DSA-2024-474: Security Update for Dell PowerFlex Rack Multiple Third-Party Component Vulnerabilities

Resumo: Dell PowerFlex Rack remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system

Este artigo aplica-se a Este artigo não se aplica a Este artigo não está vinculado a nenhum produto específico. Nem todas as versões do produto estão identificadas neste artigo.
Confira outros recursos

Impacto

Critical

Dados

Third-party Component CVEs More Information
Dell PowerEdge Server BIOS CVE-2023-45745, CVE-2023-47855, CVE-2023-31355, CVE-2024-21978, CVE-2024-21980, CVE-2023-31315, CVE-2023-49141, CVE-2021-26344, CVE-2021-26387, CVE-2021-46772, CVE-2021-46746, CVE-2023-20518, CVE-2023-20578, CVE-2023-20584, CVE-2023-20591, CVE-2023-31356, CVE-2024-21981, CVE-2024-21801, CVE-2024-22374 DSA-2024-160, DSA-2024-306, DSA-2024-344, DSA-2024-160, DSA-2024-350, DSA-2024-359
iDRAC CVE-2024-25943, CVE-2023-48795, CVE-2024-38433, CVE-2024-6387, CVE-2023-29499 DSA-2024-099, DSA-2024-021, DSA-2024-223, DSA-2024-342, DSA-2024-286
OpenSSH CVE-2020-15778 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
CUPS CVE-2024-47176, CVE-2024-47076 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
Cisco Switches CVE-2024-20399 Cisco NX-OS Software CLI Command Injection VulnerabilityThis hyperlink is taking you to a website outside of Dell Technologies.
VMWare CVE-2024-22273, CVE-2024-22274, CVE-2024-22275, CVE-2024-37086, CVE-2024-37087, CVE-2024-37085, CVE-2024-38812, CVE-2024-38813 VMSA-2024-0011This hyperlink is taking you to a website outside of Dell Technologies., VMSA-2024-0013This hyperlink is taking you to a website outside of Dell Technologies., VMSA-2024-0013This hyperlink is taking you to a website outside of Dell Technologies. , VMSA-2024-0019This hyperlink is taking you to a website outside of Dell Technologies.
Python-Cryptography CVE-2023-50782 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
libexpat CVE-2023-52425 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
OpenSSL CVE-2016-2183 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
SQLparse CVE-2023-30608 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
OpenJDK CVE-2024-21094 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
JQuery CVE-2020-11023 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

A Dell Technologies recomenda que todos os clientes levem em consideração a pontuação base CVSS e as pontuações temporais e ambientais pertinentes que possam afetar a gravidade potencial associada a uma vulnerabilidade de segurança específica.

Produtos afetados e soluções

Product

Software/Firmware

Affected Versions

Remediated Versions

Link

PowerFlex rack

RCM

Versions prior to 3.6.7.0

 

Version 3.6.7.0 or later

 

RCM release

PowerFlex rack

RCM

Versions prior to 3.8.1.0

Version 3.8.1.0 or later

RCM release

Product

Software/Firmware

Affected Versions

Remediated Versions

Link

PowerFlex rack

RCM

Versions prior to 3.6.7.0

 

Version 3.6.7.0 or later

 

RCM release

PowerFlex rack

RCM

Versions prior to 3.8.1.0

Version 3.8.1.0 or later

RCM release

Soluções temporárias e atenuações

None

Histórico de revisão

Revision

Date

Description

1.0

2024-12-12

Initial Release

2.0

2025-02-19

Major update; remediation content:
 CVE-2023-50782,CVE-2023-52425,CVE-2016-2183, CVE-2023-30608,CVE-2024-21094 added as remediated since the initial release

3.0

2025-03-24

Major update, remediation content:
CVE-2020-11023 added as remediated since the initial release

 

Informações relacionadas

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Aviso de isenção legal

Produtos afetados

PowerFlex rack
Propriedades do artigo
Número do artigo: 000259564
Tipo de artigo: Dell Security Advisory
Último modificado: 24 mar. 2025
Encontre as respostas de outros usuários da Dell para suas perguntas.
Serviços de suporte
Verifique se o dispositivo está coberto pelos serviços de suporte.