Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.

Article Number: 000191384


DSA-2021-179: Dell EMC VxRail Appliance Security Update for Multiple Third-Party Component Vulnerabilities

Summary: Dell EMC VxRail Appliance remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

Article Content


Impact

Critical

Details

Third-party Component Third-party Package CVEs Severity More information
iDRAC iDRAC8 CVE-2021-21580 High Refer to DSA-2021-133
VMware vCenter Server 7.0   CVE-2021-22005 Critical See VMSA-2021-0020 for details.
CVE-2021-21991 High
CVE-2021-21992
CVE-2021-21993
CVE-2021-22006
CVE-2021-22007
CVE-2021-22008
CVE-2021-22009
CVE-2021-22010
CVE-2021-22014
CVE-2021-22015
CVE-2021-22019
CVE-2021-22020
VMWare: Photon OS patches gnutls CVE-2021-20231 Critical See the Photon OS Security Patches page for details.
grub2 CVE-2021-20232
CVE-2021-3418
nss CVE-2020-12403
apache-tomcat CVE-2021-25122 High
CVE-2021-25329
atftp CVE-2020-6097
bindutils CVE-2020-8625
c-ares CVE-2020-8277
dnsmasq CVE-2020-25681
CVE-2020-25682
glib CVE-2021-27218
CVE-2021-27219
glibc CVE-2021-3326
linux CVE-2021-3444
CVE-2021-23133
CVE-2020-29569
CVE-2020-29661
CVE-2021-3347
CVE-2021-26930
CVE-2021-27365
CVE-2021-28660
CVE-2021-28972
nettle CVE-2021-20305
openldap CVE-2020-36221
CVE-2020-36222
CVE-2020-36223
CVE-2020-36224
CVE-2020-36225
CVE-2020-36226
CVE-2020-36227
CVE-2020-36228
CVE-2020-36229
CVE-2020-36230
CVE-2021-27212
openssl CVE-2021-23839
CVE-2021-23840
runc CVE-2021-30465
sudo CVE-2021-23240
CVE-2021-3156
containerd CVE-2021-21334 Medium
Third-party Component Third-party Package CVEs Severity More information
iDRAC iDRAC8 CVE-2021-21580 High Refer to DSA-2021-133
VMware vCenter Server 7.0   CVE-2021-22005 Critical See VMSA-2021-0020 for details.
CVE-2021-21991 High
CVE-2021-21992
CVE-2021-21993
CVE-2021-22006
CVE-2021-22007
CVE-2021-22008
CVE-2021-22009
CVE-2021-22010
CVE-2021-22014
CVE-2021-22015
CVE-2021-22019
CVE-2021-22020
VMWare: Photon OS patches gnutls CVE-2021-20231 Critical See the Photon OS Security Patches page for details.
grub2 CVE-2021-20232
CVE-2021-3418
nss CVE-2020-12403
apache-tomcat CVE-2021-25122 High
CVE-2021-25329
atftp CVE-2020-6097
bindutils CVE-2020-8625
c-ares CVE-2020-8277
dnsmasq CVE-2020-25681
CVE-2020-25682
glib CVE-2021-27218
CVE-2021-27219
glibc CVE-2021-3326
linux CVE-2021-3444
CVE-2021-23133
CVE-2020-29569
CVE-2020-29661
CVE-2021-3347
CVE-2021-26930
CVE-2021-27365
CVE-2021-28660
CVE-2021-28972
nettle CVE-2021-20305
openldap CVE-2020-36221
CVE-2020-36222
CVE-2020-36223
CVE-2020-36224
CVE-2020-36225
CVE-2020-36226
CVE-2020-36227
CVE-2020-36228
CVE-2020-36229
CVE-2020-36230
CVE-2021-27212
openssl CVE-2021-23839
CVE-2021-23840
runc CVE-2021-30465
sudo CVE-2021-23240
CVE-2021-3156
containerd CVE-2021-21334 Medium

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

Product Affected Versions Updated Version
Dell EMC VxRail Appliance 7.0.x versions before 7.0.240 7.0.240
Product Affected Versions Updated Version
Dell EMC VxRail Appliance 7.0.x versions before 7.0.240 7.0.240
Revision History

RevisionDateDescription
1.02021-9-3Initial Release
1.12021-10-04Updated with VMSA-2021-0020 after embargo date
1.22021-10-26Updated with iDRAC CVE
1.32021-11-03Removed iDRAC 9 CVE
1.42022-01-10Added VMware Photon OS linux patches - CVE-2021-3444 and CVE-2021-23133

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide


Article Properties


Affected Product

VxRail, Product Security Information

Last Published Date

10 Jan 2022

Version

6

Article Type

Dell Security Advisory