DSA-2021-293: Dell PowerFlex Appliance Security Update for Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105)
摘要: Dell PowerFlex Appliance remediation is available for the Apache Log4j Remote Code Execution Vulnerability that may be exploited by malicious users to compromise the affected system. Dell recommends implementing this remediation as soon as possible in light of the critical severity of the vulnerability. ...
本文适用于
本文不适用于
本文并非针对某种特定的产品。
本文并非包含所有产品版本。
影响
Critical
详情
| Third-party Component | CVEs | More information |
| Apache Log4j |
CVE-2021-44228 CVE-2021-45046 CVE-2021-45105 |
Apache Log4j Remote Code Execution |
| Third-party Component | CVEs | More information |
| Apache Log4j |
CVE-2021-44228 CVE-2021-45046 CVE-2021-45105 |
Apache Log4j Remote Code Execution |
受影响的产品和补救措施
Affected Products and Remediation
Affected Components in the Product
| CVEs | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2021-4228 CVE-2021-45046 CVE-2021-45105 |
PowerFlex Appliance |
Versions before Intelligent Catalog 38_356_00_r10 |
Intelligent_Catalog_38_356_01_r1 | For IC downloads: https://www.dell.com/support/home/product-support/product/vxflex-appliance-sw/drivers |
| Versions before Intelligent Catalog 38_362_00_r7 | Intelligent_Catalog_38_362_01_r1 |
Affected Components in the Product
| Component | Affected Versions | Updated Versions | Link to update |
| Dell PowerFlex Presentation Server | 3.5, 3.5.1, 3.5.1.1, 3.5.1.2, 3.5.1.3, 3.5.1.4 3.6, 3.6.0.1, and 3.6.0.2 | Versions 3.6.0.3 and 3.5.1.5 | PowerFlex 3.6.0.3 build 107 Complete Software PowerFlex 3.5.1.5 Build 105 Complete Software Download DSA-2021-272 |
| Dell PowerFlex Manager | 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, 3.6.1, 3.7.0, 3.7.1, 3.7.2, and 3.8.0 | Version 3.8.0 (Build Number 3.8.0-8187) | For IC downloads: https://www.dell.com/support/home/product-support/product/vxflex-appliance-sw/drivers |
| VMware vCenter Server Appliance | 6.5, 6.7, and 7.0 | VMware-VCSA-all-6.5.0-19261680 (6.5 U3s) VMware-VCSA-all-6.7 Update 3q (6.7.0 Build19300125 VMware-VCSA-all-7.0 Update 3c Build 19234570 |
For IC downloads: https://www.dell.com/support/home/product-support/product/vxflex-appliance-sw/drivers |
Affected Products and Remediation
Affected Components in the Product
| CVEs | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2021-4228 CVE-2021-45046 CVE-2021-45105 |
PowerFlex Appliance |
Versions before Intelligent Catalog 38_356_00_r10 |
Intelligent_Catalog_38_356_01_r1 | For IC downloads: https://www.dell.com/support/home/product-support/product/vxflex-appliance-sw/drivers |
| Versions before Intelligent Catalog 38_362_00_r7 | Intelligent_Catalog_38_362_01_r1 |
Affected Components in the Product
| Component | Affected Versions | Updated Versions | Link to update |
| Dell PowerFlex Presentation Server | 3.5, 3.5.1, 3.5.1.1, 3.5.1.2, 3.5.1.3, 3.5.1.4 3.6, 3.6.0.1, and 3.6.0.2 | Versions 3.6.0.3 and 3.5.1.5 | PowerFlex 3.6.0.3 build 107 Complete Software PowerFlex 3.5.1.5 Build 105 Complete Software Download DSA-2021-272 |
| Dell PowerFlex Manager | 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, 3.6.1, 3.7.0, 3.7.1, 3.7.2, and 3.8.0 | Version 3.8.0 (Build Number 3.8.0-8187) | For IC downloads: https://www.dell.com/support/home/product-support/product/vxflex-appliance-sw/drivers |
| VMware vCenter Server Appliance | 6.5, 6.7, and 7.0 | VMware-VCSA-all-6.5.0-19261680 (6.5 U3s) VMware-VCSA-all-6.7 Update 3q (6.7.0 Build19300125 VMware-VCSA-all-7.0 Update 3c Build 19234570 |
For IC downloads: https://www.dell.com/support/home/product-support/product/vxflex-appliance-sw/drivers |
修订历史记录
| Revision | Date | Description |
| 1.0 | 2021-12-16 | Initial Release |
| 1.1 | 2021-12-17 | Added VMware vCenter Server Appliance workaround KB article link. |
| 1.2 | 2021-12-22 | Added CVE-2021-45105 and remediation guidance |
| 1.3 | 2022-01-10 | Added new ZIP with Log4j 2.17.1 remediation |
| 2.0 | 2022-02-09 | Minor update - Workarounds and Mitigations - PowerFlex Manager section |
| 3.0 | 2022-02-25 | Updated Affected Products and Remediation section, added links to update |
| 4.0 | 2022-06-01 | updated VMware vCenter remediation |
相关信息
法律免责声明
受影响的产品
PowerFlex Appliance, PowerFlex appliance R650, PowerFlex appliance R6525, Powerflex appliance R750, Product Security Information, PowerFlex Software, PowerFlex appliance R640, PowerFlex appliance R740XD, PowerFlex appliance R840文章属性
文章编号: 000194579
文章类型: Dell Security Advisory
上次修改时间: 01 6月 2022
从其他戴尔用户那里查找问题的答案
支持服务
检查您的设备是否在支持服务涵盖的范围内。