DSA-2021-293: Dell PowerFlex Appliance Security Update for Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105)
요약: Dell PowerFlex Appliance remediation is available for the Apache Log4j Remote Code Execution Vulnerability that may be exploited by malicious users to compromise the affected system. Dell recommends implementing this remediation as soon as possible in light of the critical severity of the vulnerability. ...
이 문서는 다음에 적용됩니다.
이 문서는 다음에 적용되지 않습니다.
이 문서는 특정 제품과 관련이 없습니다.
모든 제품 버전이 이 문서에 나와 있는 것은 아닙니다.
영향
Critical
세부 정보
| Third-party Component | CVEs | More information |
| Apache Log4j |
CVE-2021-44228 CVE-2021-45046 CVE-2021-45105 |
Apache Log4j Remote Code Execution |
| Third-party Component | CVEs | More information |
| Apache Log4j |
CVE-2021-44228 CVE-2021-45046 CVE-2021-45105 |
Apache Log4j Remote Code Execution |
영향을 받는 제품 및 문제 해결
Affected Products and Remediation
Affected Components in the Product
| CVEs | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2021-4228 CVE-2021-45046 CVE-2021-45105 |
PowerFlex Appliance |
Versions before Intelligent Catalog 38_356_00_r10 |
Intelligent_Catalog_38_356_01_r1 | For IC downloads: https://www.dell.com/support/home/product-support/product/vxflex-appliance-sw/drivers |
| Versions before Intelligent Catalog 38_362_00_r7 | Intelligent_Catalog_38_362_01_r1 |
Affected Components in the Product
| Component | Affected Versions | Updated Versions | Link to update |
| Dell PowerFlex Presentation Server | 3.5, 3.5.1, 3.5.1.1, 3.5.1.2, 3.5.1.3, 3.5.1.4 3.6, 3.6.0.1, and 3.6.0.2 | Versions 3.6.0.3 and 3.5.1.5 | PowerFlex 3.6.0.3 build 107 Complete Software PowerFlex 3.5.1.5 Build 105 Complete Software Download DSA-2021-272 |
| Dell PowerFlex Manager | 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, 3.6.1, 3.7.0, 3.7.1, 3.7.2, and 3.8.0 | Version 3.8.0 (Build Number 3.8.0-8187) | For IC downloads: https://www.dell.com/support/home/product-support/product/vxflex-appliance-sw/drivers |
| VMware vCenter Server Appliance | 6.5, 6.7, and 7.0 | VMware-VCSA-all-6.5.0-19261680 (6.5 U3s) VMware-VCSA-all-6.7 Update 3q (6.7.0 Build19300125 VMware-VCSA-all-7.0 Update 3c Build 19234570 |
For IC downloads: https://www.dell.com/support/home/product-support/product/vxflex-appliance-sw/drivers |
Affected Products and Remediation
Affected Components in the Product
| CVEs | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2021-4228 CVE-2021-45046 CVE-2021-45105 |
PowerFlex Appliance |
Versions before Intelligent Catalog 38_356_00_r10 |
Intelligent_Catalog_38_356_01_r1 | For IC downloads: https://www.dell.com/support/home/product-support/product/vxflex-appliance-sw/drivers |
| Versions before Intelligent Catalog 38_362_00_r7 | Intelligent_Catalog_38_362_01_r1 |
Affected Components in the Product
| Component | Affected Versions | Updated Versions | Link to update |
| Dell PowerFlex Presentation Server | 3.5, 3.5.1, 3.5.1.1, 3.5.1.2, 3.5.1.3, 3.5.1.4 3.6, 3.6.0.1, and 3.6.0.2 | Versions 3.6.0.3 and 3.5.1.5 | PowerFlex 3.6.0.3 build 107 Complete Software PowerFlex 3.5.1.5 Build 105 Complete Software Download DSA-2021-272 |
| Dell PowerFlex Manager | 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, 3.6.1, 3.7.0, 3.7.1, 3.7.2, and 3.8.0 | Version 3.8.0 (Build Number 3.8.0-8187) | For IC downloads: https://www.dell.com/support/home/product-support/product/vxflex-appliance-sw/drivers |
| VMware vCenter Server Appliance | 6.5, 6.7, and 7.0 | VMware-VCSA-all-6.5.0-19261680 (6.5 U3s) VMware-VCSA-all-6.7 Update 3q (6.7.0 Build19300125 VMware-VCSA-all-7.0 Update 3c Build 19234570 |
For IC downloads: https://www.dell.com/support/home/product-support/product/vxflex-appliance-sw/drivers |
개정 내역
| Revision | Date | Description |
| 1.0 | 2021-12-16 | Initial Release |
| 1.1 | 2021-12-17 | Added VMware vCenter Server Appliance workaround KB article link. |
| 1.2 | 2021-12-22 | Added CVE-2021-45105 and remediation guidance |
| 1.3 | 2022-01-10 | Added new ZIP with Log4j 2.17.1 remediation |
| 2.0 | 2022-02-09 | Minor update - Workarounds and Mitigations - PowerFlex Manager section |
| 3.0 | 2022-02-25 | Updated Affected Products and Remediation section, added links to update |
| 4.0 | 2022-06-01 | updated VMware vCenter remediation |
관련 정보
법적 고지 사항
해당 제품
PowerFlex Appliance, PowerFlex appliance R650, PowerFlex appliance R6525, Powerflex appliance R750, Product Security Information, PowerFlex Software, PowerFlex appliance R640, PowerFlex appliance R740XD, PowerFlex appliance R840문서 속성
문서 번호: 000194579
문서 유형: Dell Security Advisory
마지막 수정 시간: 01 6월 2022
다른 Dell 사용자에게 질문에 대한 답변 찾기
지원 서비스
디바이스에 지원 서비스가 적용되는지 확인하십시오.