DSA-2022-112: DELL PowerFlex Security Update for Multiple Vulnerabilities

Resumo: Remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

Este artigo aplica-se a Este artigo não se aplica a Este artigo não está vinculado a nenhum produto específico. Nem todas as versões do produto estão identificadas neste artigo.
Confira outros recursos

Impacto

High

Dados

Component CVEs More Information
PowerFlex components using OpenSSL CVE-2021-3711,
CVE-2021-3712,
CVE-2022-0778		 OpenSSL is used by PowerFlex for Secure communication between its different components.
PowerFlex Gateway using Spring4Shell CVE-2022-22965 Spring article: https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement This hyperlink is taking you to a website outside of Dell Technologies.
PowerFlex Presentation server and Gateway using Java or OpenJDK CVE-2022-21248,
CVE-2022-21282,
CVE-2022-21283,
CVE-2022-21293,
CVE-2022-21294,
CVE-2022-21296		 Oracle article: https://www.oracle.com/security-alerts/cpujan2022.html#AppendixJAVA This hyperlink is taking you to a website outside of Dell Technologies.

 
PowerFlex Custom node R6525 CVE-2021-26339,
CVE-2021-26373,
CVE-2021-26347,
CVE-2021-26376,
CVE-2021-26375,
CVE-2021-26378,
CVE-2021-26372,
CVE-2021-26348,
CVE-2021-26342,
CVE-2021-26388,
CVE-2021-26349, CVE-2021-26364, CVE-2021-26312, CVE-2021-26350		 Dell article: https://www.dell.com/support/kbdoc/en-vn/000199269/dsa-2022-126-dell-poweredge-server-security-updates-for-amd-server-vulnerabilities
 
Component CVEs More Information
PowerFlex components using OpenSSL CVE-2021-3711,
CVE-2021-3712,
CVE-2022-0778		 OpenSSL is used by PowerFlex for Secure communication between its different components.
PowerFlex Gateway using Spring4Shell CVE-2022-22965 Spring article: https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement This hyperlink is taking you to a website outside of Dell Technologies.
PowerFlex Presentation server and Gateway using Java or OpenJDK CVE-2022-21248,
CVE-2022-21282,
CVE-2022-21283,
CVE-2022-21293,
CVE-2022-21294,
CVE-2022-21296		 Oracle article: https://www.oracle.com/security-alerts/cpujan2022.html#AppendixJAVA This hyperlink is taking you to a website outside of Dell Technologies.

 
PowerFlex Custom node R6525 CVE-2021-26339,
CVE-2021-26373,
CVE-2021-26347,
CVE-2021-26376,
CVE-2021-26375,
CVE-2021-26378,
CVE-2021-26372,
CVE-2021-26348,
CVE-2021-26342,
CVE-2021-26388,
CVE-2021-26349, CVE-2021-26364, CVE-2021-26312, CVE-2021-26350		 Dell article: https://www.dell.com/support/kbdoc/en-vn/000199269/dsa-2022-126-dell-poweredge-server-security-updates-for-amd-server-vulnerabilities
 
A Dell Technologies recomenda que todos os clientes levem em consideração a pontuação base CVSS e as pontuações temporais e ambientais pertinentes que possam afetar a gravidade potencial associada a uma vulnerabilidade de segurança específica.

Produtos afetados e soluções

CVEs Addressed Product Affected Versions Updated Versions Link to Update
CVE-2021-3711, CVE-2021-3712 CVE-2022-0778 OpenSSL used by PowerFlex Software
 		 PowerFlex versions before 3.6.0.4 or latest SVM patch bundle. PowerFlex 3.6.0.4 OVA includes this updated OpenSSL package
SVM Patch bundle from August 4, 2022		 PowerFlex_3.6.0.4_107_Complete_Software.zip (with latest OVA)
SVM_OS_Patching_package_04082022.zip (for use with manual SVM upgrade)
For customer managed operating system, must upgrade with package openssl-libs-1.0.2k-24 based package, an example for CentOS7.9: openssl-libs-1.0.2k-24.el7_9.x86_64.rpm.
CVE-2022-22965 PowerFlex Software PowerFlex versions before 3.6.0.4 or 3.5.1.6 PowerFlex 3.6.0.4
PowerFlex 3.5.1.6 and later versions		 PowerFlex_3.6.0.4_107_Complete_Software.zip (with latest PowerFlex Gateway rpm)
PowerFlex_3.5.1.6_110_Complete_Software.zip (with latest PowerFlex Gateway rpm)
CVE-2021-21248 CVE-2021-21282 CVE-2021-21283 CVE-2021-21293 CVE-2021-21294 CVE-2021-21296 PowerFlex Software PowerFlex versions before 3.6.0.4 PowerFlex 3.6.0.4 and later versions PowerFlex_3.6.0.4_107_Complete_Software.zip (with latest OVA)
For customer managed operating system, self-upgrade is required with package java-1.8.0-openjdk-headless-1.8.0.322 based package for the compatible operating system or the java compatible version, an example for CentOS7.9: java-1.8.0-openjdk-headless-1.8.0.322.b06-1.el7_9
Guidelines: Java upgrade prerequisites.
 
