DSA-2021-287: Dell EMC SRS Policy Manager Security Update for Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105)

Table of Contents

Detailed Article

Impact

Details

Affected Products & Remediation

Workarounds & Mitigations

Revision History

Related Info

Legal Disclaimer

Affected Products

Provide Feedback

Summary: Dell EMC SRS Policy Manager remediation is available for the Apache Log4j Remote Code Execution Vulnerability that may be exploited by malicious users to compromise the affected system. Dell recommends implementing this remediation as soon as possible in light of the critical severity of the vulnerability. ...

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.

Check out other resources

Impact

Critical

Details

Third-party Component	CVEs	More information
Apache Log4j	CVE-2021-44228	Apache Log4j Remote Code Execution
	CVE-2021-45046
	CVE-2021-45105

Third-party Component	CVEs	More information
Apache Log4j	CVE-2021-44228	Apache Log4j Remote Code Execution
	CVE-2021-45046
	CVE-2021-45105

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

Product	Affected Version	Updated Versions	Link to Update
SRS Policy Manager	7.0	7.1	https://www.dell.com/support/home/en-us/product-support/product/emc-secure-remote-services/drivers

Note: Versions 6.6 and 6.8 are not impacted.

Product	Affected Version	Updated Versions	Link to Update
SRS Policy Manager	7.0	7.1	https://www.dell.com/support/home/en-us/product-support/product/emc-secure-remote-services/drivers

Note: Versions 6.6 and 6.8 are not impacted.

Workarounds & Mitigations

See KB article 194537: SRS Policy Manager 7.0 - remediation for Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105) (Acess to this article requires log in to Dell Support.)

Revision History

Revision	Date	Description
1.0	2021-12-15	Initial Release
1.1	2021-12-21	Version Updated
1.2	2022-02-02	Added link to workaround at the request of Champion and Customer Support

Related Information

Legal Disclaimer

Affected Products

EMC Secure Remote Services, Secure Remote Services, Secure Remote Services Virtual Edition, Product Security Information

Article Number: 000194544

Article Type: Dell Security Advisory

Last Modified: 02 Feb 2022

Check if your device is covered by Support Services.

DSA-2021-287: Dell EMC SRS Policy Manager Security Update for Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105)

Impact

Details

Affected Products & Remediation

Workarounds & Mitigations

Revision History

Related Information

Legal Disclaimer

Affected Products

Article Properties

Find answers to your questions from other Dell users

Support Services

Article Properties

Find answers to your questions from other Dell users

Support Services

Welcome

Welcome to Dell

DSA-2021-287: Dell EMC SRS Policy Manager Security Update for Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105)

Detailed Article

Impact

Details

Affected Products & Remediation

Workarounds & Mitigations

Revision History

Related Info

Legal Disclaimer

Affected Products

Impact

Details

Affected Products & Remediation

Workarounds & Mitigations

Revision History

Related Information

Legal Disclaimer

Affected Products

Article Properties

Find answers to your questions from other Dell users

Support Services

Article Properties

Find answers to your questions from other Dell users

Support Services