Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.

Article Number: 000194656


DSA-2021-263: Dell EMC Elastic Cloud Storage Security Update for Third-Party Vulnerabilities

Summary: Dell EMC Elastic Cloud Storage 3.6.2.1 or later version contains remediation for multiple security vulnerabilities that may be exploited by malicious users to compromise the affectedSee more

Article Content


Impact

Critical

Details

Third-party Component CVEs More Information
apache ant CVE-2020-11979 See NVD (http://nvd.nist.gov/ ) for individual scores for each CVE.
apache thrift CVE-2020-13949
Apache log4j CVE-2021-44228
  CVE-2021-45046
apache2 CVE-2020-35452
  CVE-2021-26690
  CVE-2021-26691
  CVE-2021-30641
  CVE-2021-31618
bind CVE-2020-8625
  CVE-2021-25214
  CVE-2021-25215
cpio CVE-2021-38185
curl CVE-2020-8231
  CVE-2020-8284
  CVE-2020-8285
  CVE-2020-8286
  CVE-2021-22876
  CVE-2021-22898
  CVE-2021-22922
  CVE-2021-22923
  CVE-2021-22924
  CVE-2021-22925
cyrus-sasl CVE-2019-19906
dbus-1 CVE-2020-12049
  CVE-2020-35512
dhcp CVE-2021-25217
file CVE-2019-18218
FLAC CVE-2020-0499
glib2 CVE-2021-27218
  CVE-2021-27219
libesmtp CVE-2019-19977
libgcrypt CVE-2021-33560
libnettle CVE-2021-3580
libsndfile CVE-2018-13139
  CVE-2018-19432
  CVE-2018-19758
  CVE-2021-3246
libsolv CVE-2019-20387
libsolv CVE-2021-3200
libxml2 CVE-2021-3516
  CVE-2021-3517
  CVE-2021-3518
  CVE-2021-3537
nghttp2 CVE-2016-1544
  CVE-2018-1000168
  CVE-2019-9511
  CVE-2019-9513
  CVE-2020-11080
ntp CVE-2018-8956
  CVE-2020-11868
  CVE-2020-13817
  CVE-2020-15025
openldap2 CVE-2020-25692
  CVE-2020-36221
  CVE-2020-36222
  CVE-2020-36223
  CVE-2020-36224
  CVE-2020-36225
  CVE-2020-36226
  CVE-2020-36227
  CVE-2020-36228
  CVE-2020-36229
  CVE-2020-36230
  CVE-2020-8023
  CVE-2021-27212
openssl-1_0_0 CVE-2021-23840
  CVE-2021-23841
  CVE-2021-3712
Permissions  CVE-2020-8025
python CVE-2019-20916
  CVE-2021-3177  
python-cryptography CVE-2020-36242  
python-PyYAML CVE-2020-14343  
screen CVE-2021-26937  
Spring Framework CVE-2018-15756  
sqlite3 CVE-2015-3414  
  CVE-2015-3415  
  CVE-2016-6153  
  CVE-2017-10989  
  CVE-2017-2518  
  CVE-2018-20346  
  CVE-2018-8740  
  CVE-2019-16168  
  CVE-2019-19244  
  CVE-2019-19317  
  CVE-2019-19603  
  CVE-2019-19645  
  CVE-2019-19646  
  CVE-2019-19880  
  CVE-2019-19923  
  CVE-2019-19924  
  CVE-2019-19925  
  CVE-2019-19926  
  CVE-2019-19959  
  CVE-2019-20218  
  CVE-2019-8457  
  CVE-2020-13434  
  CVE-2020-13435  
  CVE-2020-13630  
  CVE-2020-13631  
  CVE-2020-13632  
  CVE-2020-15358  
  CVE-2020-9327  
Third-party Component CVEs More Information
apache ant CVE-2020-11979 See NVD (http://nvd.nist.gov/ ) for individual scores for each CVE.
apache thrift CVE-2020-13949
Apache log4j CVE-2021-44228
  CVE-2021-45046
apache2 CVE-2020-35452
  CVE-2021-26690
  CVE-2021-26691
  CVE-2021-30641
  CVE-2021-31618
bind CVE-2020-8625
  CVE-2021-25214
  CVE-2021-25215
cpio CVE-2021-38185
curl CVE-2020-8231
  CVE-2020-8284
  CVE-2020-8285
  CVE-2020-8286
  CVE-2021-22876
  CVE-2021-22898
  CVE-2021-22922
  CVE-2021-22923
  CVE-2021-22924
  CVE-2021-22925
cyrus-sasl CVE-2019-19906
dbus-1 CVE-2020-12049
  CVE-2020-35512
dhcp CVE-2021-25217
file CVE-2019-18218
FLAC CVE-2020-0499
glib2 CVE-2021-27218
  CVE-2021-27219
libesmtp CVE-2019-19977
libgcrypt CVE-2021-33560
libnettle CVE-2021-3580
libsndfile CVE-2018-13139
  CVE-2018-19432
  CVE-2018-19758
  CVE-2021-3246
libsolv CVE-2019-20387
libsolv CVE-2021-3200
libxml2 CVE-2021-3516
  CVE-2021-3517
  CVE-2021-3518
  CVE-2021-3537
nghttp2 CVE-2016-1544
  CVE-2018-1000168
  CVE-2019-9511
  CVE-2019-9513
  CVE-2020-11080
ntp CVE-2018-8956
  CVE-2020-11868
  CVE-2020-13817
  CVE-2020-15025
openldap2 CVE-2020-25692
  CVE-2020-36221
  CVE-2020-36222
  CVE-2020-36223
  CVE-2020-36224
  CVE-2020-36225
  CVE-2020-36226
  CVE-2020-36227
  CVE-2020-36228
  CVE-2020-36229
  CVE-2020-36230
  CVE-2020-8023
  CVE-2021-27212
openssl-1_0_0 CVE-2021-23840
  CVE-2021-23841
  CVE-2021-3712
Permissions  CVE-2020-8025
python CVE-2019-20916
  CVE-2021-3177  
python-cryptography CVE-2020-36242  
python-PyYAML CVE-2020-14343  
screen CVE-2021-26937  
Spring Framework CVE-2018-15756  
sqlite3 CVE-2015-3414  
  CVE-2015-3415  
  CVE-2016-6153  
  CVE-2017-10989  
  CVE-2017-2518  
  CVE-2018-20346  
  CVE-2018-8740  
  CVE-2019-16168  
  CVE-2019-19244  
  CVE-2019-19317  
  CVE-2019-19603  
  CVE-2019-19645  
  CVE-2019-19646  
  CVE-2019-19880  
  CVE-2019-19923  
  CVE-2019-19924  
  CVE-2019-19925  
  CVE-2019-19926  
  CVE-2019-19959  
  CVE-2019-20218  
  CVE-2019-8457  
  CVE-2020-13434  
  CVE-2020-13435  
  CVE-2020-13630  
  CVE-2020-13631  
  CVE-2020-13632  
  CVE-2020-15358  
  CVE-2020-9327  

