DSA-2024-474: Security Update for Dell PowerFlex Rack Multiple Third-Party Component Vulnerabilities

摘要: Dell PowerFlex Rack remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system

本文章適用於 本文章不適用於 本文無關於任何特定產品。 本文未識別所有產品版本。
查看其他資源

影響

Critical

詳細資料

Third-party Component CVEs More Information
Dell PowerEdge Server BIOS CVE-2023-45745, CVE-2023-47855, CVE-2023-31355, CVE-2024-21978, CVE-2024-21980, CVE-2023-31315, CVE-2023-49141, CVE-2021-26344, CVE-2021-26387, CVE-2021-46772, CVE-2021-46746, CVE-2023-20518, CVE-2023-20578, CVE-2023-20584, CVE-2023-20591, CVE-2023-31356, CVE-2024-21981, CVE-2024-21801, CVE-2024-22374 DSA-2024-160, DSA-2024-306, DSA-2024-344, DSA-2024-160, DSA-2024-350, DSA-2024-359
iDRAC CVE-2024-25943, CVE-2023-48795, CVE-2024-38433, CVE-2024-6387, CVE-2023-29499 DSA-2024-099, DSA-2024-021, DSA-2024-223, DSA-2024-342, DSA-2024-286
OpenSSH CVE-2020-15778 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
CUPS CVE-2024-47176, CVE-2024-47076 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
Cisco Switches CVE-2024-20399 Cisco NX-OS Software CLI Command Injection VulnerabilityThis hyperlink is taking you to a website outside of Dell Technologies.
VMWare CVE-2024-22273, CVE-2024-22274, CVE-2024-22275, CVE-2024-37086, CVE-2024-37087, CVE-2024-37085, CVE-2024-38812, CVE-2024-38813 VMSA-2024-0011This hyperlink is taking you to a website outside of Dell Technologies., VMSA-2024-0013This hyperlink is taking you to a website outside of Dell Technologies., VMSA-2024-0013This hyperlink is taking you to a website outside of Dell Technologies. , VMSA-2024-0019This hyperlink is taking you to a website outside of Dell Technologies.
Python-Cryptography CVE-2023-50782 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
libexpat CVE-2023-52425 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
OpenSSL CVE-2016-2183 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
SQLparse CVE-2023-30608 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
OpenJDK CVE-2024-21094 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
JQuery CVE-2020-11023 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

Dell Technologies 建議所有客戶不僅要參考 CVSS 基本分數,也要將可能會影響與特定安全漏洞相關之潛在嚴重性的所有相關暫時和環境分數納入考量。

受影響的產品與補救措施

Product

Software/Firmware

Affected Versions

Remediated Versions

Link

PowerFlex rack

RCM

Versions prior to 3.6.7.0

 

Version 3.6.7.0 or later

 

RCM release

PowerFlex rack

RCM

Versions prior to 3.8.1.0

Version 3.8.1.0 or later

RCM release

Product

Software/Firmware

Affected Versions

Remediated Versions

Link

PowerFlex rack

RCM

Versions prior to 3.6.7.0

 

Version 3.6.7.0 or later

 

RCM release

PowerFlex rack

RCM

Versions prior to 3.8.1.0

Version 3.8.1.0 or later

RCM release

因應措施與緩解措施

None

修訂歷史記錄

Revision

Date

Description

1.0

2024-12-12

Initial Release

2.0

2025-02-19

Major update; remediation content:
 CVE-2023-50782,CVE-2023-52425,CVE-2016-2183, CVE-2023-30608,CVE-2024-21094 added as remediated since the initial release

3.0

2025-03-24

Major update, remediation content:
CVE-2020-11023 added as remediated since the initial release

 

相關資訊

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

法律免責聲明

受影響的產品

PowerFlex rack
文章屬性
文章編號: 000259564
文章類型: Dell Security Advisory
上次修改時間: 24 3月 2025
向其他 Dell 使用者尋求您問題的答案
支援服務
檢查您的裝置是否在支援服務的涵蓋範圍內。