DSA-2021-293: Dell PowerFlex Appliance Security Update for Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105)
概要: Dell PowerFlex Appliance remediation is available for the Apache Log4j Remote Code Execution Vulnerability that may be exploited by malicious users to compromise the affected system. Dell recommends implementing this remediation as soon as possible in light of the critical severity of the vulnerability. ...
この記事は次に適用されます:
この記事は次には適用されません:
この記事は、特定の製品に関連付けられていません。
すべての製品パージョンがこの記事に記載されているわけではありません。
影響
Critical
詳細
| Third-party Component | CVEs | More information |
| Apache Log4j |
CVE-2021-44228 CVE-2021-45046 CVE-2021-45105 |
Apache Log4j Remote Code Execution |
| Third-party Component | CVEs | More information |
| Apache Log4j |
CVE-2021-44228 CVE-2021-45046 CVE-2021-45105 |
Apache Log4j Remote Code Execution |
影響を受ける製品と修復
Affected Products and Remediation
Affected Components in the Product
| CVEs | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2021-4228 CVE-2021-45046 CVE-2021-45105 |
PowerFlex Appliance |
Versions before Intelligent Catalog 38_356_00_r10 |
Intelligent_Catalog_38_356_01_r1 | For IC downloads: https://www.dell.com/support/home/product-support/product/vxflex-appliance-sw/drivers |
| Versions before Intelligent Catalog 38_362_00_r7 | Intelligent_Catalog_38_362_01_r1 |
Affected Components in the Product
| Component | Affected Versions | Updated Versions | Link to update |
| Dell PowerFlex Presentation Server | 3.5, 3.5.1, 3.5.1.1, 3.5.1.2, 3.5.1.3, 3.5.1.4 3.6, 3.6.0.1, and 3.6.0.2 | Versions 3.6.0.3 and 3.5.1.5 | PowerFlex 3.6.0.3 build 107 Complete Software PowerFlex 3.5.1.5 Build 105 Complete Software Download DSA-2021-272 |
| Dell PowerFlex Manager | 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, 3.6.1, 3.7.0, 3.7.1, 3.7.2, and 3.8.0 | Version 3.8.0 (Build Number 3.8.0-8187) | For IC downloads: https://www.dell.com/support/home/product-support/product/vxflex-appliance-sw/drivers |
| VMware vCenter Server Appliance | 6.5, 6.7, and 7.0 | VMware-VCSA-all-6.5.0-19261680 (6.5 U3s) VMware-VCSA-all-6.7 Update 3q (6.7.0 Build19300125 VMware-VCSA-all-7.0 Update 3c Build 19234570 |
For IC downloads: https://www.dell.com/support/home/product-support/product/vxflex-appliance-sw/drivers |
Affected Products and Remediation
Affected Components in the Product
| CVEs | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2021-4228 CVE-2021-45046 CVE-2021-45105 |
PowerFlex Appliance |
Versions before Intelligent Catalog 38_356_00_r10 |
Intelligent_Catalog_38_356_01_r1 | For IC downloads: https://www.dell.com/support/home/product-support/product/vxflex-appliance-sw/drivers |
| Versions before Intelligent Catalog 38_362_00_r7 | Intelligent_Catalog_38_362_01_r1 |
Affected Components in the Product
| Component | Affected Versions | Updated Versions | Link to update |
| Dell PowerFlex Presentation Server | 3.5, 3.5.1, 3.5.1.1, 3.5.1.2, 3.5.1.3, 3.5.1.4 3.6, 3.6.0.1, and 3.6.0.2 | Versions 3.6.0.3 and 3.5.1.5 | PowerFlex 3.6.0.3 build 107 Complete Software PowerFlex 3.5.1.5 Build 105 Complete Software Download DSA-2021-272 |
| Dell PowerFlex Manager | 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, 3.6.1, 3.7.0, 3.7.1, 3.7.2, and 3.8.0 | Version 3.8.0 (Build Number 3.8.0-8187) | For IC downloads: https://www.dell.com/support/home/product-support/product/vxflex-appliance-sw/drivers |
| VMware vCenter Server Appliance | 6.5, 6.7, and 7.0 | VMware-VCSA-all-6.5.0-19261680 (6.5 U3s) VMware-VCSA-all-6.7 Update 3q (6.7.0 Build19300125 VMware-VCSA-all-7.0 Update 3c Build 19234570 |
For IC downloads: https://www.dell.com/support/home/product-support/product/vxflex-appliance-sw/drivers |
変更履歴
| Revision | Date | Description |
| 1.0 | 2021-12-16 | Initial Release |
| 1.1 | 2021-12-17 | Added VMware vCenter Server Appliance workaround KB article link. |
| 1.2 | 2021-12-22 | Added CVE-2021-45105 and remediation guidance |
| 1.3 | 2022-01-10 | Added new ZIP with Log4j 2.17.1 remediation |
| 2.0 | 2022-02-09 | Minor update - Workarounds and Mitigations - PowerFlex Manager section |
| 3.0 | 2022-02-25 | Updated Affected Products and Remediation section, added links to update |
| 4.0 | 2022-06-01 | updated VMware vCenter remediation |
関連情報
法的免責事項
対象製品
PowerFlex Appliance, PowerFlex appliance R650, PowerFlex appliance R6525, Powerflex appliance R750, Product Security Information, PowerFlex Software, PowerFlex appliance R640, PowerFlex appliance R740XD, PowerFlex appliance R840文書のプロパティ
文書番号: 000194579
文書の種類: Dell Security Advisory
最終更新: 01 6月 2022
質問に対する他のDellユーザーからの回答を見つける
サポート サービス
お使いのデバイスがサポート サービスの対象かどうかを確認してください。