Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.

Article Number: 000198739


DSA-2022-101: Dell VxRail Security Update for Multiple Third-Party Component Vulnerabilities

Summary: Dell VxRail remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

Article Content


Impact

Critical

Details

Third-party Component CVEs More Information
Spring Framework CVE-2022-22963  
CVE-2022-22965
iDRAC9 CVE-2021-3712 See Dell KB article DSA-2021-259 for more information
 
CVE-2021-36347
CVE-2021-36348
CVE-2022-24422 See Dell KB article DSA-2022-068 for more information
VxM SUSE Vulnerabilities CVE-2018-25020  
CVE-2018-25032
CVE-2019-15126
CVE-2020-27820
CVE-2020-28097
CVE-2020-29361
CVE-2021-0920
CVE-2021-0935
CVE-2021-20316
CVE-2021-25220
CVE-2021-28711
CVE-2021-28712
CVE-2021-28713
CVE-2021-28714
CVE-2021-28715
CVE-2021-33098
CVE-2021-3564
CVE-2021-3800
CVE-2021-39648
CVE-2021-39657
CVE-2021-3999
CVE-2021-4002
CVE-2021-4009
CVE-2021-4011
CVE-2021-4083
CVE-2021-4135
CVE-2021-4149
CVE-2021-4156
CVE-2021-4189
CVE-2021-4197
CVE-2021-4202
CVE-2021-43566
CVE-2021-43975
CVE-2021-43976
CVE-2021-44141
CVE-2021-44142
CVE-2021-44733
CVE-2021-4487
CVE-2021-4509
CVE-2021-45417
CVE-2021-45485
CVE-2021-45486
CVE-2021-45960
CVE-2021-46143
CVE-2022-0001
CVE-2022-0002
CVE-2022-0322
CVE-2022-0330
CVE-2022-0336
CVE-2022-0391
CVE-2022-0435
CVE-2022-0487
CVE-2022-0492
CVE-2022-0617
CVE-2022-0644
CVE-2022-0778
CVE-2022-0847
CVE-2022-1097
CVE-2022-21248
CVE-2022-21282
CVE-2022-21283
CVE-2022-21293
CVE-2022-21294
CVE-2022-21296
CVE-2022-21299
CVE-2022-21305
CVE-2022-21340
CVE-2022-21341
CVE-2022-21349
CVE-2022-21360
CVE-2022-21365
CVE-2022-22822
CVE-2022-22823
CVE-2022-22824
CVE-2022-22825
CVE-2022-22826
CVE-2022-22827
CVE-2022-22942
CVE-2022-23181
CVE-2022-23218
CVE-2022-23219
CVE-2022-23302
CVE-2022-23305
CVE-2022-23307
CVE-2022-23852
CVE-2022-23990
CVE-2022-2444
CVE-2022-2495
CVE-2022-25236
Intel Solid State Drive (SSD) CVE-2021-0148 See Dell KB article DSA-2022-027
See Intel work around below
Third-party Component CVEs More Information
Spring Framework CVE-2022-22963  
CVE-2022-22965
iDRAC9 CVE-2021-3712 See Dell KB article DSA-2021-259 for more information
 
CVE-2021-36347
CVE-2021-36348
CVE-2022-24422 See Dell KB article DSA-2022-068 for more information
VxM SUSE Vulnerabilities CVE-2018-25020  
CVE-2018-25032
CVE-2019-15126
CVE-2020-27820
CVE-2020-28097
CVE-2020-29361
CVE-2021-0920
CVE-2021-0935
CVE-2021-20316
CVE-2021-25220
CVE-2021-28711
CVE-2021-28712
CVE-2021-28713
CVE-2021-28714
CVE-2021-28715
CVE-2021-33098
CVE-2021-3564
CVE-2021-3800
CVE-2021-39648
CVE-2021-39657
CVE-2021-3999
CVE-2021-4002
CVE-2021-4009
CVE-2021-4011
CVE-2021-4083
CVE-2021-4135
CVE-2021-4149
CVE-2021-4156
CVE-2021-4189
CVE-2021-4197
CVE-2021-4202
CVE-2021-43566
CVE-2021-43975
CVE-2021-43976
CVE-2021-44141
CVE-2021-44142
CVE-2021-44733
CVE-2021-4487
CVE-2021-4509
CVE-2021-45417
CVE-2021-45485
CVE-2021-45486
CVE-2021-45960
CVE-2021-46143
CVE-2022-0001
CVE-2022-0002
CVE-2022-0322
CVE-2022-0330
CVE-2022-0336
CVE-2022-0391
CVE-2022-0435
CVE-2022-0487
CVE-2022-0492
CVE-2022-0617
CVE-2022-0644
CVE-2022-0778
CVE-2022-0847
CVE-2022-1097
CVE-2022-21248
CVE-2022-21282
CVE-2022-21283
CVE-2022-21293
CVE-2022-21294
CVE-2022-21296
CVE-2022-21299
CVE-2022-21305
CVE-2022-21340
CVE-2022-21341
CVE-2022-21349
CVE-2022-21360
CVE-2022-21365
CVE-2022-22822
CVE-2022-22823
CVE-2022-22824
CVE-2022-22825
CVE-2022-22826
CVE-2022-22827
CVE-2022-22942
CVE-2022-23181
CVE-2022-23218
CVE-2022-23219
CVE-2022-23302
CVE-2022-23305
CVE-2022-23307
CVE-2022-23852
CVE-2022-23990
CVE-2022-2444
CVE-2022-2495
CVE-2022-25236
Intel Solid State Drive (SSD) CVE-2021-0148 See Dell KB article DSA-2022-027
See Intel work around below

