Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.
Some article numbers may have changed. If this isn't what you're looking for, try searching all articles. Search articles

Article Number: 000189435


DSA-2021-148: Dell PowerFlex Appliance Security Update for Multiple Third-Party Component Vulnerabilities

Summary: Dell PowerFlex Appliance remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

Article Content


Impact

High

Details

Third-Party Component CVEs More information
Intel
 
CVE-2020-24511 INTEL-SA-00463
INTEL-SA-00464
 
CVE-2020-12358
CVE-2020-12360
CVE-2020-24486
Dell Server iDRAC CVE-2020-26198

DSA-2020-268: Dell EMC iDRAC9 Reflected XSS Vulnerability 

Third-Party Component CVEs More information
Intel
 
CVE-2020-24511 INTEL-SA-00463
INTEL-SA-00464
 
CVE-2020-12358
CVE-2020-12360
CVE-2020-24486
Dell Server iDRAC CVE-2020-26198

DSA-2020-268: Dell EMC iDRAC9 Reflected XSS Vulnerability 

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

CVEs Addressed Product Affected Versions Updated Versions Link to Update
CVE-2020-24511 PowerFlex Appliance Versions before Intelligent Catalog 37.355.00.r16

Versions before Intelligent Catalog 37.361.00.r14
Intelligent Catalog 37.355.00.r16


Intelligent Catalog 37.361.00.r14
For IC downloads:
https://www.dell.com/support/home/en-us/product-support/product/vxflex-appliance-sw/drivers
CVE-2020-12358
CVE-2020-12360
CVE-2020-24486
CVE-2020-26198
CVEs Addressed Product Affected Versions Updated Versions Link to Update
CVE-2020-24511 PowerFlex Appliance Versions before Intelligent Catalog 37.355.00.r16

Versions before Intelligent Catalog 37.361.00.r14
Intelligent Catalog 37.355.00.r16


Intelligent Catalog 37.361.00.r14
For IC downloads:
https://www.dell.com/support/home/en-us/product-support/product/vxflex-appliance-sw/drivers
CVE-2020-12358
CVE-2020-12360
CVE-2020-24486
CVE-2020-26198

Revision History

RevisionDateDescription
1.02021-07-07Initial Release
2.02021-07-14Removed VMware component which is addressed in DSA-2021-128: Dell PowerFlex Appliance Security Update for VMware vCenter Server Component Vulnerabilities

Related Information


Article Properties


Affected Product

PowerFlex Appliance, Product Security Information, PowerFlex appliance R640, PowerFlex appliance R740XD, PowerFlex appliance R840

Last Published Date

30 Jul 2021

Version

3

Article Type

Dell Security Advisory