DSA-2021-111: Dell VxRail Appliance Security Update for Multiple Third-Party Component Vulnerabilities
Summary: Dell VxRail remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Impact
Critical
Details
Dell VxRail Appliance Security Update for Third-party components:
| Third-Party Component | CVE(s) | More information |
| VMware vCenter Server | CVE-2021-21985 | Severity: Critical, see VMSA-2021-0010 |
| VMware vCenter Server | CVE-2021-21986 | Severity: Medium, see VMSA-2021-0010 |
Third-Party components in VxRail Manager:
| Third-Party Component | CVE(s) | More information |
| bind-utils | CVE-2021-25214 |
Severity: Medium, see SUSE-SU-2021:1468-1 |
| CVE-2021-25215 | ||
| curl | CVE-2021-22876 | Severity: Medium, see SUSE-SU-2021:1396-1 |
| CVE-2021-22898 | ||
| glib2-tools | CVE-2021-27219 | Severity: High, see SUSE-SU-2021:801-1 |
| CVE-2021-27218 | ||
| glibc | CVE-2020-27618 | Severity: High, see SUSE-SU-2021:1165-1 |
| CVE-2020-29562 | ||
| CVE-2020-29573 | ||
| kernel | CVE-2020-36312 | Severity: High, see: SUSE-SU-2021:1210-1 SUSE-SU-2021:1595-1 |
| CVE-2021-29650 | ||
| CVE-2021-29155 | ||
| CVE-2020-36310 | ||
| CVE-2021-28950 | ||
| CVE-2020-36322 | ||
| CVE-2021-3444 | ||
| CVE-2021-3483 | ||
| CVE-2021-3444 | ||
| CVE-2021-3428 | ||
| CVE-2021-30002 | ||
| CVE-2021-29647 | ||
| CVE-2021-29265 | ||
| CVE-2021-29264 | ||
| CVE-2021-29154 | ||
| CVE-2021-28972 | ||
| CVE-2021-28971 | ||
| CVE-2021-28964 | ||
| CVE-2021-28688 | ||
| CVE-2021-28660 | ||
| CVE-2021-28038 | ||
| CVE-2021-27365 | ||
| CVE-2021-27364 | ||
| CVE-2021-27363 | ||
| CVE-2021-26932 | ||
| CVE-2021-26931 | ||
| CVE-2021-26930 | ||
| CVE-2021-20219 | ||
| CVE-2020-36311 | ||
| CVE-2020-35519 | ||
| CVE-2020-29368 | ||
| CVE-2020-27815 | ||
| CVE-2020-27171 | ||
| CVE-2020-27170 | ||
| CVE-2020-25673 | ||
| CVE-2020-25672 | ||
| CVE-2020-25671 | ||
| CVE-2020-25670 | ||
| CVE-2020-0433 | ||
| CVE-2020-29374 | ||
| json-smart | CVE-2021-27568 | Severity: Critical, see https://nvd.nist.gov/vuln/detail/CVE-2021-27568 |
| libnettle | CVE-2021-20305 | Severity: High, see SUSE-SU-2021:1399-1 |
| libxml2 | CVE-2021-3516 | Severity: High, see: SUSE-SU-2021:1658-1 SUSE-SU-2021:1524-1 |
| CVE-2021-3517 | ||
| CVE-2021-3518 | ||
| CVE-2021-3537 | ||
| nghttp2 | CVE-2018-1000168 | Severity: High, see SUSE-SU-2021:932-1 |
| CVE-2019-9511 | ||
| CVE-2019-9513 | ||
| CVE-2016-1544 | ||
| CVE-2020-11080 | ||
| pyca/cryptography | CVE-2020-36242 | Severity: Critical, see https://nvd.nist.gov/vuln/detail/CVE-2020-36242 |
| python | CVE-2019-18348 | Severity: Medium, see SUSE-SU-2021:794-1 |
| CVE-2021-23336 | ||
| pyYAML | CVE-2020-14343 | Severity: Critical, see https://nvd.nist.gov/vuln/detail/CVE-2020-14343 |
| sudo | CVE-2021-3156 | Severity: High, see SUSE-SU-2021:1274-1 |
| tar | CVE-2021-20193 | Severity: Low, see SUSE-SU-2021:0975-1 |
| tomcat | CVE-2021-25329 | Severity: High, see SUSE-SU-2021:0948-1 |
| CVE-2021-25122 | ||
| xorg-x11-server | CVE-2021-3472 | Severity: High, see SUSE-SU-2021:1181-1 |
Dell VxRail Appliance Security Update for Third-party components:
| Third-Party Component | CVE(s) | More information |
| VMware vCenter Server | CVE-2021-21985 | Severity: Critical, see VMSA-2021-0010 |
| VMware vCenter Server | CVE-2021-21986 | Severity: Medium, see VMSA-2021-0010 |
