DSA-2022-112: DELL PowerFlex Security Update for Multiple Vulnerabilities
Summary: Remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Impact
High
Details
| Component | CVEs | More Information |
| PowerFlex components using OpenSSL | CVE-2021-3711, CVE-2021-3712, CVE-2022-0778 |
OpenSSL is used by PowerFlex for Secure communication between its different components. |
| PowerFlex Gateway using Spring4Shell | CVE-2022-22965 | Spring article: https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement  |
| PowerFlex Presentation server and Gateway using Java or OpenJDK | CVE-2022-21248, CVE-2022-21282, CVE-2022-21283, CVE-2022-21293, CVE-2022-21294, CVE-2022-21296 |
Oracle article: https://www.oracle.com/security-alerts/cpujan2022.html#AppendixJAVA |
| PowerFlex Custom node R6525 | CVE-2021-26339, CVE-2021-26373, CVE-2021-26347, CVE-2021-26376, CVE-2021-26375, CVE-2021-26378, CVE-2021-26372, CVE-2021-26348, CVE-2021-26342, CVE-2021-26388, CVE-2021-26349, CVE-2021-26364, CVE-2021-26312, CVE-2021-26350 |
Dell article: https://www.dell.com/support/kbdoc/en-vn/000199269/dsa-2022-126-dell-poweredge-server-security-updates-for-amd-server-vulnerabilities |
| Component | CVEs | More Information |
| PowerFlex components using OpenSSL | CVE-2021-3711, CVE-2021-3712, CVE-2022-0778 |
OpenSSL is used by PowerFlex for Secure communication between its different components. |
| PowerFlex Gateway using Spring4Shell | CVE-2022-22965 | Spring article: https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement |
| PowerFlex Presentation server and Gateway using Java or OpenJDK | CVE-2022-21248, CVE-2022-21282, CVE-2022-21283, CVE-2022-21293, CVE-2022-21294, CVE-2022-21296 |
Oracle article: https://www.oracle.com/security-alerts/cpujan2022.html#AppendixJAVA |
| PowerFlex Custom node R6525 | CVE-2021-26339, CVE-2021-26373, CVE-2021-26347, CVE-2021-26376, CVE-2021-26375, CVE-2021-26378, CVE-2021-26372, CVE-2021-26348, CVE-2021-26342, CVE-2021-26388, CVE-2021-26349, CVE-2021-26364, CVE-2021-26312, CVE-2021-26350 |
Dell article: https://www.dell.com/support/kbdoc/en-vn/000199269/dsa-2022-126-dell-poweredge-server-security-updates-for-amd-server-vulnerabilities |
Affected Products & Remediation
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update | |||||
| CVE-2021-3711, CVE-2021-3712 CVE-2022-0778 | OpenSSL used by PowerFlex Software |
PowerFlex versions before 3.6.0.4 or latest SVM patch bundle. | PowerFlex 3.6.0.4 OVA includes this updated OpenSSL package SVM Patch bundle from August 4, 2022 |
PowerFlex_3.6.0.4_107_Complete_Software.zip (with latest OVA) SVM_OS_Patching_package_04082022.zip (for use with manual SVM upgrade) For customer managed operating system, must upgrade with package openssl-libs-1.0.2k-24 based package, an example for CentOS7.9: openssl-libs-1.0.2k-24.el7_9.x86_64.rpm. |
|||||
| CVE-2022-22965 | PowerFlex Software | PowerFlex versions before 3.6.0.4 or 3.5.1.6 | PowerFlex 3.6.0.4 PowerFlex 3.5.1.6 and later versions |
PowerFlex_3.6.0.4_107_Complete_Software.zip (with latest PowerFlex Gateway rpm) PowerFlex_3.5.1.6_110_Complete_Software.zip (with latest PowerFlex Gateway rpm) |
|||||