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

Product Affected Versions Updated Version
Dell EMC VxRail 4.7.x versions before 4.7.542 4.7.542
Product Affected Versions Updated Version
Dell EMC VxRail 4.7.x versions before 4.7.542 4.7.542

Workarounds and Mitigations

Product Affected Versions CVE Identifier Updated Versions Workarounds
Dell VxRail 4.7.x versions before 4.7.542 CVE-2021-0148 4.7.542 INTEL-SA-00535

Revision History

RevisionDateDescription
1.02022-04-21Initial Release
1.12022-04-28Added Intel work around
1.22022-05-23Added CVE-2021-4156, CVE-2022-24422

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide


The information in this Dell Technologies Security Advisory should be read and used to assist in avoiding situations that may arise from the problems described herein. Dell Technologies distributes Security Advisories to bring important security information to the attention of users of the affected product(s). Dell Technologies assesses the risk based on an average of risks across a diverse set of installed systems and may not represent the actual risk to your local installation and individual environment. It is recommended that all users determine the applicability of this information to their individual environments and take appropriate actions. The information set forth herein is provided "as is" without warranty of any kind. Dell Technologies expressly disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Dell Technologies, its affiliates or suppliers, be liable for any damages whatsoever arising from or related to the information contained herein or actions that you decide to take based thereon, including any direct, indirect, incidental, consequential, loss of business profits or special damages, even if Dell Technologies, its affiliates or suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation shall apply to the extent permissible under law.

Article Properties


Affected Product

VxRail, CloudArray Virtual Edition for VxRail Appliance, Product Security Information, VMWare Cloud on Dell EMC VxRail E560F, VMWare Cloud on Dell EMC VxRail E560N, VxRail 460 and 470 Nodes, VxRail Appliance Family, VxRail Appliance SeriesVxRail, CloudArray Virtual Edition for VxRail Appliance, Product Security Information, VMWare Cloud on Dell EMC VxRail E560F, VMWare Cloud on Dell EMC VxRail E560N, VxRail 460 and 470 Nodes, VxRail Appliance Family, VxRail Appliance Series, VxRail G410, VxRail G Series Nodes, VxRail D Series Nodes, VxRail D560, VxRail D560F, VxRail E Series Nodes, VxRail E460, VxRail E560, VxRail E560 VCF, VxRail E560F, VxRail E560F VCF, VxRail E560N, VxRail E560N VCF, VxRail E660, VxRail E660F, VxRail E660N, VxRail E665F, VxRail E665N, VxRail G560, VxRail G560 VCF, VxRail G560F, VxRail G560F VCF, VxRail Gen2 Hardware, VxRail P Series Nodes, VxRail P470, VxRail P570, VxRail P570 VCF, VxRail P570F, VxRail P570F VCF, VxRail P580N, VxRail P580N VCF, VXRAIL P670F, VxRail P675F, VxRail P675N, VxRail S Series Nodes, VxRail S470, VxRail S570, VxRail S570 VCF, VxRail S670, VxRail Software, VxRail V Series Nodes, VxRail V470, VxRail V570, VxRail V570 VCF, VxRail V570F, VxRail V570F VCF, VXRAIL V670FSee more

Last Published Date

23 May 2022

Version

4

Article Type

Dell Security Advisory