Third-Party components in VxRail Manager:
| Third-Party Component | CVE(s) | More information |
| bind-utils | CVE-2021-25214 |
Severity: Medium, see SUSE-SU-2021:1468-1 |
| CVE-2021-25215 | ||
| curl | CVE-2021-22876 | Severity: Medium, see SUSE-SU-2021:1396-1 |
| CVE-2021-22898 | ||
| glib2-tools | CVE-2021-27219 | Severity: High, see SUSE-SU-2021:801-1 |
| CVE-2021-27218 | ||
| glibc | CVE-2020-27618 | Severity: High, see SUSE-SU-2021:1165-1 |
| CVE-2020-29562 | ||
| CVE-2020-29573 | ||
| kernel | CVE-2020-36312 | Severity: High, see: SUSE-SU-2021:1210-1 SUSE-SU-2021:1595-1 |
| CVE-2021-29650 | ||
| CVE-2021-29155 | ||
| CVE-2020-36310 | ||
| CVE-2021-28950 | ||
| CVE-2020-36322 | ||
| CVE-2021-3444 | ||
| CVE-2021-3483 | ||
| CVE-2021-3444 | ||
| CVE-2021-3428 | ||
| CVE-2021-30002 | ||
| CVE-2021-29647 | ||
| CVE-2021-29265 | ||
| CVE-2021-29264 | ||
| CVE-2021-29154 | ||
| CVE-2021-28972 | ||
| CVE-2021-28971 | ||
| CVE-2021-28964 | ||
| CVE-2021-28688 | ||
| CVE-2021-28660 | ||
| CVE-2021-28038 | ||
| CVE-2021-27365 | ||
| CVE-2021-27364 | ||
| CVE-2021-27363 | ||
| CVE-2021-26932 | ||
| CVE-2021-26931 | ||
| CVE-2021-26930 | ||
| CVE-2021-20219 | ||
| CVE-2020-36311 | ||
| CVE-2020-35519 | ||
| CVE-2020-29368 | ||
| CVE-2020-27815 | ||
| CVE-2020-27171 | ||
| CVE-2020-27170 | ||
| CVE-2020-25673 | ||
| CVE-2020-25672 | ||
| CVE-2020-25671 | ||
| CVE-2020-25670 | ||
| CVE-2020-0433 | ||
| CVE-2020-29374 | ||
| json-smart | CVE-2021-27568 | Severity: Critical, see https://nvd.nist.gov/vuln/detail/CVE-2021-27568 |
| libnettle | CVE-2021-20305 | Severity: High, see SUSE-SU-2021:1399-1 |
| libxml2 | CVE-2021-3516 | Severity: High, see: SUSE-SU-2021:1658-1 SUSE-SU-2021:1524-1 |
| CVE-2021-3517 | ||
| CVE-2021-3518 | ||
| CVE-2021-3537 | ||
| nghttp2 | CVE-2018-1000168 | Severity: High, see SUSE-SU-2021:932-1 |
| CVE-2019-9511 | ||
| CVE-2019-9513 | ||
| CVE-2016-1544 | ||
| CVE-2020-11080 | ||
| pyca/cryptography | CVE-2020-36242 | Severity: Critical, see https://nvd.nist.gov/vuln/detail/CVE-2020-36242 |
| python | CVE-2019-18348 | Severity: Medium, see SUSE-SU-2021:794-1 |
| CVE-2021-23336 | ||
| pyYAML | CVE-2020-14343 | Severity: Critical, see https://nvd.nist.gov/vuln/detail/CVE-2020-14343 |
| sudo | CVE-2021-3156 | Severity: High, see SUSE-SU-2021:1274-1 |
| tar | CVE-2021-20193 | Severity: Low, see SUSE-SU-2021:0975-1 |
| tomcat | CVE-2021-25329 | Severity: High, see SUSE-SU-2021:0948-1 |
| CVE-2021-25122 | ||
| xorg-x11-server | CVE-2021-3472 | Severity: High, see SUSE-SU-2021:1181-1 |
Affected Products & Remediation
| CVE(s) Addressed | Product | Affected Version(s) | Updated Version(s) |
| See table above | Dell VxRail Appliance | 4.7.x versions prior to 4.7.531 | 4.7.531 |
| CVE(s) Addressed | Product | Affected Version(s) | Updated Version(s) |
| See table above | Dell VxRail Appliance | 4.7.x versions prior to 4.7.531 | 4.7.531 |
Workarounds & Mitigations
See KB article 187489: VxRail: Information on VMSA-2021-0010 and VxRail environments
Revision History
| Revision | Date | Description |
| 1.0 | 2021-06-03 | Initial Release |
Related Information
Legal Disclaimer
Affected Products
VxRail, Product Security InformationArticle Properties
Article Number: 000187919
Article Type: Dell Security Advisory
Last Modified: 19 Sep 2025
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.