Artikelnummer: 000194610

DSA-2021-300: vRealize Orchestrator (vRO) Plug-ins for Dell EMC Storage  Security Updates for Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228) and CVE-2021-45046

Samenvatting: vRealize Orchestrator (vRO) Plug-ins for Dell EMC Storage is available for the Apache Log4j Remote Code Execution Vulnerability that may be exploited by malicious users to compromise the affected system. Dell recommends implementing this remediation as soon as possible in light of the critical severity of the vulnerability. ...

Article content

Impact

Critical

Gegevens

Third-party Component	CVE	More information
Apache Log4j	CVE-2021-44228, CVE-2021-45046	Apache Log4j Remote Code Execution

Third-party Component	CVE	More information
Apache Log4j	CVE-2021-44228, CVE-2021-45046	Apache Log4j Remote Code Execution

Dell Technologies raadt aan dat alle klanten rekening houden met zowel de basisscore van CVSS als alle relevante tijdelijke en omgevingsscores die gevolgen kunnen hebben voor de mogelijke ernst van de specifieke beveiligingsproblemen.

Getroffen producten en herstel

Product	Affected Versions	Updated Versions	Link to Update
vRO Plugin for Dell EMC PowerMax	Version 1.2.3 or earlier	1.2.4	Support for vRealize Orchestrator (vRO) Platforms \| Drivers & Downloads \| Dell US
vRO Plugin for Dell EMC PowerScale	Version 1.1.0 or earlier	1.1.1	Support for vRealize Orchestrator (vRO) Platforms \| Drivers & Downloads \| Dell US
vRO Plugin for Dell EMC PowerScale	Version 1.0.3, 1.0.2, 1.0.1, and 1.0.0	1.0.4	Support for vRealize Orchestrator (vRO) Platforms \| Drivers & Downloads \| Dell US

Note:
Customers using vRO Plugin for Dell EMC PowerStore 1.1.4 (or earlier), Unity 1.0.7 (or earlier and XtremIO 4.1.2 (or earlier) only need to apply the vRO mitigation, detailed in the Workaround and Mitigation section.

Product	Affected Versions	Updated Versions	Link to Update
vRO Plugin for Dell EMC PowerMax	Version 1.2.3 or earlier	1.2.4	Support for vRealize Orchestrator (vRO) Platforms \| Drivers & Downloads \| Dell US
vRO Plugin for Dell EMC PowerScale	Version 1.1.0 or earlier	1.1.1	Support for vRealize Orchestrator (vRO) Platforms \| Drivers & Downloads \| Dell US
vRO Plugin for Dell EMC PowerScale	Version 1.0.3, 1.0.2, 1.0.1, and 1.0.0	1.0.4	Support for vRealize Orchestrator (vRO) Platforms \| Drivers & Downloads \| Dell US

Tijdelijke oplossingen en beperkingen

Mitigation applicable to vRO Plugin for Dell EMC PowerMax, vRO Plugin for Dell EMC PowerScale, vRO Plugin for Dell EMC PowerStore, vRO Plugin for Dell EMC Unity, and vRO Plugin for Dell EMC XtremIO:

VMware has announced two KB articles to mitigate this vulnerability for VMware vRealize Orchestrator (vRO):

The corresponding patch information is found in:

https://www.vmware.com/security/advisories/VMSA-2021-0028.html

Revisiegeschiedenis

Revision	Date	Description
1.0	2021-12-17	Initial Release
1.1	2022-01-04	Provide more exact instructions for vRO Plugins for Dell EMC PowerStore, Unity and XtremIO.
1.2	2022-01-31	Updated Remediation section to include 1.0.3, 1.0.2, 1.0.1 and 1.0.0

Verwante informatie

Juridische informatie

Artikeleigenschappen

Getroffen product

Product Security Information, vRealize Orchestrator (vRO) Plug-in for PowerMax, vRealize Orchestrator (vRO) Plug-in for PowerScale

Product

vRealize Orchestrator (vRO) Plug-in for PowerStore, vRealize Orchestrator (vRO) Plug-in for Unity, vRealize Orchestrator (vRO) Plug-in for XtremIO

Datum laatst gepubliceerd

31 jan. 2022

Versie

Artikeltype

Dell Security Advisory

Terug naar boven

Welkom

Welkom bij Dell

DSA-2021-300: vRealize Orchestrator (vRO) Plug-ins for Dell EMC Storage Security Updates for Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228) and CVE-2021-45046