| CVE-2021-21248 CVE-2021-21282 CVE-2021-21283 CVE-2021-21293 CVE-2021-21294 CVE-2021-21296 | PowerFlex Software | PowerFlex versions before 3.6.0.4 | PowerFlex 3.6.0.4 and later versions | PowerFlex_3.6.0.4_107_Complete_Software.zip (with latest OVA) For customer managed operating system, self-upgrade is required with package java-1.8.0-openjdk-headless-1.8.0.322 based package for the compatible operating system or the java compatible version, an example for CentOS7.9: java-1.8.0-openjdk-headless-1.8.0.322.b06-1.el7_9 Guidelines: Java upgrade prerequisites. |
|||||
| CVE-2021-26373 CVE-2021-26339 CVE-2021-26344 CVE-2021-26347 CVE-2021-26376 CVE-2021-26375 CVE-2021-26378 CVE-2021-26372 CVE-2021-26348 CVE-2021-26342 CVE-2021-26388 CVE-2021-26349 CVE-2021-26328 |
R6525 custom node |
BIOS Versions before 2.6.6 for AMD |
AMD BIOS: 2.6.6 | Downloads (when upgrade is with using OME) Documents (when manual upgrade) |
|||||
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update | |||||
| CVE-2021-3711, CVE-2021-3712 CVE-2022-0778 | OpenSSL used by PowerFlex Software |
PowerFlex versions before 3.6.0.4 or latest SVM patch bundle. | PowerFlex 3.6.0.4 OVA includes this updated OpenSSL package SVM Patch bundle from August 4, 2022 |
PowerFlex_3.6.0.4_107_Complete_Software.zip (with latest OVA) SVM_OS_Patching_package_04082022.zip (for use with manual SVM upgrade) For customer managed operating system, must upgrade with package openssl-libs-1.0.2k-24 based package, an example for CentOS7.9: openssl-libs-1.0.2k-24.el7_9.x86_64.rpm. |
|||||
| CVE-2022-22965 | PowerFlex Software | PowerFlex versions before 3.6.0.4 or 3.5.1.6 | PowerFlex 3.6.0.4 PowerFlex 3.5.1.6 and later versions |
PowerFlex_3.6.0.4_107_Complete_Software.zip (with latest PowerFlex Gateway rpm) PowerFlex_3.5.1.6_110_Complete_Software.zip (with latest PowerFlex Gateway rpm) |
|||||
| CVE-2021-21248 CVE-2021-21282 CVE-2021-21283 CVE-2021-21293 CVE-2021-21294 CVE-2021-21296 | PowerFlex Software | PowerFlex versions before 3.6.0.4 | PowerFlex 3.6.0.4 and later versions | PowerFlex_3.6.0.4_107_Complete_Software.zip (with latest OVA) For customer managed operating system, self-upgrade is required with package java-1.8.0-openjdk-headless-1.8.0.322 based package for the compatible operating system or the java compatible version, an example for CentOS7.9: java-1.8.0-openjdk-headless-1.8.0.322.b06-1.el7_9 Guidelines: Java upgrade prerequisites. |
|||||
| CVE-2021-26373 CVE-2021-26339 CVE-2021-26344 CVE-2021-26347 CVE-2021-26376 CVE-2021-26375 CVE-2021-26378 CVE-2021-26372 CVE-2021-26348 CVE-2021-26342 CVE-2021-26388 CVE-2021-26349 CVE-2021-26328 |
R6525 custom node |
BIOS Versions before 2.6.6 for AMD |
AMD BIOS: 2.6.6 | Downloads (when upgrade is with using OME) Documents (when manual upgrade) |
|||||
Revision History
| Revision | Date | Description |
| 1.0 | 2022-05-02 | Initial Draft for review |
| 2.0 | 2022-05-03 | Clarified some OpenSSL upgrade info |
| 3.0 | 2022-05-06 | Updated CVEs for AMD issue based on new AMD-SN |
Related Information
Legal Disclaimer
Affected Products
PowerFlex custom node, PowerFlex custom node, PowerFlex custom node R650, PowerFlex custom node R6525Products
Product Security InformationArticle Properties
Article Number: 000199942
Article Type: Dell Security Advisory
Last Modified: 05 Nov 2025
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.