メイン コンテンツに進む
  • すばやく簡単に注文します
  • 注文を表示して配送状況を追跡します
  • 製品リストの作成とアクセス
  • 「Company Administration(会社情報の管理)」では、お使いのDell EMCのサイトや製品、製品レベルでのコンタクト先に関する情報を管理できます。

文書番号: 000186417


DSA-2021-090: Dell VxRail Appliance Security Update for Multiple Vulnerabilities

概要: Dell VxRail Appliance remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

文書の内容


影響

Critical

詳細
Proprietary Code CVE Description CVSS Base Score CVSS Vector String
CVE-2021-21508 Dell VxRail, versions prior to 4.7.530 contain a Plain-text Password Storage Vulnerability. A sys-admin user may exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Third-Party Component CVEs More information
VMware ESXi CVE-2021-21994 VMSA-2021-0014
CVE-2021-21995

VxRail Manager: SUSE Grub2 and others

CVE-2020-14372 SUSE grub2 UEFI secure boot bypass issues

SUSE updates


 
CVE-2020-25632
CVE-2020-25647
CVE-2020-27749
CVE-2020-27779
CVE-2021-20225
CVE-2021-20233
CVE-2019-18348
CVE-2021-23336
CVE-2019-20916
CVE-2021-3177
CVE-2021-27219
CVE-2021-27218
CVE-2021-3348
CVE-2020-25211
CVE-2020-25639
CVE-2020-27835
CVE-2020-29568
CVE-2020-29569
CVE-2021-0342
CVE-2021-20177
CVE-2021-3347
CVE-2020-36221
CVE-2020-36222
CVE-2020-36223
CVE-2020-36224
CVE-2020-36225
CVE-2020-36226
CVE-2020-36227
CVE-2020-36228
CVE-2020-36229
CVE-2020-36230
CVE-2021-27212
CVE-2021-20193
CVE-2021-23840
CVE-2021-23841
CVE-2020-8625
CVE-2021-20229
CVE-2021-3393
CVE-2019-25013
CVE-2021-3326
CVE-2020-14803
CVE-2020-14792
CVE-2020-14781
CVE-2020-14782
CVE-2020-14797
CVE-2020-14779
CVE-2020-14796
CVE-2020-14798

VxRail Manager: OpenSSL

CVE-2020-1971 OpenSSL
VxRail Node:  Dell iDRAC8 Updates 
  • VxRail E460
  • VxRail E460F
  • VxRail P470
  • VxRail P470F
  • VxRail V470
  • VxRail V470F
  • VxRail S470
CVE-2021-21510 DSA-2021-041: Dell iDRAC 8 Security Update for a host header injection
VxRail Node: Dell iDRAC9 Updates
  • VxRail E560
  • VxRail E560F
  • VxRail E560N
  • VxRail P570
  • VxRail P570F
  • VxRail V570
  • VxRail V570F
  • VxRail G560
  • VxRail G560/F
  • VxRail S570
  • VxRail P580N
  • VxRail D560
  • VxRail D560F
CVE-2021-21539 DSA-2021-073: Dell iDRAC 9 Security Update for Multiple Vulnerabilities
CVE-2021-21540
CVE-2021-21541
CVE-2021-21542
CVE-2021-21543
CVE-2021-21544
VxRail Node:  Dell iDRAC9 Updates 
  • VxRail E560
  • VxRail E560F
  • VxRail E560N
  • VxRail P570
  • VxRail P570F
  • VxRail V570
  • VxRail V570F
  • VxRail G560
  • VxRail G560/F
  • VxRail S570
  • VxRail P580N
  • VxRail D560
  • VxRail D560F
CVE-2020-26198

DSA-2020-268: Dell EMC iDRAC9 Reflected XSS Vulnerability

VxRail Node: Dell iDRAC9 Updates 
  • VxRail E560
  • VxRail E560F
  • VxRail E560N
  • VxRail P570
  • VxRail P570F
  • VxRail V570
  • VxRail V570F
  • VxRail G560
  • VxRail G560/F
  • VxRail S570
  • VxRail P580N
  • VxRail D560
  • VxRail D560F
CVE-2021-21538 DSA-2021-082: Dell iDRAC 9 Security Update for Improper Authentication Vulnerability

 


Proprietary Code CVE Description CVSS Base Score CVSS Vector String
CVE-2021-21508 Dell VxRail, versions prior to 4.7.530 contain a Plain-text Password Storage Vulnerability. A sys-admin user may exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Third-Party Component CVEs More information
VMware ESXi CVE-2021-21994 VMSA-2021-0014
CVE-2021-21995

