DSA-2021-292: Dell PowerFlex Rack Security Update for Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105)

详细文章

影响

详情

受影响的产品和补救措施

修订历史记录

摘要: Dell PowerFlex Rack remediation is available for the Apache Log4j Remote Code Execution Vulnerability that may be exploited by malicious users to compromise the affected system. Dell recommends implementing this remediation as soon as possible in light of the critical severity of the vulnerability. ...

本文适用于本文不适用于本文并非针对某种特定的产品。本文并非包含所有产品版本。

Critical

Third-party Component	CVEs	More information
Apache Log4j	CVE-2021-44228	Apache Log4j Remote Code Execution
	CVE-2021-45046
	CVE-2021-45105

Third-party Component	CVEs	More information
Apache Log4j	CVE-2021-44228	Apache Log4j Remote Code Execution
	CVE-2021-45046
	CVE-2021-45105

Dell Technologies 建议所有客户考虑 CVSS 基本分数以及任何相关的时间和环境分数，这可能会影响与特定安全漏洞相关的潜在严重程度。

Affected Products and Remediation:

CVEs	Product	Affected Versions	Updated Versions	Link to update
CVE-2021-44228 CVE-2021-45046 CVE-2021-45105	PowerFlex Rack	RCM 3.5 train: Versions before 3.5.6.0 RCM 3.6 train: Versions before 3.6.2.0	RCM 3.5 train: Version 3.5.6.1 RCM 3.6 train: Versions 3.6.2.1	For RCM release information: https://cicodeportal.dell.com/#/home For RCM download: https://vce.flexnetoperations.com/control/vcec/product?plneID=740417
CVE-2021-44228 CVE-2021-45046 CVE-2021-45105	PowerFlex Rack	RCM 3.3 train: Versions before 3.3.11.0 RCM 3.4 train: Versions before 3.4.6.0	RCM 3.3 train: Versions 3.3.11.3 RCM 3.4 train: Versions 3.4.6.3

Affected Components in the Product:

Component	Affected Versions	Updated Versions	Link to update
Dell PowerFlex Presentation Server	3.5, 3.5.1, 3.5.1.1, 3.5.1.2, 3.5.1.3, 3.5.1.4 3.6, 3.6.0.1, and 3.6.0.2	Versions 3.6.0.3 and 3.5.1.5	PowerFlex 3.6.0.3 build 107 Complete Software PowerFlex 3.5.1.5 Build 105 Complete Software Download DSA-2021-272
Dell PowerFlex Manager	3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, 3.6.1, 3.7.0, 3.7.1, 3.7.2, and 3.8.0	Version 3.8.0 (Build Number 3.8.0-8187)	For RCM release information: https://cicodeportal.dell.com/#/home For RCM download: https://vce.flexnetoperations.com/control/vcec/product?plneID=740417
VMware vCenter Server Appliance	6.5, 6.7, and 7.0	VMware-VCSA-all-6.5.0-19261680 (6.5 U3s) VMware-VCSA-all-6.7 Update 3q (6.7.0 Build19300125 VMware-VCSA-all-7.0 Update 3c Build 19234570	For RCM release information: https://cicodeportal.dell.com/#/home For RCM download: https://vce.flexnetoperations.com/control/vcec/product?plneID=740417

Affected Products and Remediation:

CVEs	Product	Affected Versions	Updated Versions	Link to update
CVE-2021-44228 CVE-2021-45046 CVE-2021-45105	PowerFlex Rack	RCM 3.5 train: Versions before 3.5.6.0 RCM 3.6 train: Versions before 3.6.2.0	RCM 3.5 train: Version 3.5.6.1 RCM 3.6 train: Versions 3.6.2.1	For RCM release information: https://cicodeportal.dell.com/#/home For RCM download: https://vce.flexnetoperations.com/control/vcec/product?plneID=740417
CVE-2021-44228 CVE-2021-45046 CVE-2021-45105	PowerFlex Rack	RCM 3.3 train: Versions before 3.3.11.0 RCM 3.4 train: Versions before 3.4.6.0	RCM 3.3 train: Versions 3.3.11.3 RCM 3.4 train: Versions 3.4.6.3

Affected Components in the Product:

Component	Affected Versions	Updated Versions	Link to update
Dell PowerFlex Presentation Server	3.5, 3.5.1, 3.5.1.1, 3.5.1.2, 3.5.1.3, 3.5.1.4 3.6, 3.6.0.1, and 3.6.0.2	Versions 3.6.0.3 and 3.5.1.5	PowerFlex 3.6.0.3 build 107 Complete Software PowerFlex 3.5.1.5 Build 105 Complete Software Download DSA-2021-272
Dell PowerFlex Manager	3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, 3.6.1, 3.7.0, 3.7.1, 3.7.2, and 3.8.0	Version 3.8.0 (Build Number 3.8.0-8187)	For RCM release information: https://cicodeportal.dell.com/#/home For RCM download: https://vce.flexnetoperations.com/control/vcec/product?plneID=740417
VMware vCenter Server Appliance	6.5, 6.7, and 7.0	VMware-VCSA-all-6.5.0-19261680 (6.5 U3s) VMware-VCSA-all-6.7 Update 3q (6.7.0 Build19300125 VMware-VCSA-all-7.0 Update 3c Build 19234570	For RCM release information: https://cicodeportal.dell.com/#/home For RCM download: https://vce.flexnetoperations.com/control/vcec/product?plneID=740417

Revision	Date	Description
1.0	2021-12-14	Initial Release
1.1	2021-12-17	Added VMware vCenter Server Appliance workaround KB article link.
1.2	2021-12-22	Added CVE-2021-45105 and remediation guidance
1.3	2022-01-06	Added new ZIP with Log4j 2.17.1 remediation
2.0	2022-02-09	Minor update - Workarounds and Mitigations - PowerFlex Manager section
3.0	2022-02-25	Updated Affected Products and Remediation section, added links to update
4.0	2022-06-01	Update the VMware vCenter Server Appliance links to update

PowerFlex rack

Product Security Information, VMware vCenter Server

文章编号: 000194578

文章类型: Dell Security Advisory

上次修改时间: 01 6月 2022