DSA-2021-292: Dell PowerFlex Rack Security Update for Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105)
Resumen: Dell PowerFlex Rack remediation is available for the Apache Log4j Remote Code Execution Vulnerability that may be exploited by malicious users to compromise the affected system. Dell recommends implementing this remediation as soon as possible in light of the critical severity of the vulnerability. ...
Este artículo se aplica a
Este artículo no se aplica a
Este artículo no está vinculado a ningún producto específico.
No se identifican todas las versiones del producto en este artículo.
Impacto
Critical
Detalles
| Third-party Component | CVEs | More information |
| Apache Log4j |
CVE-2021-44228 | Apache Log4j Remote Code Execution |
| CVE-2021-45046 | ||
| CVE-2021-45105 |
| Third-party Component | CVEs | More information |
| Apache Log4j |
CVE-2021-44228 | Apache Log4j Remote Code Execution |
| CVE-2021-45046 | ||
| CVE-2021-45105 |
Corrección y productos afectados
Affected Products and Remediation:
Affected Components in the Product:
| CVEs | Product | Affected Versions | Updated Versions | Link to update |
| CVE-2021-44228 CVE-2021-45046 CVE-2021-45105 |
PowerFlex Rack |
RCM 3.5 train: Versions before 3.5.6.0 RCM 3.6 train: Versions before 3.6.2.0 |
RCM 3.5 train: Version 3.5.6.1 RCM 3.6 train: Versions 3.6.2.1 |
For RCM release information: https://cicodeportal.dell.com/#/home For RCM download: https://vce.flexnetoperations.com/control/vcec/product?plneID=740417 |
| RCM 3.3 train: Versions before 3.3.11.0 RCM 3.4 train: Versions before 3.4.6.0 |
RCM 3.3 train: Versions 3.3.11.3 RCM 3.4 train: Versions 3.4.6.3 |
| Component | Affected Versions | Updated Versions | Link to update |
| Dell PowerFlex Presentation Server | 3.5, 3.5.1, 3.5.1.1, 3.5.1.2, 3.5.1.3, 3.5.1.4 3.6, 3.6.0.1, and 3.6.0.2 | Versions 3.6.0.3 and 3.5.1.5 | PowerFlex 3.6.0.3 build 107 Complete Software PowerFlex 3.5.1.5 Build 105 Complete Software Download DSA-2021-272 |
| Dell PowerFlex Manager | 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, 3.6.1, 3.7.0, 3.7.1, 3.7.2, and 3.8.0 | Version 3.8.0 (Build Number 3.8.0-8187) | For RCM release information: https://cicodeportal.dell.com/#/home For RCM download: https://vce.flexnetoperations.com/control/vcec/product?plneID=740417 |
| VMware vCenter Server Appliance | 6.5, 6.7, and 7.0 | VMware-VCSA-all-6.5.0-19261680 (6.5 U3s) VMware-VCSA-all-6.7 Update 3q (6.7.0 Build19300125 VMware-VCSA-all-7.0 Update 3c Build 19234570 |
For RCM release information: https://cicodeportal.dell.com/#/home For RCM download: https://vce.flexnetoperations.com/control/vcec/product?plneID=740417 |
Affected Products and Remediation:
Affected Components in the Product:
| CVEs | Product | Affected Versions | Updated Versions | Link to update |
| CVE-2021-44228 CVE-2021-45046 CVE-2021-45105 |
PowerFlex Rack |
RCM 3.5 train: Versions before 3.5.6.0 RCM 3.6 train: Versions before 3.6.2.0 |
RCM 3.5 train: Version 3.5.6.1 RCM 3.6 train: Versions 3.6.2.1 |
For RCM release information: https://cicodeportal.dell.com/#/home For RCM download: https://vce.flexnetoperations.com/control/vcec/product?plneID=740417 |
| RCM 3.3 train: Versions before 3.3.11.0 RCM 3.4 train: Versions before 3.4.6.0 |
RCM 3.3 train: Versions 3.3.11.3 RCM 3.4 train: Versions 3.4.6.3 |
| Component | Affected Versions | Updated Versions | Link to update |
| Dell PowerFlex Presentation Server | 3.5, 3.5.1, 3.5.1.1, 3.5.1.2, 3.5.1.3, 3.5.1.4 3.6, 3.6.0.1, and 3.6.0.2 | Versions 3.6.0.3 and 3.5.1.5 | PowerFlex 3.6.0.3 build 107 Complete Software PowerFlex 3.5.1.5 Build 105 Complete Software Download DSA-2021-272 |
| Dell PowerFlex Manager | 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, 3.6.1, 3.7.0, 3.7.1, 3.7.2, and 3.8.0 | Version 3.8.0 (Build Number 3.8.0-8187) | For RCM release information: https://cicodeportal.dell.com/#/home For RCM download: https://vce.flexnetoperations.com/control/vcec/product?plneID=740417 |
| VMware vCenter Server Appliance | 6.5, 6.7, and 7.0 | VMware-VCSA-all-6.5.0-19261680 (6.5 U3s) VMware-VCSA-all-6.7 Update 3q (6.7.0 Build19300125 VMware-VCSA-all-7.0 Update 3c Build 19234570 |
For RCM release information: https://cicodeportal.dell.com/#/home For RCM download: https://vce.flexnetoperations.com/control/vcec/product?plneID=740417 |
Historial de revisiones
| Revision | Date | Description |
| 1.0 | 2021-12-14 | Initial Release |
| 1.1 | 2021-12-17 | Added VMware vCenter Server Appliance workaround KB article link. |
| 1.2 | 2021-12-22 | Added CVE-2021-45105 and remediation guidance |
| 1.3 | 2022-01-06 | Added new ZIP with Log4j 2.17.1 remediation |
| 2.0 | 2022-02-09 | Minor update - Workarounds and Mitigations - PowerFlex Manager section |
| 3.0 | 2022-02-25 | Updated Affected Products and Remediation section, added links to update |
| 4.0 | 2022-06-01 | Update the VMware vCenter Server Appliance links to update |
Información relacionada
Descargo de responsabilidad
Productos afectados
PowerFlex rackProductos
Product Security Information, VMware vCenter ServerPropiedades del artículo
Número del artículo: 000194578
Tipo de artículo: Dell Security Advisory
Última modificación: 01 jun 2022
Encuentre respuestas a sus preguntas de otros usuarios de Dell
Servicios de soporte
Compruebe si el dispositivo está cubierto por los servicios de soporte.