Article Number: 000198226
Critical
Third-party Component | CVEs | More Information |
VMware vCenter | CVE-2022-22948 | For more information, see VMware article VMSA-2022-0009 |
VMware ESXi | CVE-2015-5180 | CNU C Library |
CVE-2015-8777 | ||
CVE-2015-8982 | ||
CVE-2016-10739 | ||
CVE-2016-3706 | ||
CVE-2017-1000366 | ||
CVE-2018-1000001 | ||
CVE-2018-19591 | ||
CVE-2019-19126 | ||
CVE-2020-10029 | ||
CVE-2021-29921 | Python third party library | |
VxM SUSE Vulnerabilities | CVE-2020-12762 | |
CVE-2020-13645 | ||
CVE-2020-27820 | ||
CVE-2020-27825 | ||
CVE-2020-29361 | ||
CVE-2020-8927 | ||
CVE-2021-0941 | ||
CVE-2021-20322 | ||
CVE-2021-22600 | ||
CVE-2021-23214 | ||
CVE-2021-23222 | ||
CVE-2021-28711 | ||
CVE-2021-28712 | ||
CVE-2021-28713 | ||
CVE-2021-28714 | ||
CVE-2021-28715 | ||
CVE-2021-31916 | ||
CVE-2021-33098 | ||
CVE-2021-3426 | ||
CVE-2021-34981 | ||
CVE-2021-3572 | ||
CVE-2021-37159 | ||
CVE-2021-3733 | ||
CVE-2021-3737 | ||
CVE-2021-39648 | ||
CVE-2021-39657 | ||
CVE-2021-4001 | ||
CVE-2021-4002 | ||
CVE-2021-4083 | ||
CVE-2021-4104 | ||
CVE-2021-4135 | ||
CVE-2021-4149 | ||
CVE-2021-4197 | ||
CVE-2021-4202 | ||
CVE-2021-42771 | ||
CVE-2021-43389 | ||
CVE-2021-43527 | ||
CVE-2021-43618 | ||
CVE-2021-43784 | ||
CVE-2021-43975 | ||
CVE-2021-43976 | ||
CVE-2021-44733 | ||
CVE-2021-45079 | ||
CVE-2021-45095 | ||
CVE-2021-45417 | ||
CVE-2021-45485 | ||
CVE-2021-45486 | ||
CVE-2021-45960 | ||
CVE-2021-46143 | ||
CVE-2022-0185 | ||
CVE-2022-0322 | ||
CVE-2022-0330 | ||
CVE-2022-0435 | ||
CVE-2022-22822 | ||
CVE-2022-22823 | ||
CVE-2022-22824 | ||
CVE-2022-22825 | ||
CVE-2022-22826 | ||
CVE-2022-22827 | ||
CVE-2022-22942 | ||
CVE-2022-23302 | ||
CVE-2022-23305 | ||
CVE-2022-23307 | ||
CVE-2022-23437 | ||
CVE-2022-23852 | ||
CVE-2022-23990 | ||
iDRAC9 | CVE-2021-3712 | Dell KB article: DSA-2021-259: Dell EMC iDRAC Security Update for Multiple Security Vulnerabilities | Dell US |
CVE-2021-36347 | ||
CVE-2021-36348 | ||
iDRAC9 | CVE-2022-24422 | See Dell KB article: DSA-2022-068 for more information |
Spring | CVE-2022-22965 | Note: VxRail is not impacted by CVE-2022-22963. |
PowerEdge EDK2 | CVE-2019-14584 | Dell KB article: DSA-2022-088 |
CVE-2021-28210 | ||
CVE-2021-28211 | ||
Intel Solid State Drive (SSD) | CVE-2021-0148 | Dell KB article: DSA-2022-027 See Intel workaround below |
PowerEdge Server | CVE-2021-26312 | See Dell KB article: DSA-2022-126 for more details |
CVE-2021-26339 | ||
CVE-2021-26342 | ||
CVE-2021-26347 | ||
CVE-2021-26348 | ||
CVE-2021-26349 | ||
CVE-2021-26350 | ||
CVE-2021-26364 | ||
CVE-2021-26372 | ||
CVE-2021-26373 | ||
CVE-2021-26375 | ||
CVE-2021-26376 | ||
CVE-2021-26378 | ||
CVE-2021-26388 |
Third-party Component | CVEs | More Information |
VMware vCenter | CVE-2022-22948 | For more information, see VMware article VMSA-2022-0009 |
VMware ESXi | CVE-2015-5180 | CNU C Library |
CVE-2015-8777 | ||
CVE-2015-8982 | ||
CVE-2016-10739 | ||
CVE-2016-3706 | ||
CVE-2017-1000366 | ||
CVE-2018-1000001 | ||
CVE-2018-19591 | ||
CVE-2019-19126 | ||
CVE-2020-10029 | ||
CVE-2021-29921 | Python third party library | |
VxM SUSE Vulnerabilities | CVE-2020-12762 | |
CVE-2020-13645 | ||
CVE-2020-27820 | ||
CVE-2020-27825 | ||
CVE-2020-29361 | ||
CVE-2020-8927 | ||
CVE-2021-0941 | ||
CVE-2021-20322 | ||
CVE-2021-22600 | ||
CVE-2021-23214 | ||
CVE-2021-23222 | ||
CVE-2021-28711 | ||
CVE-2021-28712 | ||
CVE-2021-28713 | ||
CVE-2021-28714 | ||
