Ga naar hoofdinhoud
  • Snel en eenvoudig bestellen
  • Bestellingen en de verzendstatus bekijken
  • Een lijst met producten maken en openen
  • Beheer uw Dell EMC locaties, producten en contactpersonen op productniveau met Company Administration.

Artikelnummer: 000185484


DSA-2021-083: Dell Unity, Dell UnityVSA, and Dell Unity XT Security Update for Multiple Vulnerabilities

Samenvatting: Dell Unity, Dell UnityVSA, and Dell Unity XT remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

Article content


Impact

Critical

Gegevens

Proprietary Code CVE(s) Description CVSSBase Score CVSS Vector String
CVE-2021-21547 Dell Unity, UnityVSA, and Unity XT versions prior to 5.0.7.0.5.008 contain a plain-text password storage vulnerability when the Dell Upgrade Readiness Utility is run on the system. The credentials of the Unisphere Administrator are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user. 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
 
Third-Party Component
 
CVE(s) More information
Apache-Tomcat CVE-2019-0221 See NVD (http://nvd.nist.gov/) for individual scores for each CVE
CVE-2019-0232
CVE-2020-1935
CVE-2020-1938
CVE-2020-9484
CVE-2019-12418
CVE-2020-13935
CVE-2019-17563
CVE-2019-17569
Oracle Java SE CVE-2020-14779 Oracle Critical Patch Update - October 2020
CVE-2020-14781
CVE-2020-14782
CVE-2020-14792
CVE-2020-14796
CVE-2020-14797
CVE-2020-14798
CVE-2020-14803
Apache2 CVE-2020-1927 See NVD (http://nvd.nist.gov/) for individual scores for each CVE
CVE-2020-1934
CVE-2020-1938
Python CVE-2020-8492 See NVD (http://nvd.nist.gov/) for individual scores for each CVE
CVE-2019-9674
CVE-2019-18348

Proprietary Code CVE(s) Description CVSSBase Score CVSS Vector String
CVE-2021-21547 Dell Unity, UnityVSA, and Unity XT versions prior to 5.0.7.0.5.008 contain a plain-text password storage vulnerability when the Dell Upgrade Readiness Utility is run on the system. The credentials of the Unisphere Administrator are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user. 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
 
Third-Party Component
 
CVE(s) More information
Apache-Tomcat CVE-2019-0221 See NVD (http://nvd.nist.gov/) for individual scores for each CVE
CVE-2019-0232
CVE-2020-1935
CVE-2020-1938
CVE-2020-9484
CVE-2019-12418
CVE-2020-13935
CVE-2019-17563
CVE-2019-17569
Oracle Java SE CVE-2020-14779 Oracle Critical Patch Update - October 2020
CVE-2020-14781
CVE-2020-14782
CVE-2020-14792
CVE-2020-14796
CVE-2020-14797
CVE-2020-14798
CVE-2020-14803
Apache2 CVE-2020-1927 See NVD (http://nvd.nist.gov/) for individual scores for each CVE
CVE-2020-1934
CVE-2020-1938
Python CVE-2020-8492 See NVD (http://nvd.nist.gov/) for individual scores for each CVE
CVE-2019-9674
CVE-2019-18348

Dell Technologies raadt aan dat alle klanten rekening houden met zowel de basisscore van CVSS als alle relevante tijdelijke en omgevingsscores die gevolgen kunnen hebben voor de mogelijke ernst van de specifieke beveiligingsproblemen.

Getroffen producten en herstel

Product Affected Version(s) Updated Version(s) Link to Update
Dell Unity Operating Environment (OE) Versions prior to 5.0.7.0.5.008 5.0.7.0.5.008 https://www.dell.com/support/home/en-us/product-support/product/unity-all-flash-family/drivers
Dell Unity XT Operating Environment (OE) Versions prior to 5.0.7.0.5.008 5.0.7.0.5.008
Dell UnityVSA Operating Environment (OE) Versions prior to 5.0.7.0.5.008 5.0.7.0.5.008

Product Affected Version(s) Updated Version(s) Link to Update
Dell Unity Operating Environment (OE) Versions prior to 5.0.7.0.5.008 5.0.7.0.5.008 https://www.dell.com/support/home/en-us/product-support/product/unity-all-flash-family/drivers
Dell Unity XT Operating Environment (OE) Versions prior to 5.0.7.0.5.008 5.0.7.0.5.008
Dell UnityVSA Operating Environment (OE) Versions prior to 5.0.7.0.5.008 5.0.7.0.5.008

Tijdelijke oplossingen en beperkingen

Proprietary Code CVE(s) Workaround
CVE-2021-21547 Be sure to always use the latest version of the Dell Upgrade Readiness Utility. Older versions of the Upgrade Readiness Utility may log Unisphere Administrator credentials on Dell Unity, Dell UnityVSA, and Dell Unity XT products running on versions prior to OE 5.0.7.0.5.008. If an older version of the Upgrade Readiness Utility has been run on Dell EMC , Dell UnityVSA, and Dell Unity XT products using versions prior to OE 5.0.7.0.5.008, then change the Administrator password immediately.

Revisiegeschiedenis

RevisionDateDescription
1.02021-04-19Initial Release

Verwante informatie

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide


Artikeleigenschappen


Getroffen product
Dell EMC Unity, Product Security Information, Dell Unity 300, Dell EMC Unity 300F, Dell EMC Unity 350F, Dell EMC Unity XT 380, Dell EMC Unity XT 380F, Dell EMC Unity 400, Dell EMC Unity 400F, Dell EMC Unity 450F, Dell EMC Unity XT 480 , Dell EMC Unity XT 480F, Dell EMC Unity 500, Dell EMC Unity 500F, Dell EMC Unity 550F, Dell EMC Unity 600, Dell EMC Unity 600F, Dell EMC Unity XT 680, Dell EMC Unity XT 680F, Dell EMC Unity XT 880, Dell EMC Unity XT 880F, UnityVSA, Dell EMC UnityVSA (Virtual Storage Appliance) ...
Datum laatst gepubliceerd

19 apr 2021

Versie

1

Artikeltype

Dell Security Advisory