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

Product Affected Versions Updated Versions Link to Update
Dell EMC Elastic Cloud Storage ECS version 3.6.2.0 and earlier ECS 3.6.2.1 or later https://www.dell.com/support/home/en-us/product-support/product/ecs-appliance-/overview
 
         
Product Affected Versions Updated Versions Link to Update
Dell EMC Elastic Cloud Storage ECS version 3.6.2.0 and earlier ECS 3.6.2.1 or later https://www.dell.com/support/home/en-us/product-support/product/ecs-appliance-/overview
 
         
Revision History

RevisionDateDescription
1.020/12/2021Initial Release
2.006/01/2022Edited the Updated Version(s)

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide


The information in this Dell Technologies Security Advisory should be read and used to assist in avoiding situations that may arise from the problems described herein. Dell Technologies distributes Security Advisories to bring important security information to the attention of users of the affected product(s). Dell Technologies assesses the risk based on an average of risks across a diverse set of installed systems and may not represent the actual risk to your local installation and individual environment. It is recommended that all users determine the applicability of this information to their individual environments and take appropriate actions. The information set forth herein is provided "as is" without warranty of any kind. Dell Technologies expressly disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Dell Technologies, its affiliates or suppliers, be liable for any damages whatsoever arising from or related to the information contained herein or actions that you decide to take based thereon, including any direct, indirect, incidental, consequential, loss of business profits or special damages, even if Dell Technologies, its affiliates or suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation shall apply to the extent permissible under law.

Article Properties


Affected Product

Elastic Cloud Storage, Product Security Information

Last Published Date

07 Jan 2022

Version

2

Article Type

Dell Security Advisory

Rate This Article


Accurate
Useful
Easy to Understand
Was this article helpful?

0/3000 characters