Dell EMC ViPR Controller False Positive Security Vulnerabilities

Summary: This article provides a list of security vulnerabilities that cannot be exploited on Dell EMC ViPR Controller, but which may be identified by security scanners.

Security Article Type

CVE Identifier

Issue Summary

Details

Recommendations

Legal Disclaimer

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.

Check out other resources

Security Article Type

Security KB

CVE Identifier

The CVE IDs are listed in the table below.

Issue Summary

See the Recommendation section below for details on each CVE.

Details

All supported ViPR Controller versions including 3.6.2.6 (latest GA version).

Recommendations

The vulnerabilities listed in the table below are in order by the date on which ViPR Controller Engineering determined that ViPR Controller 3.6.2.x was not vulnerable.

Third-party Component	CVE IDs	Summary of Vulnerability	Reason why Product is not Vulnerable	Date Determined False Positive
Log4j 1.2	CVE-2021-4104	Requires use of JMSAppender, a nonstandard configuration	The flaw does not exist and is not vulnerable since JMSAppender is not used with ViPR Controller Product.	22-December-2021
Log4j 1.2	CVE-2019-17571	Requires use of SocketServer, a nonstandard configuration	The flaw does not exist and is not vulnerable since SocketServer is not used with ViPR Controller Product.	22-December-2021
Log4j 1.2	CVE-2022-23302	Apache log4j JMSSink Deserialization Code Execution Vulnerability	The flaw does not exist and is not vulnerable since JMSSink is not used with ViPR Controller Product.	4-February-2022
Log4j 1.2	CVE-2022-23305	Apache log4j JDBCAppender SQL Injection Vulnerability	The flaw does not exist and is not vulnerable since JDBCAppender is not used with ViPR Controller Product.	4-February-2022
Log4j 1.2	CVE-2022-23307	Apache log4j Chainsaw Deserialization Code Execution Vulnerability	The flaw does not exist and is not vulnerable since Chainsaw is not used with ViPR Controller Product.	4-February-2022

Legal Disclaimer

Article Number: 000194993

Article Type: Security KB

Last Modified: 01 Mar 2022

Version: 2

Check if your device is covered by Support Services.

Dell EMC ViPR Controller False Positive Security Vulnerabilities

Summary: This article provides a list of security vulnerabilities that cannot be exploited on Dell EMC ViPR Controller, but which may be identified by security scanners.

Security Article Type

CVE Identifier

Issue Summary

Details

Recommendations

Legal Disclaimer

Security Article Type

CVE Identifier

Issue Summary

Details

Recommendations

Legal Disclaimer

Article Properties

Find answers to your questions from other Dell users

Support Services

Article Properties

Find answers to your questions from other Dell users

Support Services

Dell EMC ViPR Controller False Positive Security Vulnerabilities

Summary: This article provides a list of security vulnerabilities that cannot be exploited on Dell EMC ViPR Controller, but which may be identified by security scanners.

Detailed Article

Security Article Type

CVE Identifier

Issue Summary

Details

Recommendations

Legal Disclaimer

Security Article Type

CVE Identifier

Issue Summary

Details

Recommendations

Legal Disclaimer

Article Properties

Find answers to your questions from other Dell users

Support Services

Article Properties

Find answers to your questions from other Dell users

Support Services