CVE-2021-26373
CVE-2021-26339 CVE-2021-26344 CVE-2021-26347 CVE-2021-26376 CVE-2021-26375 CVE-2021-26378 CVE-2021-26372 CVE-2021-26348 CVE-2021-26342 CVE-2021-26388 CVE-2021-26349 CVE-2021-26328		 R6525 custom node
 		 BIOS Versions before 2.6.6 for AMD
 		 AMD BIOS: 2.6.6 Downloads (when upgrade is with using OME)
Documents (when manual upgrade)
 
CVEs Addressed Product Affected Versions Updated Versions Link to Update
CVE-2021-3711, CVE-2021-3712 CVE-2022-0778 OpenSSL used by PowerFlex Software
 		 PowerFlex versions before 3.6.0.4 or latest SVM patch bundle. PowerFlex 3.6.0.4 OVA includes this updated OpenSSL package
SVM Patch bundle from August 4, 2022		 PowerFlex_3.6.0.4_107_Complete_Software.zip (with latest OVA)
SVM_OS_Patching_package_04082022.zip (for use with manual SVM upgrade)
For customer managed operating system, must upgrade with package openssl-libs-1.0.2k-24 based package, an example for CentOS7.9: openssl-libs-1.0.2k-24.el7_9.x86_64.rpm.
CVE-2022-22965 PowerFlex Software PowerFlex versions before 3.6.0.4 or 3.5.1.6 PowerFlex 3.6.0.4
PowerFlex 3.5.1.6 and later versions		 PowerFlex_3.6.0.4_107_Complete_Software.zip (with latest PowerFlex Gateway rpm)
PowerFlex_3.5.1.6_110_Complete_Software.zip (with latest PowerFlex Gateway rpm)
CVE-2021-21248 CVE-2021-21282 CVE-2021-21283 CVE-2021-21293 CVE-2021-21294 CVE-2021-21296 PowerFlex Software PowerFlex versions before 3.6.0.4 PowerFlex 3.6.0.4 and later versions PowerFlex_3.6.0.4_107_Complete_Software.zip (with latest OVA)
For customer managed operating system, self-upgrade is required with package java-1.8.0-openjdk-headless-1.8.0.322 based package for the compatible operating system or the java compatible version, an example for CentOS7.9: java-1.8.0-openjdk-headless-1.8.0.322.b06-1.el7_9
Guidelines: Java upgrade prerequisites.
 
CVE-2021-26373
CVE-2021-26339 CVE-2021-26344 CVE-2021-26347 CVE-2021-26376 CVE-2021-26375 CVE-2021-26378 CVE-2021-26372 CVE-2021-26348 CVE-2021-26342 CVE-2021-26388 CVE-2021-26349 CVE-2021-26328		 R6525 custom node
 		 BIOS Versions before 2.6.6 for AMD
 		 AMD BIOS: 2.6.6 Downloads (when upgrade is with using OME)
Documents (when manual upgrade)
 

Histórico de revisão

RevisionDateDescription
1.02022-05-02Initial Draft for review
2.02022-05-03Clarified some OpenSSL upgrade info
3.02022-05-06Updated CVEs for AMD issue based on new AMD-SN

Informações relacionadas

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Aviso de isenção legal

Produtos afetados

PowerFlex custom node, PowerFlex custom node, PowerFlex custom node R650, PowerFlex custom node R6525

Produtos

Product Security Information
Propriedades do artigo
Número do artigo: 000199942
Tipo de artigo: Dell Security Advisory
Último modificado: 05 nov. 2025
Encontre as respostas de outros usuários da Dell para suas perguntas.
Serviços de suporte
Verifique se o dispositivo está coberto pelos serviços de suporte.