DSA-2021-292: Dell PowerFlex Rack Security Update for Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105)
Sommaire: Dell PowerFlex Rack remediation is available for the Apache Log4j Remote Code Execution Vulnerability that may be exploited by malicious users to compromise the affected system. Dell recommends implementing this remediation as soon as possible in light of the critical severity of the vulnerability. ...
Cet article s’applique à
Cet article ne s’applique pas à
Cet article n’est lié à aucun produit spécifique.
Toutes les versions de produits ne sont pas identifiées dans cet article.
Impact
Critical
Détails
| Third-party Component | CVEs | More information |
| Apache Log4j |
CVE-2021-44228 | Apache Log4j Remote Code Execution |
| CVE-2021-45046 | ||
| CVE-2021-45105 |
| Third-party Component | CVEs | More information |
| Apache Log4j |
CVE-2021-44228 | Apache Log4j Remote Code Execution |
| CVE-2021-45046 | ||
| CVE-2021-45105 |
Produits touchés et correction
Affected Products and Remediation:
Affected Components in the Product:
| CVEs | Product | Affected Versions | Updated Versions | Link to update |
| CVE-2021-44228 CVE-2021-45046 CVE-2021-45105 |
PowerFlex Rack |
RCM 3.5 train: Versions before 3.5.6.0 RCM 3.6 train: Versions before 3.6.2.0 |
RCM 3.5 train: Version 3.5.6.1 RCM 3.6 train: Versions 3.6.2.1 |
For RCM release information: https://cicodeportal.dell.com/#/home For RCM download: https://vce.flexnetoperations.com/control/vcec/product?plneID=740417 |
| RCM 3.3 train: Versions before 3.3.11.0 RCM 3.4 train: Versions before 3.4.6.0 |
RCM 3.3 train: Versions 3.3.11.3 RCM 3.4 train: Versions 3.4.6.3 |
| Component | Affected Versions | Updated Versions | Link to update |
| Dell PowerFlex Presentation Server | 3.5, 3.5.1, 3.5.1.1, 3.5.1.2, 3.5.1.3, 3.5.1.4 3.6, 3.6.0.1, and 3.6.0.2 | Versions 3.6.0.3 and 3.5.1.5 | PowerFlex 3.6.0.3 build 107 Complete Software PowerFlex 3.5.1.5 Build 105 Complete Software Download DSA-2021-272 |
| Dell PowerFlex Manager | 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, 3.6.1, 3.7.0, 3.7.1, 3.7.2, and 3.8.0 | Version 3.8.0 (Build Number 3.8.0-8187) | For RCM release information: https://cicodeportal.dell.com/#/home For RCM download: https://vce.flexnetoperations.com/control/vcec/product?plneID=740417 |
| VMware vCenter Server Appliance | 6.5, 6.7, and 7.0 | VMware-VCSA-all-6.5.0-19261680 (6.5 U3s) VMware-VCSA-all-6.7 Update 3q (6.7.0 Build19300125 VMware-VCSA-all-7.0 Update 3c Build 19234570 |
For RCM release information: https://cicodeportal.dell.com/#/home For RCM download: https://vce.flexnetoperations.com/control/vcec/product?plneID=740417 |
Affected Products and Remediation:
Affected Components in the Product:
| CVEs | Product | Affected Versions | Updated Versions | Link to update |
| CVE-2021-44228 CVE-2021-45046 CVE-2021-45105 |
PowerFlex Rack |
RCM 3.5 train: Versions before 3.5.6.0 RCM 3.6 train: Versions before 3.6.2.0 |
RCM 3.5 train: Version 3.5.6.1 RCM 3.6 train: Versions 3.6.2.1 |
For RCM release information: https://cicodeportal.dell.com/#/home For RCM download: https://vce.flexnetoperations.com/control/vcec/product?plneID=740417 |
| RCM 3.3 train: Versions before 3.3.11.0 RCM 3.4 train: Versions before 3.4.6.0 |
RCM 3.3 train: Versions 3.3.11.3 RCM 3.4 train: Versions 3.4.6.3 |
| Component | Affected Versions | Updated Versions | Link to update |
| Dell PowerFlex Presentation Server | 3.5, 3.5.1, 3.5.1.1, 3.5.1.2, 3.5.1.3, 3.5.1.4 3.6, 3.6.0.1, and 3.6.0.2 | Versions 3.6.0.3 and 3.5.1.5 | PowerFlex 3.6.0.3 build 107 Complete Software PowerFlex 3.5.1.5 Build 105 Complete Software Download DSA-2021-272 |
| Dell PowerFlex Manager | 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, 3.6.1, 3.7.0, 3.7.1, 3.7.2, and 3.8.0 | Version 3.8.0 (Build Number 3.8.0-8187) | For RCM release information: https://cicodeportal.dell.com/#/home For RCM download: https://vce.flexnetoperations.com/control/vcec/product?plneID=740417 |
| VMware vCenter Server Appliance | 6.5, 6.7, and 7.0 | VMware-VCSA-all-6.5.0-19261680 (6.5 U3s) VMware-VCSA-all-6.7 Update 3q (6.7.0 Build19300125 VMware-VCSA-all-7.0 Update 3c Build 19234570 |
For RCM release information: https://cicodeportal.dell.com/#/home For RCM download: https://vce.flexnetoperations.com/control/vcec/product?plneID=740417 |
Historique de révision
| Revision | Date | Description |
| 1.0 | 2021-12-14 | Initial Release |
| 1.1 | 2021-12-17 | Added VMware vCenter Server Appliance workaround KB article link. |
| 1.2 | 2021-12-22 | Added CVE-2021-45105 and remediation guidance |
| 1.3 | 2022-01-06 | Added new ZIP with Log4j 2.17.1 remediation |
| 2.0 | 2022-02-09 | Minor update - Workarounds and Mitigations - PowerFlex Manager section |
| 3.0 | 2022-02-25 | Updated Affected Products and Remediation section, added links to update |
| 4.0 | 2022-06-01 | Update the VMware vCenter Server Appliance links to update |
Renseignements connexes
Avis de non-responsabilité
Produits touchés
PowerFlex rackProduits
Product Security Information, VMware vCenter ServerPropriétés de l’article
Numéro d’article: 000194578
Type d’article: Dell Security Advisory
Dernière modification: 01 juin 2022
Obtenez des réponses à vos questions auprès d’autre utilisateurs de Dell
Services de soutien
Vérifiez si votre appareil est couvert par les services de soutien.