Threat Prevention

Last reply by 12-24-2021 Solved
Start a Discussion
2 Bronze
2 Bronze

Log4J Vulnerability: Affected software?

I was wondering which. if  any Dell software is affected by the Log4j Vulnerability CVE-2021-44228? I did find an article which linked to a list of the software. However I cannot get to the list as it simply says, "This article is permission based. Find another article.".

Solution (1)

Accepted Solutions
Moderator
Moderator

All, Information from our engineering team below/.

“Dell is reviewing the recent vulnerability disclosure in the Apache Log4j library to assess both our corporate network and our offerings. The security of our products and network is a top priority and critical to protecting our customers. We will communicate any security updates or mitigations, if necessary, at https://www.dell.com/support/security as they become available.”

 



View solution in original post

Dell Accepted Solution
Replies (19)
2 Bronze
2 Bronze

Amazed that there is no consolidated response to this issue yet.  Support states currently that iDRAC is unaffected but will not provide access to the text of the KB article with the statement "I understand the importance of the knowledge article, Our Senior engineer team is working diligently to find solutions, I would get back to you with the information as soon as possible."

I cannot wrap my head around how access to the "hey, are my systems going to be pwned by anyone who cares to" KB article is a "senior engineering team" issue, but that's the current guidance.  

2 Bronze
2 Bronze

Same issue did login with my Workaccount but are unable to fetch a list/article for impacted product/tools like DSM and other!

same

2 Bronze
2 Bronze

Same

2 Bronze
2 Bronze

same

2 Bronze
2 Bronze

Also experiencing this issue.

2 Bronze
2 Bronze

I just got off a long support call with Dell. I was concerned about iDRAC and Open Manage - we don't use other Dell products.  My tech support guy was informed by engineering that iDRAC is not affected.  Open Manage Server is not affected.  Open Manage Enterprise is affected, and a patch is expected to come out no sooner than Dec 17.  The reason why my business account can't access the KB is unknown. He recommended contacting our Account Manager, although unfortunately he's out of office for a week.  

@CeCe19 wrote:

My tech support guy was informed by engineering that iDRAC is not affected. 

I got the same answer about iDRAC but they've also said SupportAssist Enterprise IS vulnerable, and iDRAC9 has some derivative of SupportAssist Enterprise built in.  Not sure how these two datapoints square.  My open support case sent me some KB article about how to get access to KB articles which was entirely unhelpful.

2 Bronze
2 Bronze

Same problem here. Spent an hour trying different ways to get to the KB article. Very frustrating. However, I was able to login using my boss' account and pull up the article. I have a Premier account with a whole bunch of computers and network devices registered. Yet I don't have the permission to view something that should have been public informaiton. How stupid is that!

Top Contributor
Latest Solutions