DSA-2021-300: vRealize Orchestrator (vRO) Plug-ins for Dell EMC Storage  Security Updates for Apache Log4j Remote Code Execution Vulnerability

概要: vRealize Orchestrator (vRO) Plug-ins for Dell EMC Storage is available for the Apache Log4j Remote Code Execution Vulnerability that may be exploited by malicious users to compromise the affected system. Dell recommends implementing this remediation as soon as possible in light of the critical severity of the vulnerability. ...

この記事は次に適用されます: この記事は次には適用されません: この記事は、特定の製品に関連付けられていません。 すべての製品パージョンがこの記事に記載されているわけではありません。
他のリソースを確認する

影響

Critical

詳細

Third-party Component 

CVE 

More information 

Apache Log4j 

CVE-2021-44228, CVE-2021-45046 

Apache Log4j Remote Code Execution This hyperlink is taking you to a website outside of Dell Technologies.

Third-party Component 

CVE 

More information 

Apache Log4j 

CVE-2021-44228, CVE-2021-45046 

Apache Log4j Remote Code Execution This hyperlink is taking you to a website outside of Dell Technologies.
デル・テクノロジーズでは、すべてのお客様に対して、CVSSベース スコアに加えて、特定のセキュリティの脆弱性に付随する潜在的な重要度に影響する可能性のある現状スコアや環境スコアも考慮することをお勧めしています。

影響を受ける製品と修復

Product Affected Versions Updated Versions Link to Update
vRO Plugin for Dell EMC PowerMax Version 1.2.3 or earlier  1.2.4 Support for vRealize Orchestrator (vRO) Platforms | Drivers & Downloads | Dell US
vRO Plugin for Dell EMC PowerScale Version 1.1.0 or earlier  1.1.1 Support for vRealize Orchestrator (vRO) Platforms | Drivers & Downloads | Dell US
vRO Plugin for Dell EMC PowerScale Version 1.0.3, 1.0.2, 1.0.1, and 1.0.0  1.0.4 Support for vRealize Orchestrator (vRO) Platforms | Drivers & Downloads | Dell US

Note:
Customers using vRO Plugin for Dell EMC PowerStore 1.1.4 (or earlier), Unity 1.0.7 (or earlier  and XtremIO 4.1.2 (or earlier) only need to apply the vRO mitigation, detailed in the Workaround and Mitigation section.
Product Affected Versions Updated Versions Link to Update
vRO Plugin for Dell EMC PowerMax Version 1.2.3 or earlier  1.2.4 Support for vRealize Orchestrator (vRO) Platforms | Drivers & Downloads | Dell US
vRO Plugin for Dell EMC PowerScale Version 1.1.0 or earlier  1.1.1 Support for vRealize Orchestrator (vRO) Platforms | Drivers & Downloads | Dell US
vRO Plugin for Dell EMC PowerScale Version 1.0.3, 1.0.2, 1.0.1, and 1.0.0  1.0.4 Support for vRealize Orchestrator (vRO) Platforms | Drivers & Downloads | Dell US

Note:
Customers using vRO Plugin for Dell EMC PowerStore 1.1.4 (or earlier), Unity 1.0.7 (or earlier  and XtremIO 4.1.2 (or earlier) only need to apply the vRO mitigation, detailed in the Workaround and Mitigation section.

回避策と緩和策

Mitigation applicable to vRO Plugin for Dell EMC PowerMax, vRO Plugin for Dell EMC PowerScale, vRO Plugin for Dell EMC PowerStore, vRO Plugin for Dell EMC Unity, and vRO Plugin for Dell EMC XtremIO:

VMware has announced two KB articles to mitigate this vulnerability for VMware vRealize Orchestrator (vRO):

The corresponding patch information is found in:

変更履歴

RevisionDateDescription
1.02021-12-17Initial Release
1.12022-01-04Provide more exact instructions for vRO Plugins for Dell EMC PowerStore, Unity and XtremIO.
1.22022-01-31Updated Remediation section to include 1.0.3, 1.0.2, 1.0.1 and 1.0.0

関連情報

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

法的免責事項

対象製品

Product Security Information, vRealize Orchestrator (vRO) Plug-in for PowerMax, vRealize Orchestrator (vRO) Plug-in for PowerScale

製品

vRealize Orchestrator (vRO) Plug-in for PowerStore, vRealize Orchestrator (vRO) Plug-in for Unity, vRealize Orchestrator (vRO) Plug-in for XtremIO
文書のプロパティ
文書番号: 000194610
文書の種類: Dell Security Advisory
最終更新: 05 11月 2025
質問に対する他のDellユーザーからの回答を見つける
サポート サービス
お使いのデバイスがサポート サービスの対象かどうかを確認してください。