CVE-2021-28715 | ||
CVE-2021-31916 | ||
CVE-2021-33098 | ||
CVE-2021-3426 | ||
CVE-2021-34981 | ||
CVE-2021-3572 | ||
CVE-2021-37159 | ||
CVE-2021-3733 | ||
CVE-2021-3737 | ||
CVE-2021-39648 | ||
CVE-2021-39657 | ||
CVE-2021-4001 | ||
CVE-2021-4002 | ||
CVE-2021-4083 | ||
CVE-2021-4104 | ||
CVE-2021-4135 | ||
CVE-2021-4149 | ||
CVE-2021-4197 | ||
CVE-2021-4202 | ||
CVE-2021-42771 | ||
CVE-2021-43389 | ||
CVE-2021-43527 | ||
CVE-2021-43618 | ||
CVE-2021-43784 | ||
CVE-2021-43975 | ||
CVE-2021-43976 | ||
CVE-2021-44733 | ||
CVE-2021-45079 | ||
CVE-2021-45095 | ||
CVE-2021-45417 | ||
CVE-2021-45485 | ||
CVE-2021-45486 | ||
CVE-2021-45960 | ||
CVE-2021-46143 | ||
CVE-2022-0185 | ||
CVE-2022-0322 | ||
CVE-2022-0330 | ||
CVE-2022-0435 | ||
CVE-2022-22822 | ||
CVE-2022-22823 | ||
CVE-2022-22824 | ||
CVE-2022-22825 | ||
CVE-2022-22826 | ||
CVE-2022-22827 | ||
CVE-2022-22942 | ||
CVE-2022-23302 | ||
CVE-2022-23305 | ||
CVE-2022-23307 | ||
CVE-2022-23437 | ||
CVE-2022-23852 | ||
CVE-2022-23990 | ||
iDRAC9 | CVE-2021-3712 | Dell KB article: DSA-2021-259: Dell EMC iDRAC Security Update for Multiple Security Vulnerabilities | Dell US |
CVE-2021-36347 | ||
CVE-2021-36348 | ||
iDRAC9 | CVE-2022-24422 | See Dell KB article: DSA-2022-068 for more information |
Spring | CVE-2022-22965 | Note: VxRail is not impacted by CVE-2022-22963. |
PowerEdge EDK2 | CVE-2019-14584 | Dell KB article: DSA-2022-088 |
CVE-2021-28210 | ||
CVE-2021-28211 | ||
Intel Solid State Drive (SSD) | CVE-2021-0148 | Dell KB article: DSA-2022-027 See Intel workaround below |
PowerEdge Server | CVE-2021-26312 | See Dell KB article: DSA-2022-126 for more details |
CVE-2021-26339 | ||
CVE-2021-26342 | ||
CVE-2021-26347 | ||
CVE-2021-26348 | ||
CVE-2021-26349 | ||
CVE-2021-26350 | ||
CVE-2021-26364 | ||
CVE-2021-26372 | ||
CVE-2021-26373 | ||
CVE-2021-26375 | ||
CVE-2021-26376 | ||
CVE-2021-26378 | ||
CVE-2021-26388 |
Product | Affected Versions | Updated Version |
Dell VxRail Appliance | 7.0.x versions before 7.0.370 | 7.0.370 (See NOTE in Workarounds and Mitigations section below.) |
Product | Affected Versions | Updated Version |
Dell VxRail Appliance | 7.0.x versions before 7.0.370 | 7.0.370 (See NOTE in Workarounds and Mitigations section below.) |
NOTE: STIG hardening version 2.0.001 resolves the VMware issue described in VMware article 88055, which blocked STIG hardening of VxRail 7.0.370 and later. Additionally, if STIG hardening version 2.0.000 or earlier was applied to a VxRail cluster version 7.0.360 or earlier, STIG hardening version 2.0.001 must be applied before upgrading to VxRail 7.0.370 and later.
Caution: If running a STIG hardened VxRail version 7.0.370 or later, follow the steps seen in “Known issues” in the VxRail STIG Hardening Guide. However, if you have already removed the VMware ESXi STIG VIB, you can disregard this caution.
Product | Affected Versions | CVE Identifier | Updated Versions | Workarounds |
Dell VxRail | 7.0.x versions before 7.0.370 | CVE-2021-0148 | 7.0.370 | INTEL-SA-00535 |
Revision | Date | Description |
1.0 | 2022-04-12 | Initial Release |
1.1 | 2022-04-28 | Added PowerEdge EDK2 CVE and Intel work around |
1.2 | 2022-05-23 | Added CVE-2022-24422, PowerEdge Server CVEs, and removed PowerEdge BIOS CVEs |
1.3 | 2022-07-27 | Added NOTE regarding VMware issue |
1.4 | 2022-08-16 | Edited NOTE in Workaround & Mitigations section regarding STIG package |
18 Aug 2022
6
Dell Security Advisory