DSA-2021-090: Dell VxRail Appliance Security Update for Multiple Vulnerabilities

Сводка: Dell VxRail Appliance remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

Данная статья применяется к Данная статья не применяется к Эта статья не привязана к какому-либо конкретному продукту. В этой статье указаны не все версии продуктов.
Ознакомьтесь с другими ресурсами

Влияние

Critical

Подробные сведения

Proprietary Code CVE Description CVSS Base Score CVSS Vector String
CVE-2021-21508 Dell VxRail, versions prior to 4.7.530 contain a Plain-text Password Storage Vulnerability. A sys-admin user may exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Third-Party Component CVEs More information
VMware ESXi CVE-2021-21994 VMSA-2021-0014
CVE-2021-21995

VxRail Manager: SUSE Grub2 and others

 CVE-2020-14372 SUSE grub2 UEFI secure boot bypass issues

SUSE updates


 
CVE-2020-25632
CVE-2020-25647
CVE-2020-27749
CVE-2020-27779
CVE-2021-20225
CVE-2021-20233
CVE-2019-18348
CVE-2021-23336
CVE-2019-20916
CVE-2021-3177
CVE-2021-27219
CVE-2021-27218
CVE-2021-3348
CVE-2020-25211
CVE-2020-25639
CVE-2020-27835
CVE-2020-29568
CVE-2020-29569
CVE-2021-0342
CVE-2021-20177
CVE-2021-3347
CVE-2020-36221
CVE-2020-36222
CVE-2020-36223
CVE-2020-36224
CVE-2020-36225
CVE-2020-36226
CVE-2020-36227
CVE-2020-36228
CVE-2020-36229
CVE-2020-36230
CVE-2021-27212
CVE-2021-20193
CVE-2021-23840
CVE-2021-23841
CVE-2020-8625
CVE-2021-20229
CVE-2021-3393
CVE-2019-25013
CVE-2021-3326
CVE-2020-14803
CVE-2020-14792
CVE-2020-14781
CVE-2020-14782
CVE-2020-14797
CVE-2020-14779
CVE-2020-14796
CVE-2020-14798

VxRail Manager: OpenSSL

 CVE-2020-1971 OpenSSL
VxRail Node:  Dell iDRAC8 Updates 
  • VxRail E460
  • VxRail E460F
  • VxRail P470
  • VxRail P470F
  • VxRail V470
  • VxRail V470F
  • VxRail S470
 CVE-2021-21510 DSA-2021-041: Dell iDRAC 8 Security Update for a host header injection
VxRail Node: Dell iDRAC9 Updates
  • VxRail E560
  • VxRail E560F
  • VxRail E560N
  • VxRail P570
  • VxRail P570F
  • VxRail V570
  • VxRail V570F
  • VxRail G560
  • VxRail G560/F
  • VxRail S570
  • VxRail P580N
  • VxRail D560
  • VxRail D560F
 CVE-2021-21539 DSA-2021-073: Dell iDRAC 9 Security Update for Multiple Vulnerabilities
CVE-2021-21540
CVE-2021-21541
CVE-2021-21542
CVE-2021-21543
CVE-2021-21544
VxRail Node:  Dell iDRAC9 Updates 
  • VxRail E560
  • VxRail E560F
  • VxRail E560N
  • VxRail P570
  • VxRail P570F
  • VxRail V570
  • VxRail V570F
  • VxRail G560
  • VxRail G560/F
  • VxRail S570
  • VxRail P580N
  • VxRail D560
  • VxRail D560F
 CVE-2020-26198

DSA-2020-268: Dell EMC iDRAC9 Reflected XSS Vulnerability
VxRail Node: Dell iDRAC9 Updates 
  • VxRail E560
  • VxRail E560F
  • VxRail E560N
  • VxRail P570
  • VxRail P570F
  • VxRail V570
  • VxRail V570F
  • VxRail G560
  • VxRail G560/F
  • VxRail S570
  • VxRail P580N
  • VxRail D560
  • VxRail D560F
 CVE-2021-21538 DSA-2021-082: Dell iDRAC 9 Security Update for Improper Authentication Vulnerability

 

Proprietary Code CVE Description CVSS Base Score CVSS Vector String
CVE-2021-21508 Dell VxRail, versions prior to 4.7.530 contain a Plain-text Password Storage Vulnerability. A sys-admin user may exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Third-Party Component CVEs More information
VMware ESXi CVE-2021-21994 VMSA-2021-0014
CVE-2021-21995

