DSA-2023-159: Dell PowerScale OneFS Security Update for Multiple Third-Party Component Vulnerabilities
Resumen: Dell PowerScale OneFS remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
Este artículo se aplica a:
Este artículo no se aplica a:
Este artículo no está vinculado a ningún producto específico.
En este artículo no se identifican todas las versiones de los productos.
Impacto
High
Detalles
| Third-Party Component | CVEs | CVSS Vector String |
|---|---|---|
| Apache Runtime Portable | CVE-2022-24963 CVE-2022-28331 |
See NVD more details. See NVD more details. |
| SQLite | CVE-2021-20227 CVE-2021-36690 CVE-2022-46908 CVE-2022-35737 |
See NVD more details. See NVD more details. See NVD more details. See NVD more details. |
| libexpat | CVE-2022-43680 | See NVD more details. |
| Apache HTTP Server | CVE-2022-37436 CVE-2006-20001 CVE-2022-36760 |
See NVD more details. See NVD more details. See NVD more details. |
| Third-Party Component | CVEs | CVSS Vector String |
|---|---|---|
| Apache Runtime Portable | CVE-2022-24963 CVE-2022-28331 |
See NVD more details. See NVD more details. |
| SQLite | CVE-2021-20227 CVE-2021-36690 CVE-2022-46908 CVE-2022-35737 |
See NVD more details. See NVD more details. See NVD more details. See NVD more details. |
| libexpat | CVE-2022-43680 | See NVD more details. |
| Apache HTTP Server | CVE-2022-37436 CVE-2006-20001 CVE-2022-36760 |
See NVD more details. See NVD more details. See NVD more details. |
Productos afectados y corrección
| CVEs Addressed | Product | Affected Versions | Remediated Versions | Link |
|---|---|---|---|---|
| CVE-2022-24963 CVE-2022-28331 |
PowerScale OneFS |
9.4.0.0 through 9.4.0.13 | Download and install the latest RUP >= 9.4.0.14 | PowerScale OneFS Downloads Area |
| 9.5.0.0 through 9.5.0.3 | Upgrade your version of PowerScale OneFS to >=9.5.0.5 | |||
| Any other version | Upgrade your version of PowerScale OneFS in 9.4 series to >= 9.4.0.14 | |||
| CVE-2021-3618 |
PowerScale OneFS |
9.1.0 through 9.1.0.28 | Download and install the latest RUP >= 9.1.0.29 | |
| 9.2.1 through 9.2.1.22 | Download and install the latest RUP >= 9.2.1.23 | |||
| 9.4.0.0 through 9.4.0.13 | Download and install the latest RUP >= 9.4.0.14 | |||
| 9.5.0.0 through 9.5.0.3 | Download and install the latest RUP >= 9.5.0.5 | |||
| Any other version | Upgrade your version of PowerScale OneFS to >=9.5.0.5 | |||
| CVE-2021-20227 CVE-2021-36690 CVE-2022-46908 CVE-2022-35737 |
PowerScale OneFS |
9.4.0.0 through 9.4.0.13 | Download and install the latest RUP >= 9.4.0.14 | |
| 9.5.0.0 through 9.5.0.3 | Upgrade your version of PowerScale OneFS to >=9.5.0.5 | |||
| Any other version | Upgrade your version of PowerScale OneFS in 9.4 series to >= 9.4.0.14 | |||
| CVE-2022-43680 |
PowerScale OneFS |
9.4.0.0 through 9.4.0.13 | Download and install the latest RUP >= 9.4.0.14 | |
| 9.5.0.0 through 9.5.0.3 | Upgrade your version of PowerScale OneFS to >=9.5.0.5 | |||
| Any other version | Upgrade your version of PowerScale OneFS in 9.4 series to >= 9.4.0.14 | |||
| CVE-2022-37436 CVE-2006-20001 CVE-2022-36760 |
PowerScale OneFS |
9.2.1.0 through 9.2.1.22 | Download and install the latest RUP >= 9.2.1.23 | |
| 9.4.0.0 through 9.4.0.13 | Download and install the latest RUP >= 9.4.0.14 | |||
| Any other version | Upgrade your version of PowerScale OneFS in 9.4 series to >= 9.4.0.14 |
| CVEs Addressed | Product | Affected Versions | Remediated Versions | Link |
|---|---|---|---|---|
| CVE-2022-24963 CVE-2022-28331 |
PowerScale OneFS |
9.4.0.0 through 9.4.0.13 | Download and install the latest RUP >= 9.4.0.14 | PowerScale OneFS Downloads Area |
| 9.5.0.0 through 9.5.0.3 | Upgrade your version of PowerScale OneFS to >=9.5.0.5 | |||
| Any other version | Upgrade your version of PowerScale OneFS in 9.4 series to >= 9.4.0.14 | |||
| CVE-2021-3618 |
PowerScale OneFS |
9.1.0 through 9.1.0.28 | Download and install the latest RUP >= 9.1.0.29 | |
| 9.2.1 through 9.2.1.22 | Download and install the latest RUP >= 9.2.1.23 | |||
| 9.4.0.0 through 9.4.0.13 | Download and install the latest RUP >= 9.4.0.14 | |||
| 9.5.0.0 through 9.5.0.3 | Download and install the latest RUP >= 9.5.0.5 | |||
| Any other version | Upgrade your version of PowerScale OneFS to >=9.5.0.5 | |||
| CVE-2021-20227 CVE-2021-36690 CVE-2022-46908 CVE-2022-35737 |
PowerScale OneFS |
9.4.0.0 through 9.4.0.13 | Download and install the latest RUP >= 9.4.0.14 | |
| 9.5.0.0 through 9.5.0.3 | Upgrade your version of PowerScale OneFS to >=9.5.0.5 | |||
| Any other version | Upgrade your version of PowerScale OneFS in 9.4 series to >= 9.4.0.14 | |||
| CVE-2022-43680 |
PowerScale OneFS |
9.4.0.0 through 9.4.0.13 | Download and install the latest RUP >= 9.4.0.14 | |
| 9.5.0.0 through 9.5.0.3 | Upgrade your version of PowerScale OneFS to >=9.5.0.5 | |||
| Any other version | Upgrade your version of PowerScale OneFS in 9.4 series to >= 9.4.0.14 | |||
| CVE-2022-37436 CVE-2006-20001 CVE-2022-36760 |
PowerScale OneFS |
9.2.1.0 through 9.2.1.22 | Download and install the latest RUP >= 9.2.1.23 | |
| 9.4.0.0 through 9.4.0.13 | Download and install the latest RUP >= 9.4.0.14 | |||
| Any other version | Upgrade your version of PowerScale OneFS in 9.4 series to >= 9.4.0.14 |
Soluciones alternativas y mitigaciones
| CVE | Workarounds |
|---|---|
| CVE-2021-3618 | Please use following command to disable the vsftpd service on cluster to mitigate the issue: isi ftp settings modify --service=no |
Historial de revisiones
| Revision | Date | Description |
| 1.0 | 2023-06-01 | Initial Release |
| 2.0 | 2023-08-14 | Updated the DSA as 9.5.0.5 is released and added CVE-2021-3618 which is fixed. |
Información relacionada
Aviso legal
Propiedades del artículo
Número de artículo: 000214232
Tipo de artículo: Dell Security Advisory
Última modificación: 19 sept 2025
Encuentra las respuestas que necesitas con la ayuda de otros usuarios de Dell
Servicios de asistencia
Comprueba si tu dispositivo está cubierto por los servicios de asistencia.