DSA-2021-098: Dell VxRail Appliance Security Update for Multiple Vulnerabilities

Table of Contents

Detailed Article

Impact

Details

Affected Products & Remediation

Revision History

Related Info

Legal Disclaimer

Affected Products

Provide Feedback

Summary: Dell VxRail Appliance remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.

Check out other resources

Impact

Critical

Details

Proprietary Code CVEs	Description	CVSS Base Score	CVSS Vector String
CVE-2021-21508	Dell VxRail versions before 7.0.200 contain a Plain-text Password Storage Vulnerability in VxRail Manager. A sys-admin user may exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.	6.7	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Third-Party Component	CVEs	More information
VMware ESXi	CVE-2021-21994	Severity: High, see VMSA-2021-0014.1
VMware ESXi	CVE-2021-21995	Severity: High, see VMSA-2021-0014.1
VxRail Manager: SUSE Grub2 and others	CVE-2020-14372	SUSE grub2 UEFI secure boot bypass issues SUSE updates
	CVE-2020-25632
	CVE-2020-25647
	CVE-2020-27749
	CVE-2020-27779
	CVE-2021-20225
	CVE-2021-20233
VxRail Manager: OpenSSL	CVE-2020-1971	OpenSSL
	CVE-2020-13935
	CVE-2020-17527
	CVE-2021-24122
	CVE-2020-25681
	CVE-2020-25682
	CVE-2020-25683
	CVE-2020-25684
	CVE-2020-25685
	CVE-2020-25686
	CVE-2020-25687
VxRail Node: Dell iDRAC8 Updates VxRail E460 VxRail E460F VxRail P470 VxRail P470F VxRail V470 VxRail V470F VxRail S470	CVE-2021-21510	DSA-2021-041: Dell iDRAC 8 Security Update for a host header injection.
VxRail Node: Dell iDRAC9 Updates VxRail E560 VxRail E560F VxRail E560N VxRail P570 VxRail P570F VxRail V570 VxRail V570F VxRail G560 VxRail G560/F VxRail S570 VxRail P580N VxRail D560 VxRail D560F	CVE-2021-21539	DSA-2021-073: Dell iDRAC 9 Security Update for Multiple Vulnerabilities.
	CVE-2021-21540
	CVE-2021-21541
	CVE-2021-21542
	CVE-2021-21543
	CVE-2021-21544
VxRail Node: Dell iDRAC9 Updates VxRail E560 VxRail E560F VxRail E560N VxRail P570 VxRail P570F VxRail V570 VxRail V570F VxRail G560 VxRail G560/F VxRail S570 VxRail P580N VxRail D560 VxRail D560F	CVE-2021-21538	DSA-2021-082: Dell iDRAC 9 Security Update for Improper Authentication Vulnerability.
VMware: Photon OS	CVE-2017-2616	Photon OS 3.0 Security Advisories.
	CVE-2018-1000654
	CVE-2018-18751
	CVE-2019-1010305
	CVE-2019-13139
	CVE-2019-13509
	CVE-2019-19906
	CVE-2019-19921
	CVE-2019-20795
	CVE-2019-20807
	CVE-2019-20838
	CVE-2020-14155
	CVE-2019-5188
	CVE-2019-7309
	CVE-2020-10543
	CVE-2020-10878
	CVE-2020-12723
	CVE-2020-11984
	CVE-2020-11993
	CVE-2020-12062
	CVE-2020-12243
	CVE-2020-13776
	CVE-2020-13943
	CVE-2020-14342
	CVE-2020-15025
	CVE-2020-15257
	CVE-2020-15358
	CVE-2020-1971
	CVE-2020-21674
	CVE-2020-24659
	CVE-2020-24977
	CVE-2020-25613
	CVE-2020-25694
	CVE-2020-25695
	CVE-2020-27619
	CVE-2020-27673
	CVE-2020-27675
	CVE-2020-8037
	CVE-2020-8284
	CVE-2020-8285
	CVE-2020-8286
	CVE-2020-8623
	CVE-2020-8624
	CVE-2020-9490
	CVE-2020-11984
	CVE-2020-11993

