DSA-2026-091: Security Update for Dell Disk Library for mainframe Vulnerabilities
Riepilogo: Dell Disk Library for mainframe remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
Questo articolo si applica a
Questo articolo non si applica a
Questo articolo non è legato a un prodotto specifico.
Non tutte le versioni del prodotto sono identificate in questo articolo.
Impatto
Critical
Dettagli
| Third-party Component | CVEs | More Information |
| PowerEdge Platform BIOS | CVE-2025-24305, CVE-2025-21090, CVE-2025-20109, CVE-2024-36293, CVE-2024-28047, CVE-2025-20068, CVE-2025-20105, CVE-2025-20028, CVE-2025-20027, CVE-2025-20073, CVE-2024-21859, CVE-2024-31155, CVE-2024-38796, CVE-2024-45332, CVE-2025-20054, CVE-2024-39279, CVE-2024-31157, CVE-2025-20064 | DSA-2025-297 , DSA-2025-156 , DSA-2025-041 , DSA-2025-297 , DSA-2025-042 , DSA-2025-038 , DSA-2025-156 |
| SUSE Linux Enterprise Server 15 SP4 | CVE-2025-69420, CVE-2025-69421, CVE-2026-22795, CVE-2026-22796 | https://suse.com  |
| Angular | CVE-2021-4231 | https://nvd.nist.gov/vuln/search |
| Babel | CVE-2023-45133 | https://nvd.nist.gov/vuln/search |
| Moment.js | CVE-2022-24785, CVE-2022-31129 | https://nvd.nist.gov/vuln/search |
| ansi-html | CVE-2021-23424 | https://nvd.nist.gov/vuln/search |
| jQuery | CVE-2020-11022, CVE-2020-11023 | https://nvd.nist.gov/vuln/search |
| bn.js | CVE-2026-2739 | https://nvd.nist.gov/vuln/search |
| body-parser | CVE-2024-45590 | https://nvd.nist.gov/vuln/search |
| brace-expansion | CVE-2025-5889 | https://nvd.nist.gov/vuln/search |
| browserify-sign | CVE-2023-46234 | https://nvd.nist.gov/vuln/search |
| chart.js | CVE-2020-7746 | https://nvd.nist.gov/vuln/search |
| cipher-base | CVE-2025-9287 | https://nvd.nist.gov/vuln/search |
| cookie | CVE-2024-47764 | https://nvd.nist.gov/vuln/search |
| cross-spawn | CVE-2024-21538 | https://nvd.nist.gov/vuln/search |
| debug | CVE-2017-16137 | https://nvd.nist.gov/vuln/search |
| decode-uri-component | CVE-2022-38900 | https://nvd.nist.gov/vuln/search |
| Elliptic | CVE-2024-48949, CVE-2024-42461, CVE-2025-14505, CVE-2024-42460, CVE-2024-42459, CVE-2024-48948, CVE-2021-44906 | https://nvd.nist.gov/vuln/search |
| flatted | CVE-2026-32141, CVE-2026-33228 | https://nvd.nist.gov/vuln/search |
| follow-redirects | CVE-2024-28849, CVE-2023-26159 | https://nvd.nist.gov/vuln/search |
| form-data | CVE-2025-7783 | https://nvd.nist.gov/vuln/search |
| http-cache-semantics | CVE-2022-25881 | https://nvd.nist.gov/vuln/search |
| ip | CVE-2023-42282 | https://nvd.nist.gov/vuln/search |
| js-yaml | CVE-2025-64718 | https://nvd.nist.gov/vuln/search |
| JSON5 | CVE-2022-46175 | https://nvd.nist.gov/vuln/search |
| lodash | CVE-2025-13465 | https://nvd.nist.gov/vuln/search |
| Minimist | CVE-2020-7598 | https://nvd.nist.gov/vuln/search |
| node-tar | CVE-2024-28863 | https://nvd.nist.gov/vuln/search |
| nth-check | CVE-2021-3803 | https://nvd.nist.gov/vuln/search |
| on-headers | CVE-2025-7339 | https://nvd.nist.gov/vuln/search |
| parse-uri | CVE-2024-36751 | https://nvd.nist.gov/vuln/search |
| path-to-regexp | CVE-2024-45296, CVE-2024-52798 | https://nvd.nist.gov/vuln/search |
| pbkdf2 | CVE-2025-6547, CVE-2025-6545 | https://nvd.nist.gov/vuln/search |