VxRail Manager: SUSE Grub2 and others

 CVE-2020-14372 SUSE grub2 UEFI secure boot bypass issues

SUSE updates


 
CVE-2020-25632
CVE-2020-25647
CVE-2020-27749
CVE-2020-27779
CVE-2021-20225
CVE-2021-20233
CVE-2019-18348
CVE-2021-23336
CVE-2019-20916
CVE-2021-3177
CVE-2021-27219
CVE-2021-27218
CVE-2021-3348
CVE-2020-25211
CVE-2020-25639
CVE-2020-27835
CVE-2020-29568
CVE-2020-29569
CVE-2021-0342
CVE-2021-20177
CVE-2021-3347
CVE-2020-36221
CVE-2020-36222
CVE-2020-36223
CVE-2020-36224
CVE-2020-36225
CVE-2020-36226
CVE-2020-36227
CVE-2020-36228
CVE-2020-36229
CVE-2020-36230
CVE-2021-27212
CVE-2021-20193
CVE-2021-23840
CVE-2021-23841
CVE-2020-8625
CVE-2021-20229
CVE-2021-3393
CVE-2019-25013
CVE-2021-3326
CVE-2020-14803
CVE-2020-14792
CVE-2020-14781
CVE-2020-14782
CVE-2020-14797
CVE-2020-14779
CVE-2020-14796
CVE-2020-14798

VxRail Manager: OpenSSL

 CVE-2020-1971 OpenSSL
VxRail Node:  Dell iDRAC8 Updates 
  • VxRail E460
  • VxRail E460F
  • VxRail P470
  • VxRail P470F
  • VxRail V470
  • VxRail V470F
  • VxRail S470
 CVE-2021-21510 DSA-2021-041: Dell iDRAC 8 Security Update for a host header injection
VxRail Node: Dell iDRAC9 Updates
  • VxRail E560
  • VxRail E560F
  • VxRail E560N
  • VxRail P570
  • VxRail P570F
  • VxRail V570
  • VxRail V570F
  • VxRail G560
  • VxRail G560/F
  • VxRail S570
  • VxRail P580N
  • VxRail D560
  • VxRail D560F
 CVE-2021-21539 DSA-2021-073: Dell iDRAC 9 Security Update for Multiple Vulnerabilities
CVE-2021-21540
CVE-2021-21541
CVE-2021-21542
CVE-2021-21543
CVE-2021-21544
VxRail Node:  Dell iDRAC9 Updates 
  • VxRail E560
  • VxRail E560F
  • VxRail E560N
  • VxRail P570
  • VxRail P570F
  • VxRail V570
  • VxRail V570F
  • VxRail G560
  • VxRail G560/F
  • VxRail S570
  • VxRail P580N
  • VxRail D560
  • VxRail D560F
 CVE-2020-26198

DSA-2020-268: Dell EMC iDRAC9 Reflected XSS Vulnerability
VxRail Node: Dell iDRAC9 Updates 
  • VxRail E560
  • VxRail E560F
  • VxRail E560N
  • VxRail P570
  • VxRail P570F
  • VxRail V570
  • VxRail V570F
  • VxRail G560
  • VxRail G560/F
  • VxRail S570
  • VxRail P580N
  • VxRail D560
  • VxRail D560F
 CVE-2021-21538 DSA-2021-082: Dell iDRAC 9 Security Update for Improper Authentication Vulnerability

 

Dell рекомендует всем клиентам учитывать как базовую оценку CVSS, так и любые временные и обусловленные средой оценки, которые могут повлиять на потенциальную степень серьезности конкретной уязвимости.

Затронутые продукты и исправление

CVEs Addressed Product Affected Versions Updated Version
 See table above  Dell VxRail Appliance  4.7.x versions before 4.7.530  4.7.530
CVEs Addressed Product Affected Versions Updated Version
 See table above  Dell VxRail Appliance  4.7.x versions before 4.7.530  4.7.530

История изменений

1.02021-05-05Initial Release
1.12021-05-11Updated with DSA-2021-082 after embargo date.
1.22021-06-04Added CVE updates for SUSE packages.
1.32021-08-03Updated with VMSA-2021-0014 after embargo date

Связанная информация

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Правовая оговорка

Затронутые продукты

VxRail, Product Security Information
Свойства статьи
Номер статьи: 000186417
Тип статьи: Dell Security Advisory
Последнее изменение: 19 Sep 2025
Получите ответы на свои вопросы от других пользователей Dell
Услуги технической поддержки
Проверьте, распространяются ли на ваше устройство услуги технической поддержки.