DSA-2021-293: Dell PowerFlex Appliance Security Update for Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105)

Innholdsfortegnelse

Detaljert artikkel

Påvirkning

Detaljer

Berørte produkter og utbedring

Endringshistorikk

Relatert informasjon

Juridisk ansvarsfraskrivelse

Berørte produkter

Gi tilbakemelding

Sammendrag: Dell PowerFlex Appliance remediation is available for the Apache Log4j Remote Code Execution Vulnerability that may be exploited by malicious users to compromise the affected system. Dell recommends implementing this remediation as soon as possible in light of the critical severity of the vulnerability. ...

Denne artikkelen gjelder for Denne artikkelen gjelder ikke for Denne artikkelen er ikke knyttet til noe bestemt produkt. Det er ikke produktversjonene som identifiseres i denne artikkelen.

Ta en titt på andre ressurser

Påvirkning

Critical

Detaljer

Third-party Component	CVEs	More information
Apache Log4j	CVE-2021-44228 CVE-2021-45046 CVE-2021-45105	Apache Log4j Remote Code Execution

Third-party Component	CVEs	More information
Apache Log4j	CVE-2021-44228 CVE-2021-45046 CVE-2021-45105	Apache Log4j Remote Code Execution

Dell Technologies anbefaler at alle kunder tar hensyn til både grunnpoengsummen og alle relevante, midlertidige og miljømessige resultater som kan påvirke den potensielle alvorlighetsgraden knyttet til bestemte sikkerhetsproblemer.

Berørte produkter og utbedring

Affected Products and Remediation

CVEs	Product	Affected Versions	Updated Versions	Link to Update
CVE-2021-4228 CVE-2021-45046 CVE-2021-45105	PowerFlex Appliance	Versions before Intelligent Catalog 38_356_00_r10	Intelligent_Catalog_38_356_01_r1	For IC downloads: https://www.dell.com/support/home/product-support/product/vxflex-appliance-sw/drivers
CVE-2021-4228 CVE-2021-45046 CVE-2021-45105	PowerFlex Appliance	Versions before Intelligent Catalog 38_362_00_r7	Intelligent_Catalog_38_362_01_r1

Affected Components in the Product

Component	Affected Versions	Updated Versions	Link to update
Dell PowerFlex Presentation Server	3.5, 3.5.1, 3.5.1.1, 3.5.1.2, 3.5.1.3, 3.5.1.4 3.6, 3.6.0.1, and 3.6.0.2	Versions 3.6.0.3 and 3.5.1.5	PowerFlex 3.6.0.3 build 107 Complete Software PowerFlex 3.5.1.5 Build 105 Complete Software Download DSA-2021-272
Dell PowerFlex Manager	3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, 3.6.1, 3.7.0, 3.7.1, 3.7.2, and 3.8.0	Version 3.8.0 (Build Number 3.8.0-8187)	For IC downloads: https://www.dell.com/support/home/product-support/product/vxflex-appliance-sw/drivers
VMware vCenter Server Appliance	6.5, 6.7, and 7.0	VMware-VCSA-all-6.5.0-19261680 (6.5 U3s) VMware-VCSA-all-6.7 Update 3q (6.7.0 Build19300125 VMware-VCSA-all-7.0 Update 3c Build 19234570	For IC downloads: https://www.dell.com/support/home/product-support/product/vxflex-appliance-sw/drivers

Affected Products and Remediation

CVEs	Product	Affected Versions	Updated Versions	Link to Update
CVE-2021-4228 CVE-2021-45046 CVE-2021-45105	PowerFlex Appliance	Versions before Intelligent Catalog 38_356_00_r10	Intelligent_Catalog_38_356_01_r1	For IC downloads: https://www.dell.com/support/home/product-support/product/vxflex-appliance-sw/drivers
CVE-2021-4228 CVE-2021-45046 CVE-2021-45105	PowerFlex Appliance	Versions before Intelligent Catalog 38_362_00_r7	Intelligent_Catalog_38_362_01_r1

Affected Components in the Product

Component	Affected Versions	Updated Versions	Link to update
Dell PowerFlex Presentation Server	3.5, 3.5.1, 3.5.1.1, 3.5.1.2, 3.5.1.3, 3.5.1.4 3.6, 3.6.0.1, and 3.6.0.2	Versions 3.6.0.3 and 3.5.1.5	PowerFlex 3.6.0.3 build 107 Complete Software PowerFlex 3.5.1.5 Build 105 Complete Software Download DSA-2021-272
Dell PowerFlex Manager	3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, 3.6.1, 3.7.0, 3.7.1, 3.7.2, and 3.8.0	Version 3.8.0 (Build Number 3.8.0-8187)	For IC downloads: https://www.dell.com/support/home/product-support/product/vxflex-appliance-sw/drivers
VMware vCenter Server Appliance	6.5, 6.7, and 7.0	VMware-VCSA-all-6.5.0-19261680 (6.5 U3s) VMware-VCSA-all-6.7 Update 3q (6.7.0 Build19300125 VMware-VCSA-all-7.0 Update 3c Build 19234570	For IC downloads: https://www.dell.com/support/home/product-support/product/vxflex-appliance-sw/drivers

Endringshistorikk

Revision	Date	Description
1.0	2021-12-16	Initial Release
1.1	2021-12-17	Added VMware vCenter Server Appliance workaround KB article link.
1.2	2021-12-22	Added CVE-2021-45105 and remediation guidance
1.3	2022-01-10	Added new ZIP with Log4j 2.17.1 remediation
2.0	2022-02-09	Minor update - Workarounds and Mitigations - PowerFlex Manager section
3.0	2022-02-25	Updated Affected Products and Remediation section, added links to update
4.0	2022-06-01	updated VMware vCenter remediation

Relatert informasjon

Juridisk ansvarsfraskrivelse

Berørte produkter

PowerFlex Appliance, PowerFlex appliance R650, PowerFlex appliance R6525, Powerflex appliance R750, Product Security Information, PowerFlex Software, PowerFlex appliance R640, PowerFlex appliance R740XD, PowerFlex appliance R840

Artikkelnummer: 000194579

Artikkeltype: Dell Security Advisory

Sist endret: 01 jun. 2022

Sjekk om enheten din er dekket av støttetjenestene.

DSA-2021-293: Dell PowerFlex Appliance Security Update for Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105)

Påvirkning

Detaljer

Berørte produkter og utbedring

Endringshistorikk

Relatert informasjon

Juridisk ansvarsfraskrivelse

Berørte produkter

Artikkelegenskaper

Få svar på spørsmålene dine fra andre Dell-brukere

Støttetjenester

Artikkelegenskaper

Få svar på spørsmålene dine fra andre Dell-brukere

Støttetjenester