All, Information from our engineering team below/.
“Dell is reviewing the recent vulnerability disclosure in the Apache Log4j library to assess both our corporate network and our offerings. The security of our products and network is a top priority and critical to protecting our customers. We will communicate any security updates or mitigations, if necessary, at https://www.dell.com/support/security as they become available.”
Amazed that there is no consolidated response to this issue yet. Support states currently that iDRAC is unaffected but will not provide access to the text of the KB article with the statement "I understand the importance of the knowledge article, Our Senior engineer team is working diligently to find solutions, I would get back to you with the information as soon as possible."
I cannot wrap my head around how access to the "hey, are my systems going to be pwned by anyone who cares to" KB article is a "senior engineering team" issue, but that's the current guidance.
I just got off a long support call with Dell. I was concerned about iDRAC and Open Manage - we don't use other Dell products. My tech support guy was informed by engineering that iDRAC is not affected. Open Manage Server is not affected. Open Manage Enterprise is affected, and a patch is expected to come out no sooner than Dec 17. The reason why my business account can't access the KB is unknown. He recommended contacting our Account Manager, although unfortunately he's out of office for a week.
My tech support guy was informed by engineering that iDRAC is not affected.
I got the same answer about iDRAC but they've also said SupportAssist Enterprise IS vulnerable, and iDRAC9 has some derivative of SupportAssist Enterprise built in. Not sure how these two datapoints square. My open support case sent me some KB article about how to get access to KB articles which was entirely unhelpful.
Same problem here. Spent an hour trying different ways to get to the KB article. Very frustrating. However, I was able to login using my boss' account and pull up the article. I have a Premier account with a whole bunch of computers and network devices registered. Yet I don't have the permission to view something that should have been public informaiton. How stupid is that!