DSA-2021-293: Dell PowerFlex Appliance Security Update for Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105)
摘要: Dell PowerFlex Appliance remediation is available for the Apache Log4j Remote Code Execution Vulnerability that may be exploited by malicious users to compromise the affected system. Dell recommends implementing this remediation as soon as possible in light of the critical severity of the vulnerability. ...
本文章適用於
本文章不適用於
本文無關於任何特定產品。
本文未識別所有產品版本。
影響
Critical
詳細資料
| Third-party Component | CVEs | More information |
| Apache Log4j |
CVE-2021-44228 CVE-2021-45046 CVE-2021-45105 |
Apache Log4j Remote Code Execution |
| Third-party Component | CVEs | More information |
| Apache Log4j |
CVE-2021-44228 CVE-2021-45046 CVE-2021-45105 |
Apache Log4j Remote Code Execution |
受影響的產品與補救措施
Affected Products and Remediation
Affected Components in the Product
| CVEs | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2021-4228 CVE-2021-45046 CVE-2021-45105 |
PowerFlex Appliance |
Versions before Intelligent Catalog 38_356_00_r10 |
Intelligent_Catalog_38_356_01_r1 | For IC downloads: https://www.dell.com/support/home/product-support/product/vxflex-appliance-sw/drivers |
| Versions before Intelligent Catalog 38_362_00_r7 | Intelligent_Catalog_38_362_01_r1 |
Affected Components in the Product
| Component | Affected Versions | Updated Versions | Link to update |
| Dell PowerFlex Presentation Server | 3.5, 3.5.1, 3.5.1.1, 3.5.1.2, 3.5.1.3, 3.5.1.4 3.6, 3.6.0.1, and 3.6.0.2 | Versions 3.6.0.3 and 3.5.1.5 | PowerFlex 3.6.0.3 build 107 Complete Software PowerFlex 3.5.1.5 Build 105 Complete Software Download DSA-2021-272 |
| Dell PowerFlex Manager | 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, 3.6.1, 3.7.0, 3.7.1, 3.7.2, and 3.8.0 | Version 3.8.0 (Build Number 3.8.0-8187) | For IC downloads: https://www.dell.com/support/home/product-support/product/vxflex-appliance-sw/drivers |
| VMware vCenter Server Appliance | 6.5, 6.7, and 7.0 | VMware-VCSA-all-6.5.0-19261680 (6.5 U3s) VMware-VCSA-all-6.7 Update 3q (6.7.0 Build19300125 VMware-VCSA-all-7.0 Update 3c Build 19234570 |
For IC downloads: https://www.dell.com/support/home/product-support/product/vxflex-appliance-sw/drivers |
Affected Products and Remediation
Affected Components in the Product
| CVEs | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2021-4228 CVE-2021-45046 CVE-2021-45105 |
PowerFlex Appliance |
Versions before Intelligent Catalog 38_356_00_r10 |
Intelligent_Catalog_38_356_01_r1 | For IC downloads: https://www.dell.com/support/home/product-support/product/vxflex-appliance-sw/drivers |
| Versions before Intelligent Catalog 38_362_00_r7 | Intelligent_Catalog_38_362_01_r1 |
Affected Components in the Product
| Component | Affected Versions | Updated Versions | Link to update |
| Dell PowerFlex Presentation Server | 3.5, 3.5.1, 3.5.1.1, 3.5.1.2, 3.5.1.3, 3.5.1.4 3.6, 3.6.0.1, and 3.6.0.2 | Versions 3.6.0.3 and 3.5.1.5 | PowerFlex 3.6.0.3 build 107 Complete Software PowerFlex 3.5.1.5 Build 105 Complete Software Download DSA-2021-272 |
| Dell PowerFlex Manager | 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, 3.6.1, 3.7.0, 3.7.1, 3.7.2, and 3.8.0 | Version 3.8.0 (Build Number 3.8.0-8187) | For IC downloads: https://www.dell.com/support/home/product-support/product/vxflex-appliance-sw/drivers |
| VMware vCenter Server Appliance | 6.5, 6.7, and 7.0 | VMware-VCSA-all-6.5.0-19261680 (6.5 U3s) VMware-VCSA-all-6.7 Update 3q (6.7.0 Build19300125 VMware-VCSA-all-7.0 Update 3c Build 19234570 |
For IC downloads: https://www.dell.com/support/home/product-support/product/vxflex-appliance-sw/drivers |
修訂歷史記錄
| Revision | Date | Description |
| 1.0 | 2021-12-16 | Initial Release |
| 1.1 | 2021-12-17 | Added VMware vCenter Server Appliance workaround KB article link. |
| 1.2 | 2021-12-22 | Added CVE-2021-45105 and remediation guidance |
| 1.3 | 2022-01-10 | Added new ZIP with Log4j 2.17.1 remediation |
| 2.0 | 2022-02-09 | Minor update - Workarounds and Mitigations - PowerFlex Manager section |
| 3.0 | 2022-02-25 | Updated Affected Products and Remediation section, added links to update |
| 4.0 | 2022-06-01 | updated VMware vCenter remediation |
相關資訊
法律免責聲明
受影響的產品
PowerFlex Appliance, PowerFlex appliance R650, PowerFlex appliance R6525, Powerflex appliance R750, Product Security Information, PowerFlex Software, PowerFlex appliance R640, PowerFlex appliance R740XD, PowerFlex appliance R840文章屬性
文章編號: 000194579
文章類型: Dell Security Advisory
上次修改時間: 01 6月 2022
向其他 Dell 使用者尋求您問題的答案
支援服務
檢查您的裝置是否在支援服務的涵蓋範圍內。