DSA-2024-474: Security Update for Dell PowerFlex Rack Multiple Third-Party Component Vulnerabilities

概要: Dell PowerFlex Rack remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system

この記事は次に適用されます: この記事は次には適用されません: この記事は、特定の製品に関連付けられていません。 すべての製品パージョンがこの記事に記載されているわけではありません。
他のリソースを確認する

影響

Critical

詳細

Third-party Component CVEs More Information
Dell PowerEdge Server BIOS CVE-2023-45745, CVE-2023-47855, CVE-2023-31355, CVE-2024-21978, CVE-2024-21980, CVE-2023-31315, CVE-2023-49141, CVE-2021-26344, CVE-2021-26387, CVE-2021-46772, CVE-2021-46746, CVE-2023-20518, CVE-2023-20578, CVE-2023-20584, CVE-2023-20591, CVE-2023-31356, CVE-2024-21981, CVE-2024-21801, CVE-2024-22374 DSA-2024-160, DSA-2024-306, DSA-2024-344, DSA-2024-160, DSA-2024-350, DSA-2024-359
iDRAC CVE-2024-25943, CVE-2023-48795, CVE-2024-38433, CVE-2024-6387, CVE-2023-29499 DSA-2024-099, DSA-2024-021, DSA-2024-223, DSA-2024-342, DSA-2024-286
OpenSSH CVE-2020-15778 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
CUPS CVE-2024-47176, CVE-2024-47076 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
Cisco Switches CVE-2024-20399 Cisco NX-OS Software CLI Command Injection VulnerabilityThis hyperlink is taking you to a website outside of Dell Technologies.
VMWare CVE-2024-22273, CVE-2024-22274, CVE-2024-22275, CVE-2024-37086, CVE-2024-37087, CVE-2024-37085, CVE-2024-38812, CVE-2024-38813 VMSA-2024-0011This hyperlink is taking you to a website outside of Dell Technologies., VMSA-2024-0013This hyperlink is taking you to a website outside of Dell Technologies., VMSA-2024-0013This hyperlink is taking you to a website outside of Dell Technologies. , VMSA-2024-0019This hyperlink is taking you to a website outside of Dell Technologies.
Python-Cryptography CVE-2023-50782 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
libexpat CVE-2023-52425 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
OpenSSL CVE-2016-2183 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
SQLparse CVE-2023-30608 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
OpenJDK CVE-2024-21094 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
JQuery CVE-2020-11023 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

デル・テクノロジーズでは、すべてのお客様に対して、CVSSベース スコアに加えて、特定のセキュリティの脆弱性に付随する潜在的な重要度に影響する可能性のある現状スコアや環境スコアも考慮することをお勧めしています。

影響を受ける製品と修復

Product

Software/Firmware

Affected Versions

Remediated Versions

Link

PowerFlex rack

RCM

Versions prior to 3.6.7.0

 

Version 3.6.7.0 or later

 

RCM release

PowerFlex rack

RCM

Versions prior to 3.8.1.0

Version 3.8.1.0 or later

RCM release

Product

Software/Firmware

Affected Versions

Remediated Versions

Link

PowerFlex rack

RCM

Versions prior to 3.6.7.0

 

Version 3.6.7.0 or later

 

RCM release

PowerFlex rack

RCM

Versions prior to 3.8.1.0

Version 3.8.1.0 or later

RCM release

回避策と緩和策

None

変更履歴

Revision

Date

Description

1.0

2024-12-12

Initial Release

2.0

2025-02-19

Major update; remediation content:
 CVE-2023-50782,CVE-2023-52425,CVE-2016-2183, CVE-2023-30608,CVE-2024-21094 added as remediated since the initial release

3.0

2025-03-24

Major update, remediation content:
CVE-2020-11023 added as remediated since the initial release

 

関連情報

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

法的免責事項

対象製品

PowerFlex rack
文書のプロパティ
文書番号: 000259564
文書の種類: Dell Security Advisory
最終更新: 24 3月 2025
質問に対する他のDellユーザーからの回答を見つける
サポート サービス
お使いのデバイスがサポート サービスの対象かどうかを確認してください。