Proprietary Code CVEs	Description	CVSS Base Score	CVSS Vector String
CVE-2021-21508	Dell VxRail versions before 7.0.200 contain a Plain-text Password Storage Vulnerability in VxRail Manager. A sys-admin user may exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.	6.7	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Third-Party Component	CVEs	More information
VMware ESXi	CVE-2021-21994	Severity: High, see VMSA-2021-0014.1
VMware ESXi	CVE-2021-21995	Severity: High, see VMSA-2021-0014.1
VxRail Manager: SUSE Grub2 and others	CVE-2020-14372	SUSE grub2 UEFI secure boot bypass issues SUSE updates
	CVE-2020-25632
	CVE-2020-25647
	CVE-2020-27749
	CVE-2020-27779
	CVE-2021-20225
	CVE-2021-20233
VxRail Manager: OpenSSL	CVE-2020-1971	OpenSSL
	CVE-2020-13935
	CVE-2020-17527
	CVE-2021-24122
	CVE-2020-25681
	CVE-2020-25682
	CVE-2020-25683
	CVE-2020-25684
	CVE-2020-25685
	CVE-2020-25686
	CVE-2020-25687
VxRail Node: Dell iDRAC8 Updates VxRail E460 VxRail E460F VxRail P470 VxRail P470F VxRail V470 VxRail V470F VxRail S470	CVE-2021-21510	DSA-2021-041: Dell iDRAC 8 Security Update for a host header injection.
VxRail Node: Dell iDRAC9 Updates VxRail E560 VxRail E560F VxRail E560N VxRail P570 VxRail P570F VxRail V570 VxRail V570F VxRail G560 VxRail G560/F VxRail S570 VxRail P580N VxRail D560 VxRail D560F	CVE-2021-21539	DSA-2021-073: Dell iDRAC 9 Security Update for Multiple Vulnerabilities.
	CVE-2021-21540
	CVE-2021-21541
	CVE-2021-21542
	CVE-2021-21543
	CVE-2021-21544
VxRail Node: Dell iDRAC9 Updates VxRail E560 VxRail E560F VxRail E560N VxRail P570 VxRail P570F VxRail V570 VxRail V570F VxRail G560 VxRail G560/F VxRail S570 VxRail P580N VxRail D560 VxRail D560F	CVE-2021-21538	DSA-2021-082: Dell iDRAC 9 Security Update for Improper Authentication Vulnerability.
VMware: Photon OS	CVE-2017-2616	Photon OS 3.0 Security Advisories.
	CVE-2018-1000654
	CVE-2018-18751
	CVE-2019-1010305
	CVE-2019-13139
	CVE-2019-13509
	CVE-2019-19906
	CVE-2019-19921
	CVE-2019-20795
	CVE-2019-20807
	CVE-2019-20838
	CVE-2020-14155
	CVE-2019-5188
	CVE-2019-7309
	CVE-2020-10543
	CVE-2020-10878
	CVE-2020-12723
	CVE-2020-11984
	CVE-2020-11993
	CVE-2020-12062
	CVE-2020-12243
	CVE-2020-13776
	CVE-2020-13943
	CVE-2020-14342
	CVE-2020-15025
	CVE-2020-15257
	CVE-2020-15358
	CVE-2020-1971
	CVE-2020-21674
	CVE-2020-24659
	CVE-2020-24977
	CVE-2020-25613
	CVE-2020-25694
	CVE-2020-25695
	CVE-2020-27619
	CVE-2020-27673
	CVE-2020-27675
	CVE-2020-8037
	CVE-2020-8284
	CVE-2020-8285
	CVE-2020-8286
	CVE-2020-8623
	CVE-2020-8624
	CVE-2020-9490
	CVE-2020-11984
	CVE-2020-11993

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

CVEs Addressed	Product	Affected Versions	Updated Versions
See table above	Dell VxRail Appliance	7.0.x versions before 7.0.200	7.0.200

CVEs Addressed	Product	Affected Versions	Updated Versions
See table above	Dell VxRail Appliance	7.0.x versions before 7.0.200	7.0.200

Revision History

Revision	Date	Description
1.0	2021-05-10	Initial Release
1.1	2021-05-11	Updated with DSA-2021-082 after embargo date.
1.2	2021-08-05	Updated with VMSA-2021-0014 after embargo date.
1.3	2022-11-22	Updated with additional CVEs

Related Information

Legal Disclaimer

Affected Products

VxRail, Product Security Information

Article Number: 000186422

Article Type: Dell Security Advisory

Last Modified: 19 Sep 2025

Check if your device is covered by Support Services.

DSA-2021-098: Dell VxRail Appliance Security Update for Multiple Vulnerabilities

Summary: Dell VxRail Appliance remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

Impact

Details

Affected Products & Remediation

Revision History

Related Information

Legal Disclaimer

Affected Products

Article Properties

Find answers to your questions from other Dell users

Support Services

Article Properties

Find answers to your questions from other Dell users

Support Services