Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
Sign In Create an Account Dell Financial Services Premier Sign In Partner Program Sign In
Contact Us

Your Dell.com Carts

Some article numbers may have changed. If this isn't what you're looking for, try searching all articles. Search articles

DSA-2021-300: vRealize Orchestrator (vRO) Plug-ins for Dell EMC Storage  Security Updates for Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228) and CVE-2021-45046

Summary: vRealize Orchestrator (vRO) Plug-ins for Dell EMC Storage is available for the Apache Log4j Remote Code Execution Vulnerability that may be exploited by malicious users to compromise the affected system. Dell recommends implementing this remediation as soon as possible in light of the critical severity of the vulnerability. ...

This article applies to   This article does not apply to 
Check out resources for

Impact

Critical

Details

Third-party Component 

CVE 

More information 

Apache Log4j 

CVE-2021-44228, CVE-2021-45046 

Apache Log4j Remote Code Execution 

Third-party Component 

CVE 

More information 

Apache Log4j 

CVE-2021-44228, CVE-2021-45046 

Apache Log4j Remote Code Execution 
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

Product Affected Versions Updated Versions Link to Update
vRO Plugin for Dell EMC PowerMax Version 1.2.3 or earlier  1.2.4 Support for vRealize Orchestrator (vRO) Platforms | Drivers & Downloads | Dell US
vRO Plugin for Dell EMC PowerScale Version 1.1.0 or earlier  1.1.1 Support for vRealize Orchestrator (vRO) Platforms | Drivers & Downloads | Dell US
vRO Plugin for Dell EMC PowerScale Version 1.0.3, 1.0.2, 1.0.1, and 1.0.0  1.0.4 Support for vRealize Orchestrator (vRO) Platforms | Drivers & Downloads | Dell US

Note:
Customers using vRO Plugin for Dell EMC PowerStore 1.1.4 (or earlier), Unity 1.0.7 (or earlier  and XtremIO 4.1.2 (or earlier) only need to apply the vRO mitigation, detailed in the Workaround and Mitigation section.
Product Affected Versions Updated Versions Link to Update
vRO Plugin for Dell EMC PowerMax Version 1.2.3 or earlier  1.2.4 Support for vRealize Orchestrator (vRO) Platforms | Drivers & Downloads | Dell US
vRO Plugin for Dell EMC PowerScale Version 1.1.0 or earlier  1.1.1 Support for vRealize Orchestrator (vRO) Platforms | Drivers & Downloads | Dell US
vRO Plugin for Dell EMC PowerScale Version 1.0.3, 1.0.2, 1.0.1, and 1.0.0  1.0.4 Support for vRealize Orchestrator (vRO) Platforms | Drivers & Downloads | Dell US

Note:
Customers using vRO Plugin for Dell EMC PowerStore 1.1.4 (or earlier), Unity 1.0.7 (or earlier  and XtremIO 4.1.2 (or earlier) only need to apply the vRO mitigation, detailed in the Workaround and Mitigation section.

Workarounds & Mitigations

Mitigation applicable to vRO Plugin for Dell EMC PowerMax, vRO Plugin for Dell EMC PowerScale, vRO Plugin for Dell EMC PowerStore, vRO Plugin for Dell EMC Unity, and vRO Plugin for Dell EMC XtremIO:

VMware has announced two KB articles to mitigate this vulnerability for VMware vRealize Orchestrator (vRO):

The corresponding patch information is found in:

Revision History

RevisionDateDescription
1.02021-12-17Initial Release
1.12022-01-04Provide more exact instructions for vRO Plugins for Dell EMC PowerStore, Unity and XtremIO.
1.22022-01-31Updated Remediation section to include 1.0.3, 1.0.2, 1.0.1 and 1.0.0

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Disclaimer

Affected Products

Product Security Information, vRealize Orchestrator (vRO) Plug-in for PowerMax, vRealize Orchestrator (vRO) Plug-in for PowerScale

Products

vRealize Orchestrator (vRO) Plug-in for PowerStore, vRealize Orchestrator (vRO) Plug-in for Unity, vRealize Orchestrator (vRO) Plug-in for XtremIO