Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.

Article Number: 000185484


DSA-2021-083: Dell Unity, Dell UnityVSA, and Dell Unity XT Security Update for Multiple Vulnerabilities

Summary: Dell Unity, Dell UnityVSA, and Dell Unity XT remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

Article Content


Impact

Critical

Details

Proprietary Code CVE(s) Description CVSSBase Score CVSS Vector String
CVE-2021-21547 Dell Unity, UnityVSA, and Unity XT versions prior to 5.0.7.0.5.008 contain a plain-text password storage vulnerability when the Dell Upgrade Readiness Utility is run on the system. The credentials of the Unisphere Administrator are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user. 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
 
Third-Party Component
 
CVE(s) More information
Apache-Tomcat CVE-2019-0221 See NVD (http://nvd.nist.gov/) for individual scores for each CVE
CVE-2019-0232
CVE-2020-1935
CVE-2020-1938
CVE-2020-9484
CVE-2019-12418
CVE-2020-13935
CVE-2019-17563
CVE-2019-17569
Oracle Java SE CVE-2020-14779 Oracle Critical Patch Update - October 2020
CVE-2020-14781
CVE-2020-14782
CVE-2020-14792
CVE-2020-14796
CVE-2020-14797
CVE-2020-14798
CVE-2020-14803
Apache2 CVE-2020-1927 See NVD (http://nvd.nist.gov/) for individual scores for each CVE
CVE-2020-1934
CVE-2020-1938
Python CVE-2020-8492 See NVD (http://nvd.nist.gov/) for individual scores for each CVE
CVE-2019-9674
CVE-2019-18348

Proprietary Code CVE(s) Description CVSSBase Score CVSS Vector String
CVE-2021-21547 Dell Unity, UnityVSA, and Unity XT versions prior to 5.0.7.0.5.008 contain a plain-text password storage vulnerability when the Dell Upgrade Readiness Utility is run on the system. The credentials of the Unisphere Administrator are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user. 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
 
Third-Party Component
 
CVE(s) More information
Apache-Tomcat CVE-2019-0221 See NVD (http://nvd.nist.gov/) for individual scores for each CVE
CVE-2019-0232
CVE-2020-1935
CVE-2020-1938
CVE-2020-9484
CVE-2019-12418
CVE-2020-13935
CVE-2019-17563
CVE-2019-17569
Oracle Java SE CVE-2020-14779 Oracle Critical Patch Update - October 2020
CVE-2020-14781
CVE-2020-14782
CVE-2020-14792
CVE-2020-14796
CVE-2020-14797
CVE-2020-14798
CVE-2020-14803
Apache2 CVE-2020-1927 See NVD (http://nvd.nist.gov/) for individual scores for each CVE
CVE-2020-1934
CVE-2020-1938
Python CVE-2020-8492 See NVD (http://nvd.nist.gov/) for individual scores for each CVE
CVE-2019-9674
CVE-2019-18348

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

Product Affected Version(s) Updated Version(s) Link to Update
Dell Unity Operating Environment (OE) Versions prior to 5.0.7.0.5.008 5.0.7.0.5.008 https://www.dell.com/support/home/en-us/product-support/product/unity-all-flash-family/drivers
Dell Unity XT Operating Environment (OE) Versions prior to 5.0.7.0.5.008 5.0.7.0.5.008
Dell UnityVSA Operating Environment (OE) Versions prior to 5.0.7.0.5.008 5.0.7.0.5.008

Product Affected Version(s) Updated Version(s) Link to Update
Dell Unity Operating Environment (OE) Versions prior to 5.0.7.0.5.008 5.0.7.0.5.008 https://www.dell.com/support/home/en-us/product-support/product/unity-all-flash-family/drivers
Dell Unity XT Operating Environment (OE) Versions prior to 5.0.7.0.5.008 5.0.7.0.5.008
Dell UnityVSA Operating Environment (OE) Versions prior to 5.0.7.0.5.008 5.0.7.0.5.008

Workarounds and Mitigations

Proprietary Code CVE(s) Workaround
CVE-2021-21547 Be sure to always use the latest version of the Dell Upgrade Readiness Utility. Older versions of the Upgrade Readiness Utility may log Unisphere Administrator credentials on Dell Unity, Dell UnityVSA, and Dell Unity XT products running on versions prior to OE 5.0.7.0.5.008. If an older version of the Upgrade Readiness Utility has been run on Dell EMC , Dell UnityVSA, and Dell Unity XT products using versions prior to OE 5.0.7.0.5.008, then change the Administrator password immediately.

Revision History

RevisionDateDescription
1.02021-04-19Initial Release

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide


Article Properties


Affected Product

Dell EMC Unity, Product Security Information, Dell EMC Unity 300, Dell EMC Unity 300F, Dell EMC Unity 350F, Dell EMC Unity XT 380, Dell EMC Unity XT 380F, Dell EMC Unity 400, Dell EMC Unity 400F, Dell EMC Unity 450F, Dell EMC Unity XT 480Dell EMC Unity, Product Security Information, Dell EMC Unity 300, Dell EMC Unity 300F, Dell EMC Unity 350F, Dell EMC Unity XT 380, Dell EMC Unity XT 380F, Dell EMC Unity 400, Dell EMC Unity 400F, Dell EMC Unity 450F, Dell EMC Unity XT 480, Dell EMC Unity XT 480F, Dell EMC Unity 500, Dell EMC Unity 500F, Dell EMC Unity 550F, Dell EMC Unity 600, Dell EMC Unity 600F, Dell EMC Unity XT 680, Dell EMC Unity XT 680F, Dell EMC Unity XT 880, Dell EMC Unity XT 880F, UnityVSA, Dell EMC UnityVSA (Virtual Storage Appliance)See more

Last Published Date

19 Apr 2021

Version

1

Article Type

Dell Security Advisory