DSA-2021-292: Dell PowerFlex Rack Security Update for Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105)

Table of Contents

Detailed Article

Impact

Details

Affected Products & Remediation

Revision History

Related Info

Legal Disclaimer

Affected Products

Provide Feedback

Summary: Dell PowerFlex Rack remediation is available for the Apache Log4j Remote Code Execution Vulnerability that may be exploited by malicious users to compromise the affected system. Dell recommends implementing this remediation as soon as possible in light of the critical severity of the vulnerability. ...

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.

Check out other resources

Impact

Critical

Details

Third-party Component	CVEs	More information
Apache Log4j	CVE-2021-44228	Apache Log4j Remote Code Execution
	CVE-2021-45046
	CVE-2021-45105

Third-party Component	CVEs	More information
Apache Log4j	CVE-2021-44228	Apache Log4j Remote Code Execution
	CVE-2021-45046
	CVE-2021-45105

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

Affected Products and Remediation:

CVEs	Product	Affected Versions	Updated Versions	Link to update
CVE-2021-44228 CVE-2021-45046 CVE-2021-45105	PowerFlex Rack	RCM 3.5 train: Versions before 3.5.6.0 RCM 3.6 train: Versions before 3.6.2.0	RCM 3.5 train: Version 3.5.6.1 RCM 3.6 train: Versions 3.6.2.1	For RCM release information: https://cicodeportal.dell.com/#/home For RCM download: https://vce.flexnetoperations.com/control/vcec/product?plneID=740417
CVE-2021-44228 CVE-2021-45046 CVE-2021-45105	PowerFlex Rack	RCM 3.3 train: Versions before 3.3.11.0 RCM 3.4 train: Versions before 3.4.6.0	RCM 3.3 train: Versions 3.3.11.3 RCM 3.4 train: Versions 3.4.6.3

Affected Components in the Product:

Component	Affected Versions	Updated Versions	Link to update
Dell PowerFlex Presentation Server	3.5, 3.5.1, 3.5.1.1, 3.5.1.2, 3.5.1.3, 3.5.1.4 3.6, 3.6.0.1, and 3.6.0.2	Versions 3.6.0.3 and 3.5.1.5	PowerFlex 3.6.0.3 build 107 Complete Software PowerFlex 3.5.1.5 Build 105 Complete Software Download DSA-2021-272
Dell PowerFlex Manager	3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, 3.6.1, 3.7.0, 3.7.1, 3.7.2, and 3.8.0	Version 3.8.0 (Build Number 3.8.0-8187)	For RCM release information: https://cicodeportal.dell.com/#/home For RCM download: https://vce.flexnetoperations.com/control/vcec/product?plneID=740417
VMware vCenter Server Appliance	6.5, 6.7, and 7.0	VMware-VCSA-all-6.5.0-19261680 (6.5 U3s) VMware-VCSA-all-6.7 Update 3q (6.7.0 Build19300125 VMware-VCSA-all-7.0 Update 3c Build 19234570	For RCM release information: https://cicodeportal.dell.com/#/home For RCM download: https://vce.flexnetoperations.com/control/vcec/product?plneID=740417

Affected Products and Remediation:

CVEs	Product	Affected Versions	Updated Versions	Link to update
CVE-2021-44228 CVE-2021-45046 CVE-2021-45105	PowerFlex Rack	RCM 3.5 train: Versions before 3.5.6.0 RCM 3.6 train: Versions before 3.6.2.0	RCM 3.5 train: Version 3.5.6.1 RCM 3.6 train: Versions 3.6.2.1	For RCM release information: https://cicodeportal.dell.com/#/home For RCM download: https://vce.flexnetoperations.com/control/vcec/product?plneID=740417
CVE-2021-44228 CVE-2021-45046 CVE-2021-45105	PowerFlex Rack	RCM 3.3 train: Versions before 3.3.11.0 RCM 3.4 train: Versions before 3.4.6.0	RCM 3.3 train: Versions 3.3.11.3 RCM 3.4 train: Versions 3.4.6.3

Affected Components in the Product:

Component	Affected Versions	Updated Versions	Link to update
Dell PowerFlex Presentation Server	3.5, 3.5.1, 3.5.1.1, 3.5.1.2, 3.5.1.3, 3.5.1.4 3.6, 3.6.0.1, and 3.6.0.2	Versions 3.6.0.3 and 3.5.1.5	PowerFlex 3.6.0.3 build 107 Complete Software PowerFlex 3.5.1.5 Build 105 Complete Software Download DSA-2021-272
Dell PowerFlex Manager	3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, 3.6.1, 3.7.0, 3.7.1, 3.7.2, and 3.8.0	Version 3.8.0 (Build Number 3.8.0-8187)	For RCM release information: https://cicodeportal.dell.com/#/home For RCM download: https://vce.flexnetoperations.com/control/vcec/product?plneID=740417
VMware vCenter Server Appliance	6.5, 6.7, and 7.0	VMware-VCSA-all-6.5.0-19261680 (6.5 U3s) VMware-VCSA-all-6.7 Update 3q (6.7.0 Build19300125 VMware-VCSA-all-7.0 Update 3c Build 19234570	For RCM release information: https://cicodeportal.dell.com/#/home For RCM download: https://vce.flexnetoperations.com/control/vcec/product?plneID=740417

Revision History

Revision	Date	Description
1.0	2021-12-14	Initial Release
1.1	2021-12-17	Added VMware vCenter Server Appliance workaround KB article link.
1.2	2021-12-22	Added CVE-2021-45105 and remediation guidance
1.3	2022-01-06	Added new ZIP with Log4j 2.17.1 remediation
2.0	2022-02-09	Minor update - Workarounds and Mitigations - PowerFlex Manager section
3.0	2022-02-25	Updated Affected Products and Remediation section, added links to update
4.0	2022-06-01	Update the VMware vCenter Server Appliance links to update

Related Information

Legal Disclaimer

Affected Products

PowerFlex rack

Products

Product Security Information, VMware vCenter Server

Article Number: 000194578

Article Type: Dell Security Advisory

Last Modified: 01 Jun 2022

Check if your device is covered by Support Services.

DSA-2021-292: Dell PowerFlex Rack Security Update for Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105)

Impact

Details

Affected Products & Remediation

Revision History

Related Information

Legal Disclaimer

Affected Products

Products

Article Properties

Find answers to your questions from other Dell users

Support Services

Article Properties

Find answers to your questions from other Dell users

Support Services