| postcss | CVE-2021-23382, CVE-2021-23368 | https://nvd.nist.gov/vuln/search |
| rollup | CVE-2026-27606 | https://nvd.nist.gov/vuln/search |
| send | CVE-2024-43799 | https://nvd.nist.gov/vuln/search |
| sha.js | CVE-2025-9288 | https://nvd.nist.gov/vuln/search |
| socket.io-parser | CVE-2026-33151, CVE-2023-32695, CVE-2022-2421, CVE-2020-36049 | https://nvd.nist.gov/vuln/search |
| terser | CVE-2022-25858 | https://nvd.nist.gov/vuln/search |
| tough-cookie | CVE-2023-26136 | https://nvd.nist.gov/vuln/search |
| validator | CVE-2025-56200, CVE-2021-3765, CVE-2025-12758 | https://nvd.nist.gov/vuln/search |
| webpack-subresource-integrity | CVE-2020-15262 | https://nvd.nist.gov/vuln/search |
| ws | CVE-2024-37890 | https://nvd.nist.gov/vuln/search |
| xml2js | CVE-2023-0842 | https://nvd.nist.gov/vuln/search |
| xmlhttprequest | CVE-2020-28502 | https://nvd.nist.gov/vuln/search |
| xmlhttprequest-ssl | CVE-2021-31597 | https://nvd.nist.gov/vuln/search |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2026-23773 | Dell Disk Library for Mainframe, version(s) DLm 8700/2700 contain(s) a Server-Side Request Forgery (SSRF) vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Server-side request forgery. | 4.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2026-23773 | Dell Disk Library for Mainframe, version(s) DLm 8700/2700 contain(s) a Server-Side Request Forgery (SSRF) vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Server-side request forgery. | 4.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Prodotti interessati e correzione
| Product | Affected Versions | Remediated Versions | Link |
| Disk Library for mainframe DLm8700 | Versions prior to 7.0.1.0 | Version 7.0.1.0 or later | https://www.dell.com/support/product-details/product/disk-library-for-mainframe-dlm8700/drivers |
| Disk Library for mainframe DLm2700 | Versions prior to 7.0.1.0 | Version 7.0.1.0 or later | https://www.dell.com/support/product-details/product/disk-library-for-mainframe-dlm2700/drivers |
| Product | Affected Versions | Remediated Versions | Link |
| Disk Library for mainframe DLm8700 | Versions prior to 7.0.1.0 | Version 7.0.1.0 or later | https://www.dell.com/support/product-details/product/disk-library-for-mainframe-dlm8700/drivers |
| Disk Library for mainframe DLm2700 | Versions prior to 7.0.1.0 | Version 7.0.1.0 or later | https://www.dell.com/support/product-details/product/disk-library-for-mainframe-dlm2700/drivers |
Cronologia delle revisioni
| Revision | Date | Description |
| 1.0 | 2026-04-28 | Initial Release |
| 2.0 | 2026-04-28 | Updated CVE description for CVE-2026-23773 |
| 3.0 | 2026-04-29 | Added CVE-2024-39279, CVE-2024-31157, CVE-2025-20064 to the advisory |
Informazioni correlate
Dichiarazione di non responsabilità
Prodotti interessati
Disk Library, Disk Library for mainframe, Disk Library for mainframe DLm2700, Disk Library for mainframe DLm8700Proprietà dell'articolo
Numero articolo: 000458131
Tipo di articolo: Dell Security Advisory
Ultima modifica: 29 apr 2026
Trova risposta alle tue domande dagli altri utenti Dell
Support Services
Verifica che il dispositivo sia coperto dai Servizi di supporto.