VxRail Manager: SUSE Grub2 and others

CVE-2020-14372 SUSE grub2 UEFI secure boot bypass issues

SUSE updates


 
CVE-2020-25632
CVE-2020-25647
CVE-2020-27749
CVE-2020-27779
CVE-2021-20225
CVE-2021-20233
CVE-2019-18348
CVE-2021-23336
CVE-2019-20916
CVE-2021-3177
CVE-2021-27219
CVE-2021-27218
CVE-2021-3348
CVE-2020-25211
CVE-2020-25639
CVE-2020-27835
CVE-2020-29568
CVE-2020-29569
CVE-2021-0342
CVE-2021-20177
CVE-2021-3347
CVE-2020-36221
CVE-2020-36222
CVE-2020-36223
CVE-2020-36224
CVE-2020-36225
CVE-2020-36226
CVE-2020-36227
CVE-2020-36228
CVE-2020-36229
CVE-2020-36230
CVE-2021-27212
CVE-2021-20193
CVE-2021-23840
CVE-2021-23841
CVE-2020-8625
CVE-2021-20229
CVE-2021-3393
CVE-2019-25013
CVE-2021-3326
CVE-2020-14803
CVE-2020-14792
CVE-2020-14781
CVE-2020-14782
CVE-2020-14797
CVE-2020-14779
CVE-2020-14796
CVE-2020-14798

VxRail Manager: OpenSSL

CVE-2020-1971 OpenSSL
VxRail Node:  Dell iDRAC8 Updates 
  • VxRail E460
  • VxRail E460F
  • VxRail P470
  • VxRail P470F
  • VxRail V470
  • VxRail V470F
  • VxRail S470
CVE-2021-21510 DSA-2021-041: Dell iDRAC 8 Security Update for a host header injection
VxRail Node: Dell iDRAC9 Updates
  • VxRail E560
  • VxRail E560F
  • VxRail E560N
  • VxRail P570
  • VxRail P570F
  • VxRail V570
  • VxRail V570F
  • VxRail G560
  • VxRail G560/F
  • VxRail S570
  • VxRail P580N
  • VxRail D560
  • VxRail D560F
CVE-2021-21539 DSA-2021-073: Dell iDRAC 9 Security Update for Multiple Vulnerabilities
CVE-2021-21540
CVE-2021-21541
CVE-2021-21542
CVE-2021-21543
CVE-2021-21544
VxRail Node:  Dell iDRAC9 Updates 
  • VxRail E560
  • VxRail E560F
  • VxRail E560N
  • VxRail P570
  • VxRail P570F
  • VxRail V570
  • VxRail V570F
  • VxRail G560
  • VxRail G560/F
  • VxRail S570
  • VxRail P580N
  • VxRail D560
  • VxRail D560F
CVE-2020-26198

DSA-2020-268: Dell EMC iDRAC9 Reflected XSS Vulnerability

VxRail Node: Dell iDRAC9 Updates 
  • VxRail E560
  • VxRail E560F
  • VxRail E560N
  • VxRail P570
  • VxRail P570F
  • VxRail V570
  • VxRail V570F
  • VxRail G560
  • VxRail G560/F
  • VxRail S570
  • VxRail P580N
  • VxRail D560
  • VxRail D560F
CVE-2021-21538 DSA-2021-082: Dell iDRAC 9 Security Update for Improper Authentication Vulnerability

 


デル・テクノロジーズでは、すべてのお客様に対して、CVSSベース スコアに加えて、特定のセキュリティの脆弱性に付随する潜在的な重要度に影響する可能性のある現状スコアや環境スコアも考慮することをお勧めしています。
影響を受ける製品と修復
CVEs Addressed Product Affected Versions Updated Version
 See table above  Dell VxRail Appliance  4.7.x versions before 4.7.530  4.7.530
CVEs Addressed Product Affected Versions Updated Version
 See table above  Dell VxRail Appliance  4.7.x versions before 4.7.530  4.7.530
変更履歴

1.02021-05-05Initial Release
1.12021-05-11Updated with DSA-2021-082 after embargo date.
1.22021-06-04Added CVE updates for SUSE packages.
1.32021-08-03Updated with VMSA-2021-0014 after embargo date

関連情報

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide


文書のプロパティ


影響を受ける製品

VxRail, Product Security Information

最後に公開された日付

04 8 2021

バージョン

6

文書の種類

Dell Security Advisory