DSA-2021-292: Dell PowerFlex Rack Security Update for Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105)

Tartalomjegyzék

Részletes cikk

Impact

Details

Érintett termékek és helyreállítás

Revision History

Kapcsolódó tudnivalók

Jogi nyilatkozat

Érintett termékek

Visszajelzés

Summary: Dell PowerFlex Rack remediation is available for the Apache Log4j Remote Code Execution Vulnerability that may be exploited by malicious users to compromise the affected system. Dell recommends implementing this remediation as soon as possible in light of the critical severity of the vulnerability. ...

Ez a cikk a következő(k)re vonatkozik: Ez a cikk nem vonatkozik a következő(k)re: Ez a cikk nem kapcsolódik egyetlen konkrét termékhez sem. Ez a cikk nem azonosítja az összes termékverziót.

További források megtekintése

Impact

Critical

Details

Third-party Component	CVEs	More information
Apache Log4j	CVE-2021-44228	Apache Log4j Remote Code Execution
	CVE-2021-45046
	CVE-2021-45105

Third-party Component	CVEs	More information
Apache Log4j	CVE-2021-44228	Apache Log4j Remote Code Execution
	CVE-2021-45046
	CVE-2021-45105

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Érintett termékek és helyreállítás

Affected Products and Remediation:

CVEs	Product	Affected Versions	Updated Versions	Link to update
CVE-2021-44228 CVE-2021-45046 CVE-2021-45105	PowerFlex Rack	RCM 3.5 train: Versions before 3.5.6.0 RCM 3.6 train: Versions before 3.6.2.0	RCM 3.5 train: Version 3.5.6.1 RCM 3.6 train: Versions 3.6.2.1	For RCM release information: https://cicodeportal.dell.com/#/home For RCM download: https://vce.flexnetoperations.com/control/vcec/product?plneID=740417
CVE-2021-44228 CVE-2021-45046 CVE-2021-45105	PowerFlex Rack	RCM 3.3 train: Versions before 3.3.11.0 RCM 3.4 train: Versions before 3.4.6.0	RCM 3.3 train: Versions 3.3.11.3 RCM 3.4 train: Versions 3.4.6.3

Affected Components in the Product:

Component	Affected Versions	Updated Versions	Link to update
Dell PowerFlex Presentation Server	3.5, 3.5.1, 3.5.1.1, 3.5.1.2, 3.5.1.3, 3.5.1.4 3.6, 3.6.0.1, and 3.6.0.2	Versions 3.6.0.3 and 3.5.1.5	PowerFlex 3.6.0.3 build 107 Complete Software PowerFlex 3.5.1.5 Build 105 Complete Software Download DSA-2021-272
Dell PowerFlex Manager	3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, 3.6.1, 3.7.0, 3.7.1, 3.7.2, and 3.8.0	Version 3.8.0 (Build Number 3.8.0-8187)	For RCM release information: https://cicodeportal.dell.com/#/home For RCM download: https://vce.flexnetoperations.com/control/vcec/product?plneID=740417
VMware vCenter Server Appliance	6.5, 6.7, and 7.0	VMware-VCSA-all-6.5.0-19261680 (6.5 U3s) VMware-VCSA-all-6.7 Update 3q (6.7.0 Build19300125 VMware-VCSA-all-7.0 Update 3c Build 19234570	For RCM release information: https://cicodeportal.dell.com/#/home For RCM download: https://vce.flexnetoperations.com/control/vcec/product?plneID=740417

Affected Products and Remediation:

CVEs	Product	Affected Versions	Updated Versions	Link to update
CVE-2021-44228 CVE-2021-45046 CVE-2021-45105	PowerFlex Rack	RCM 3.5 train: Versions before 3.5.6.0 RCM 3.6 train: Versions before 3.6.2.0	RCM 3.5 train: Version 3.5.6.1 RCM 3.6 train: Versions 3.6.2.1	For RCM release information: https://cicodeportal.dell.com/#/home For RCM download: https://vce.flexnetoperations.com/control/vcec/product?plneID=740417
CVE-2021-44228 CVE-2021-45046 CVE-2021-45105	PowerFlex Rack	RCM 3.3 train: Versions before 3.3.11.0 RCM 3.4 train: Versions before 3.4.6.0	RCM 3.3 train: Versions 3.3.11.3 RCM 3.4 train: Versions 3.4.6.3

Affected Components in the Product:

Component	Affected Versions	Updated Versions	Link to update
Dell PowerFlex Presentation Server	3.5, 3.5.1, 3.5.1.1, 3.5.1.2, 3.5.1.3, 3.5.1.4 3.6, 3.6.0.1, and 3.6.0.2	Versions 3.6.0.3 and 3.5.1.5	PowerFlex 3.6.0.3 build 107 Complete Software PowerFlex 3.5.1.5 Build 105 Complete Software Download DSA-2021-272
Dell PowerFlex Manager	3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, 3.6.1, 3.7.0, 3.7.1, 3.7.2, and 3.8.0	Version 3.8.0 (Build Number 3.8.0-8187)	For RCM release information: https://cicodeportal.dell.com/#/home For RCM download: https://vce.flexnetoperations.com/control/vcec/product?plneID=740417
VMware vCenter Server Appliance	6.5, 6.7, and 7.0	VMware-VCSA-all-6.5.0-19261680 (6.5 U3s) VMware-VCSA-all-6.7 Update 3q (6.7.0 Build19300125 VMware-VCSA-all-7.0 Update 3c Build 19234570	For RCM release information: https://cicodeportal.dell.com/#/home For RCM download: https://vce.flexnetoperations.com/control/vcec/product?plneID=740417

Revision History

Revision	Date	Description
1.0	2021-12-14	Initial Release
1.1	2021-12-17	Added VMware vCenter Server Appliance workaround KB article link.
1.2	2021-12-22	Added CVE-2021-45105 and remediation guidance
1.3	2022-01-06	Added new ZIP with Log4j 2.17.1 remediation
2.0	2022-02-09	Minor update - Workarounds and Mitigations - PowerFlex Manager section
3.0	2022-02-25	Updated Affected Products and Remediation section, added links to update
4.0	2022-06-01	Update the VMware vCenter Server Appliance links to update

Related Information

Jogi nyilatkozat

Érintett termékek

PowerFlex rack

Termékek

Product Security Information, VMware vCenter Server

Article Number: 000194578

Article Type: Dell Security Advisory

Utoljára módosítva: 01 jún. 2022

Ellenőrizze, hogy a készüléke rendelkezik-e támogatási szolgáltatással.

DSA-2021-292: Dell PowerFlex Rack Security Update for Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105)

Impact

Details

Érintett termékek és helyreállítás

Revision History

Related Information

Jogi nyilatkozat

Érintett termékek

Termékek

Termék tulajdonságai

Választ kaphat kérdéseire más Dell-felhasználóktól

Támogatási szolgáltatások

Termék tulajdonságai

Választ kaphat kérdéseire más Dell-felhasználóktól

Támogatási szolgáltatások