Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.
Sign In Create an Account Dell Financial Services Premier Sign In Partner Program Sign In
Contact Us

Your Dell.com Carts

Article Number: 000189204

DSA-2021-139: Dell Unity, Dell UnityVSA, and Dell Unity XT Security Update for Multiple Vulnerabilities

Summary: Dell Unity, Dell UnityVSA, and Dell Unity XT remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

Article Content

Impact

Medium

Details

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2021-21589 Dell Unity, Unity XT, and UnityVSA versions before 5.1.0.0.5.394 do not exit on failed Initialization. A local authenticated Service user may potentially exploit this vulnerability to escalate privileges. 5.7 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H
CVE-2021-21590 Dell Unity, Unity XT, and UnityVSA versions before 5.1.0.0.5.394 contain a plain-text password storage vulnerability. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user. 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2021-21591 Dell Unity, Unity XT, and UnityVSA versions before 5.1.0.0.5.394 contain a plain-text password storage vulnerability. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user. 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
 
Third-party Component CVEs More Information
apache2 CVE-2019-9517 See NVD (http://nvd.nist.gov/) for individual scores for each CVE.
apache2-mod_jk CVE-2018-11759
bind CVE-2020-8625
CVE-2019-6465
CVE-2018-5745
CVE-2018-5743
CVE-2018-5740
Dell BSAFE™ Micro Edition Suite CVE-2020-1968
cpio CVE-2019-14866
cronie CVE-2019-9705
CVE-2019-9704
curl CVE-2020-8177
dnsmasq CVE-2019-14834
CVE-2017-15107
docker CVE-2019-13139
e2fsprogs CVE-2019-5188
elfutils CVE-2019-7665
CVE-2019-7150
CVE-2018-18521
CVE-2018-18520
CVE-2018-18310
CVE-2018-16403
CVE-2018-16062
CVE-2017-7613
CVE-2017-7612
CVE-2017-7611
CVE-2017-7610
CVE-2017-7608
CVE-2017-7607
expat CVE-2019-15903
CVE-2018-20843
gdb CVE-2019-1010180
gnutls CVE-2018-16868
gpg2 CVE-2019-13050
ipmitool CVE-2020-5208
Javascript library (Bootstrap) CVE-2019-8331
Javascript library (jQuery) CVE-2019-11358
CVE-2015-9251
Javascript library (Sencha Ext) CVE-2018-8046
krb5 CVE-2018-5730
CVE-2018-5729
libfreetype6 CVE-2020-15999
libfuse2 CVE-2018-10906
libmspack0 CVE-2018-18585
CVE-2018-18584
libproxy CVE-2020-26154
CVE-2020-25219
libqb CVE-2019-12779
libseccomp CVE-2019-9893
libtasn1 CVE-2018-1000654
libX11 CVE-2020-14344
CVE-2018-14600
CVE-2018-14599
CVE-2018-14598
libxml2 CVE-2018-14567
CVE-2018-14404
CVE-2018-9251
libxslt CVE-2019-11068
Mesa CVE-2019-5068
mozilla-nspr, mozilla-nss CVE-2019-17006
CVE-2019-11745
CVE-2018-18508
ncurses CVE-2019-17595
CVE-2019-17594
openldap2 CVE-2020-25692
CVE-2019-13565
CVE-2019-13057
CVE-2017-17740
openssl CVE-2020-1971
CVE-2020-1968
perl CVE-2020-12723
CVE-2020-10878
CVE-2020-10543
CVE-2018-18312
perl-DBI CVE-2019-20919
permissions CVE-2019-3690
CVE-2019-3688
postgresql10, libpq5 CVE-2020-1720
python CVE-2020-26116
CVE-2019-20907
CVE-2008-3144
CVE-2008-3143
CVE-2008-3142
screen CVE-2021-26937
sudo CVE-2021-23239
CVE-2019-18634
systemd CVE-2019-20386
CVE-2019-3842
CVE-2018-15688
tar CVE-2019-9923
CVE-2018-20482
tiff CVE-2019-7663
CVE-2019-6128
CVE-2018-19210
CVE-2018-17000
unzip CVE-2018-18384
vim CVE-2019-20807
wicked CVE-2020-7217
CVE-2020-7216
CVE-2019-18903
CVE-2019-18902
xerces-c CVE-2017-12627
zmq CVE-2020-15166
Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2021-21589 Dell Unity, Unity XT, and UnityVSA versions before 5.1.0.0.5.394 do not exit on failed Initialization. A local authenticated Service user may potentially exploit this vulnerability to escalate privileges. 5.7 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H
CVE-2021-21590 Dell Unity, Unity XT, and UnityVSA versions before 5.1.0.0.5.394 contain a plain-text password storage vulnerability. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user. 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2021-21591 Dell Unity, Unity XT, and UnityVSA versions before 5.1.0.0.5.394 contain a plain-text password storage vulnerability. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user. 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
 
