Artikelnummer: 000194531
Critical
Third-party Component | CVEs | More information |
Apache Log4j | CVE-2021-44228 | Apache Log4j Remote Code Execution |
CVE-2021-45046 | Apache Log4j Remote Code Execution | |
CVE-2021-45105 | Denial of Service attack |
Third-party Component | CVEs | More information |
Apache Log4j | CVE-2021-44228 | Apache Log4j Remote Code Execution |
CVE-2021-45046 | Apache Log4j Remote Code Execution | |
CVE-2021-45105 | Denial of Service attack |
Product | Affected Versions | Updated Versions | Link to Update | |
RecoverPoint Classic |
5.1 SP4 5.1 SP4 P1 5.1 SP3 5.1 SP3 P1 |
5.1.4.2 |
|
|
RecoverPoint for Virtual Machines | 5.3 SP2 P1 5.3 SP1 P1 5.3 SP2 5.3 SP1 |
5.3.2.2 | https://www.dell.com/support/home/en-us/product-support/product/recoverpoint-for-virtual-machines/drivers | |
RecoverPoint for Virtual Machines | 5.2 SP2 P4 5.2 SP2 5.2 SP2 P3 5.2 SP2 P2 5.2 SP2 P1 5.2 SP1 |
Dell Technologies recommends customers apply the temporary resolution, detailed in the Workaround and Mitigation section of this DSA. A permanent remediation for this issue will be released in the future release of the impacted version in line. |
Product | Affected Versions | Updated Versions | Link to Update | |
RecoverPoint Classic |
5.1 SP4 5.1 SP4 P1 5.1 SP3 5.1 SP3 P1 |
5.1.4.2 |
|
|
RecoverPoint for Virtual Machines | 5.3 SP2 P1 5.3 SP1 P1 5.3 SP2 5.3 SP1 |
5.3.2.2 | https://www.dell.com/support/home/en-us/product-support/product/recoverpoint-for-virtual-machines/drivers | |
RecoverPoint for Virtual Machines | 5.2 SP2 P4 5.2 SP2 5.2 SP2 P3 5.2 SP2 P2 5.2 SP2 P1 5.2 SP1 |
Dell Technologies recommends customers apply the temporary resolution, detailed in the Workaround and Mitigation section of this DSA. A permanent remediation for this issue will be released in the future release of the impacted version in line. |
Below is the workaround for CVE-2021-44228 and CVE-2021-45046 for the customers who do not want to upgrade to the latest patch to be provided by RecoverPoint.
RecoverPoint for VMs (All versions before 5.3 SP2 P2):
Run the following signed script on all vRPAs and reboot them one by one:
Revision | Date | Description |
1.0 | 2021-12-15 | Workaround |
1.1 | 2021-12-17 | Updated workaround including RPC plugin server. |
1.2 | 2021-12-20 | Updated the affected versions section |
1.3 | 2021-12-21 | Updated another CVE-2021-45105 for 2.16 log4j versions |
1.4 | 2021-12-22 | Removed CVE-2021-45105 based on review comments |
2.0 | 2022-01-11 | RecoverPoint for VMs release 5.3.2.2 |
3.0 | 2022-02-01 | RecoverPoint Classic release 5.1.4.2 |
RecoverPoint, Product Security Information, RecoverPoint, RecoverPoint CL
01 feb. 2022
8
Dell Security Advisory