/security/cve/CVE-2022-25315.html
Java CVE-2022-21271 https://nvd.nist.gov/vuln/detail/CVE-2022-21271
CVE-2022-21277 https://nvd.nist.gov/vuln/detail/CVE-2022-21277
CVE-2022-21282 https://nvd.nist.gov/vuln/detail/CVE-2022-21282
CVE-2022-21291 https://nvd.nist.gov/vuln/detail/CVE-2022-21291
CVE-2022-21293 https://nvd.nist.gov/vuln/detail/CVE-2022-21293
CVE-2022-21294 https://nvd.nist.gov/vuln/detail/CVE-2022-21294
CVE-2022-21296 https://nvd.nist.gov/vuln/detail/CVE-2022-21296
CVE-2022-21299 https://nvd.nist.gov/vuln/detail/CVE-2022-21299
CVE-2022-21305 https://nvd.nist.gov/vuln/detail/CVE-2022-21305
CVE-2022-21340 https://nvd.nist.gov/vuln/detail/CVE-2022-21340
CVE-2022-21341 https://nvd.nist.gov/vuln/detail/CVE-2022-21341
CVE-2022-21349 https://nvd.nist.gov/vuln/detail/CVE-2022-21349
CVE-2022-21360 https://nvd.nist.gov/vuln/detail/CVE-2022-21360
CVE-2022-21365 https://nvd.nist.gov/vuln/detail/CVE-2022-21365
MySQL CVE-2022-21270 https://nvd.nist.gov/vuln/detail/CVE-2022-21270
CVE-2022-21303 https://nvd.nist.gov/vuln/detail/CVE-2022-21303
CVE-2022-21304 https://nvd.nist.gov/vuln/detail/CVE-2022-21304
CVE-2022-21344 https://nvd.nist.gov/vuln/detail/CVE-2022-21344
CVE-2022-21367 https://nvd.nist.gov/vuln/detail/CVE-2022-21367
CVE-2021-22946 https://nvd.nist.gov/vuln/detail/CVE-2021-22946
Tomcat CVE-2022-23181 https://nvd.nist.gov/vuln/detail/CVE-2022-23181
Struts2 CVE-2021-31805 https://nvd.nist.gov/vuln/detail/CVE-2021-31805
Dom4j CVE-2020-10683 https://nvd.nist.gov/vuln/detail/CVE-2020-10683
Logback CVE-2017-5929 https://nvd.nist.gov/vuln/detail/CVE-2017-5929
Apache Camel CVE-2018-8027 https://nvd.nist.gov/vuln/detail/CVE-2018-8027
CVE-2020-11972 https://nvd.nist.gov/vuln/detail/CVE-2020-11972
Netty CVE-2019-20445 https://nvd.nist.gov/vuln/detail/CVE-2019-20445
H2 Database Engine CVE-2021-23463 https://nvd.nist.gov/vuln/detail/CVE-2021-23463
Spring Framework CVE-2018-1270 https://nvd.nist.gov/vuln/detail/CVE-2018-1270
 
CVE-2018-1275 https://nvd.nist.gov/vuln/detail/CVE-2018-1275

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

Product Affected Versions Updated Versions Link to Update  
Dell SRM Versions before 4.7.1.0 4.7.1.0 https://support.emc.com/downloads/34247_SRM  
 
Dell SRM vApp Versions before 4.7.1.0 4.7.1.0 https://support.emc.com/downloads/34247_SRM  
Dell SMR Versions before 4.7.1.0 4.7.1.0 https://support.emc.com/downloads/40532_SMR  
Dell SMR vApp Versions before 4.7.1.0 4.7.1.0 https://support.emc.com/downloads/40532_SMR  
 
Product Affected Versions Updated Versions Link to Update  
Dell SRM Versions before 4.7.1.0 4.7.1.0 https://support.emc.com/downloads/34247_SRM  
 
Dell SRM vApp Versions before 4.7.1.0 4.7.1.0 https://support.emc.com/downloads/34247_SRM  
Dell SMR Versions before 4.7.1.0 4.7.1.0 https://support.emc.com/downloads/40532_SMR  
Dell SMR vApp Versions before 4.7.1.0 4.7.1.0 https://support.emc.com/downloads/40532_SMR  
 
Revision History

RevisionDateDescription
1.02022-06-28DSA for Dell SRM/SMR

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide


Article Properties


Affected Product

EMC Storage Monitoring and Reporting, Product Security Information, SRM

Product

Storage Monitoring and Reporting

Last Published Date

29 Jun 2022

Version

1

Article Type

Dell Security Advisory