Third-party Component CVEs More Information
apache2 CVE-2019-9517 See NVD (http://nvd.nist.gov/) for individual scores for each CVE.
apache2-mod_jk CVE-2018-11759
bind CVE-2020-8625
CVE-2019-6465
CVE-2018-5745
CVE-2018-5743
CVE-2018-5740
Dell BSAFE™ Micro Edition Suite CVE-2020-1968
cpio CVE-2019-14866
cronie CVE-2019-9705
CVE-2019-9704
curl CVE-2020-8177
dnsmasq CVE-2019-14834
CVE-2017-15107
docker CVE-2019-13139
e2fsprogs CVE-2019-5188
elfutils CVE-2019-7665
CVE-2019-7150
CVE-2018-18521
CVE-2018-18520
CVE-2018-18310
CVE-2018-16403
CVE-2018-16062
CVE-2017-7613
CVE-2017-7612
CVE-2017-7611
CVE-2017-7610
CVE-2017-7608
CVE-2017-7607
expat CVE-2019-15903
CVE-2018-20843
gdb CVE-2019-1010180
gnutls CVE-2018-16868
gpg2 CVE-2019-13050
ipmitool CVE-2020-5208
Javascript library (Bootstrap) CVE-2019-8331
Javascript library (jQuery) CVE-2019-11358
CVE-2015-9251
Javascript library (Sencha Ext) CVE-2018-8046
krb5 CVE-2018-5730
CVE-2018-5729
libfreetype6 CVE-2020-15999
libfuse2 CVE-2018-10906
libmspack0 CVE-2018-18585
CVE-2018-18584
libproxy CVE-2020-26154
CVE-2020-25219
libqb CVE-2019-12779
libseccomp CVE-2019-9893
libtasn1 CVE-2018-1000654
libX11 CVE-2020-14344
CVE-2018-14600
CVE-2018-14599
CVE-2018-14598
libxml2 CVE-2018-14567
CVE-2018-14404
CVE-2018-9251
libxslt CVE-2019-11068
Mesa CVE-2019-5068
mozilla-nspr, mozilla-nss CVE-2019-17006
CVE-2019-11745
CVE-2018-18508
ncurses CVE-2019-17595
CVE-2019-17594
openldap2 CVE-2020-25692
CVE-2019-13565
CVE-2019-13057
CVE-2017-17740
openssl CVE-2020-1971
CVE-2020-1968
perl CVE-2020-12723
CVE-2020-10878
CVE-2020-10543
CVE-2018-18312
perl-DBI CVE-2019-20919
permissions CVE-2019-3690
CVE-2019-3688
postgresql10, libpq5 CVE-2020-1720
python CVE-2020-26116
CVE-2019-20907
CVE-2008-3144
CVE-2008-3143
CVE-2008-3142
screen CVE-2021-26937
sudo CVE-2021-23239
CVE-2019-18634
systemd CVE-2019-20386
CVE-2019-3842
CVE-2018-15688
tar CVE-2019-9923
CVE-2018-20482
tiff CVE-2019-7663
CVE-2019-6128
CVE-2018-19210
CVE-2018-17000
unzip CVE-2018-18384
vim CVE-2019-20807
wicked CVE-2020-7217
CVE-2020-7216
CVE-2019-18903
CVE-2019-18902
xerces-c CVE-2017-12627
zmq CVE-2020-15166
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

CVEs Addressed Products Affected Versions Updated Version Link to Update
All the above Dell EMC Unity Operating Environment (OE) Before 5.1.0.0.5.394 5.1.0.0.5.394 https://www.dell.com/support/home/en-us/product-support/product/unity-all-flash-family/drivers
Dell EMC Unity XT Operating Environment (OE) Before 5.1.0.0.5.394 5.1.0.0.5.394
Dell EMC UnityVSA Operating Environment (OE) Before 5.1.0.0.5.394 5.1.0.0.5.394
CVEs Addressed Products Affected Versions Updated Version Link to Update
All the above Dell EMC Unity Operating Environment (OE) Before 5.1.0.0.5.394 5.1.0.0.5.394 https://www.dell.com/support/home/en-us/product-support/product/unity-all-flash-family/drivers
Dell EMC Unity XT Operating Environment (OE) Before 5.1.0.0.5.394 5.1.0.0.5.394
Dell EMC UnityVSA Operating Environment (OE) Before 5.1.0.0.5.394 5.1.0.0.5.394

Revision History

RevisionDateMore Information
1.02021-07-01Initial Release

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Information

Article Properties

Affected Product
Product Security Information, Dell Unity 300, Dell EMC Unity 300F, Dell EMC Unity 350F, Dell EMC Unity XT 380, Dell EMC Unity XT 380F, Dell EMC Unity 400, Dell EMC Unity 400F, Dell EMC Unity 450F, Dell EMC Unity XT 480, Dell EMC Unity XT 480F , Dell EMC Unity 500, Dell EMC Unity 500F, Dell EMC Unity 550F, Dell EMC Unity 600, Dell EMC Unity 600F, Dell EMC Unity 650F, Dell EMC Unity XT 680, Dell EMC Unity XT 680F, Dell EMC Unity XT 880, Dell EMC Unity XT 880F ...
Last Published Date

01 Jul 2021

Article Type

Dell Security Advisory

Back to Top