Artikelnummer: 000194578

DSA-2021-292: Dell PowerFlex Rack Security Update for Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105)

Zusammenfassung: Dell PowerFlex Rack remediation is available for the Apache Log4j Remote Code Execution Vulnerability that may be exploited by malicious users to compromise the affected system. Dell recommends implementing this remediation as soon as possible in light of the critical severity of the vulnerability. ...

Artikelinhalt

Auswirkungen

Critical

Details

Third-party Component	CVEs	More information
Apache Log4j	CVE-2021-44228	Apache Log4j Remote Code Execution
	CVE-2021-45046
	CVE-2021-45105

Third-party Component	CVEs	More information
Apache Log4j	CVE-2021-44228	Apache Log4j Remote Code Execution
	CVE-2021-45046
	CVE-2021-45105

Dell Technologies empfiehlt allen Kunden, sowohl die CVSS-Gesamtbewertung als auch alle relevanten zeitlichen und umweltbezogenen Bewertungen zu berücksichtigen, die sich auf den potenziellen Schweregrad einer bestimmten Sicherheitsschwachstelle auswirken können.

Betroffene Produkte und Problembehebung

Affected Products and Remediation:

CVEs	Product	Affected Versions	Updated Versions	Link to update
CVE-2021-44228 CVE-2021-45046 CVE-2021-45105	PowerFlex Rack	RCM 3.5 train: Versions before 3.5.6.0 RCM 3.6 train: Versions before 3.6.2.0	RCM 3.5 train: Version 3.5.6.1 RCM 3.6 train: Versions 3.6.2.1	For RCM release information: https://cicodeportal.dell.com/#/home For RCM download: https://vce.flexnetoperations.com/control/vcec/product?plneID=740417
CVE-2021-44228 CVE-2021-45046 CVE-2021-45105	PowerFlex Rack	RCM 3.3 train: Versions before 3.3.11.0 RCM 3.4 train: Versions before 3.4.6.0	RCM 3.3 train: Versions 3.3.11.3 RCM 3.4 train: Versions 3.4.6.3

Affected Components in the Product:

Component	Affected Versions	Updated Versions	Link to update
Dell PowerFlex Presentation Server	3.5, 3.5.1, 3.5.1.1, 3.5.1.2, 3.5.1.3, 3.5.1.4 3.6, 3.6.0.1, and 3.6.0.2	Versions 3.6.0.3 and 3.5.1.5	PowerFlex 3.6.0.3 build 107 Complete Software PowerFlex 3.5.1.5 Build 105 Complete Software Download DSA-2021-272
Dell PowerFlex Manager	3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, 3.6.1, 3.7.0, 3.7.1, 3.7.2, and 3.8.0	Version 3.8.0 (Build Number 3.8.0-8187)	For RCM release information: https://cicodeportal.dell.com/#/home For RCM download: https://vce.flexnetoperations.com/control/vcec/product?plneID=740417
VMware vCenter Server Appliance	6.5, 6.7, and 7.0	VMware-VCSA-all-6.5.0-19261680 (6.5 U3s) VMware-VCSA-all-6.7 Update 3q (6.7.0 Build19300125 VMware-VCSA-all-7.0 Update 3c Build 19234570	For RCM release information: https://cicodeportal.dell.com/#/home For RCM download: https://vce.flexnetoperations.com/control/vcec/product?plneID=740417

Affected Products and Remediation:

CVEs	Product	Affected Versions	Updated Versions	Link to update
CVE-2021-44228 CVE-2021-45046 CVE-2021-45105	PowerFlex Rack	RCM 3.5 train: Versions before 3.5.6.0 RCM 3.6 train: Versions before 3.6.2.0	RCM 3.5 train: Version 3.5.6.1 RCM 3.6 train: Versions 3.6.2.1	For RCM release information: https://cicodeportal.dell.com/#/home For RCM download: https://vce.flexnetoperations.com/control/vcec/product?plneID=740417
CVE-2021-44228 CVE-2021-45046 CVE-2021-45105	PowerFlex Rack	RCM 3.3 train: Versions before 3.3.11.0 RCM 3.4 train: Versions before 3.4.6.0	RCM 3.3 train: Versions 3.3.11.3 RCM 3.4 train: Versions 3.4.6.3

Affected Components in the Product:

Component	Affected Versions	Updated Versions	Link to update
Dell PowerFlex Presentation Server	3.5, 3.5.1, 3.5.1.1, 3.5.1.2, 3.5.1.3, 3.5.1.4 3.6, 3.6.0.1, and 3.6.0.2	Versions 3.6.0.3 and 3.5.1.5	PowerFlex 3.6.0.3 build 107 Complete Software PowerFlex 3.5.1.5 Build 105 Complete Software Download DSA-2021-272
Dell PowerFlex Manager	3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, 3.6.1, 3.7.0, 3.7.1, 3.7.2, and 3.8.0	Version 3.8.0 (Build Number 3.8.0-8187)	For RCM release information: https://cicodeportal.dell.com/#/home For RCM download: https://vce.flexnetoperations.com/control/vcec/product?plneID=740417
VMware vCenter Server Appliance	6.5, 6.7, and 7.0	VMware-VCSA-all-6.5.0-19261680 (6.5 U3s) VMware-VCSA-all-6.7 Update 3q (6.7.0 Build19300125 VMware-VCSA-all-7.0 Update 3c Build 19234570	For RCM release information: https://cicodeportal.dell.com/#/home For RCM download: https://vce.flexnetoperations.com/control/vcec/product?plneID=740417

Revisionsverlauf

Revision	Date	Description
1.0	2021-12-14	Initial Release
1.1	2021-12-17	Added VMware vCenter Server Appliance workaround KB article link.
1.2	2021-12-22	Added CVE-2021-45105 and remediation guidance
1.3	2022-01-06	Added new ZIP with Log4j 2.17.1 remediation
2.0	2022-02-09	Minor update - Workarounds and Mitigations - PowerFlex Manager section
3.0	2022-02-25	Updated Affected Products and Remediation section, added links to update
4.0	2022-06-01	Update the VMware vCenter Server Appliance links to update

Zugehörige Informationen

Rechtliche Hinweise

Artikeleigenschaften

Betroffenes Produkt

PowerFlex rack

Produkt

Product Security Information, VMware vCenter Server

Letztes Veröffentlichungsdatum

01 Juni 2022

Artikeltyp

Dell Security Advisory

Zurück zum Anfang

Willkommen

Willkommen bei Dell