Article Number: 000199942
High
Component | CVEs | More Information |
PowerFlex components using OpenSSL | CVE-2021-3711, CVE-2021-3712, CVE-2022-0778 |
OpenSSL is used by PowerFlex for Secure communication between its different components. |
PowerFlex Gateway using Spring4Shell | CVE-2022-22965 | Spring article: https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement |
PowerFlex Presentation server and Gateway using Java or OpenJDK | CVE-2022-21248, CVE-2022-21282, CVE-2022-21283, CVE-2022-21293, CVE-2022-21294, CVE-2022-21296 |
Oracle article: https://www.oracle.com/security-alerts/cpujan2022.html#AppendixJAVA |
PowerFlex Custom node R6525 | CVE-2021-26339, CVE-2021-26373, CVE-2021-26347, CVE-2021-26376, CVE-2021-26375, CVE-2021-26378, CVE-2021-26372, CVE-2021-26348, CVE-2021-26342, CVE-2021-26388, CVE-2021-26349, CVE-2021-26364, CVE-2021-26312, CVE-2021-26350 |
Dell article: https://www.dell.com/support/kbdoc/en-vn/000199269/dsa-2022-126-dell-poweredge-server-security-updates-for-amd-server-vulnerabilities |
Component | CVEs | More Information |
PowerFlex components using OpenSSL | CVE-2021-3711, CVE-2021-3712, CVE-2022-0778 |
OpenSSL is used by PowerFlex for Secure communication between its different components. |
PowerFlex Gateway using Spring4Shell | CVE-2022-22965 | Spring article: https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement |
PowerFlex Presentation server and Gateway using Java or OpenJDK | CVE-2022-21248, CVE-2022-21282, CVE-2022-21283, CVE-2022-21293, CVE-2022-21294, CVE-2022-21296 |
Oracle article: https://www.oracle.com/security-alerts/cpujan2022.html#AppendixJAVA |
PowerFlex Custom node R6525 | CVE-2021-26339, CVE-2021-26373, CVE-2021-26347, CVE-2021-26376, CVE-2021-26375, CVE-2021-26378, CVE-2021-26372, CVE-2021-26348, CVE-2021-26342, CVE-2021-26388, CVE-2021-26349, CVE-2021-26364, CVE-2021-26312, CVE-2021-26350 |
Dell article: https://www.dell.com/support/kbdoc/en-vn/000199269/dsa-2022-126-dell-poweredge-server-security-updates-for-amd-server-vulnerabilities |
CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update | |||||
CVE-2021-3711, CVE-2021-3712 CVE-2022-0778 | OpenSSL used by PowerFlex Software |
PowerFlex versions before 3.6.0.4 or latest SVM patch bundle. | PowerFlex 3.6.0.4 OVA includes this updated OpenSSL package SVM Patch bundle from August 4, 2022 |
PowerFlex_3.6.0.4_107_Complete_Software.zip (with latest OVA) SVM_OS_Patching_package_04082022.zip (for use with manual SVM upgrade) For customer managed operating system, must upgrade with package openssl-libs-1.0.2k-24 based package, an example for CentOS7.9: openssl-libs-1.0.2k-24.el7_9.x86_64.rpm. |
|||||
CVE-2022-22965 | PowerFlex Software | PowerFlex versions before 3.6.0.4 or 3.5.1.6 | PowerFlex 3.6.0.4 PowerFlex 3.5.1.6 and later versions |
PowerFlex_3.6.0.4_107_Complete_Software.zip (with latest PowerFlex Gateway rpm) PowerFlex_3.5.1.6_110_Complete_Software.zip (with latest PowerFlex Gateway rpm) |
|||||
CVE-2021-21248 CVE-2021-21282 CVE-2021-21283 CVE-2021-21293 CVE-2021-21294 CVE-2021-21296 | PowerFlex Software | PowerFlex versions before 3.6.0.4 | PowerFlex 3.6.0.4 and later versions | PowerFlex_3.6.0.4_107_Complete_Software.zip (with latest OVA) For customer managed operating system, self-upgrade is required with package java-1.8.0-openjdk-headless-1.8.0.322 based package for the compatible operating system or the java compatible version, an example for CentOS7.9: java-1.8.0-openjdk-headless-1.8.0.322.b06-1.el7_9 Guidelines: Java upgrade prerequisites. |
|||||
CVE-2021-26373 CVE-2021-26339 CVE-2021-26344 CVE-2021-26347 CVE-2021-26376 CVE-2021-26375 CVE-2021-26378 CVE-2021-26372 CVE-2021-26348 CVE-2021-26342 CVE-2021-26388 CVE-2021-26349 CVE-2021-26328 |
R6525 custom node |
BIOS Versions before 2.6.6 for AMD |
AMD BIOS: 2.6.6 | Downloads (when upgrade is with using OME) Documents (when manual upgrade) |
CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update | |||||
CVE-2021-3711, CVE-2021-3712 CVE-2022-0778 | OpenSSL used by PowerFlex Software |
PowerFlex versions before 3.6.0.4 or latest SVM patch bundle. | PowerFlex 3.6.0.4 OVA includes this updated OpenSSL package SVM Patch bundle from August 4, 2022 |
PowerFlex_3.6.0.4_107_Complete_Software.zip (with latest OVA) SVM_OS_Patching_package_04082022.zip (for use with manual SVM upgrade) For customer managed operating system, must upgrade with package openssl-libs-1.0.2k-24 based package, an example for CentOS7.9: openssl-libs-1.0.2k-24.el7_9.x86_64.rpm. |
|||||
CVE-2022-22965 | PowerFlex Software | PowerFlex versions before 3.6.0.4 or 3.5.1.6 | PowerFlex 3.6.0.4 PowerFlex 3.5.1.6 and later versions |
PowerFlex_3.6.0.4_107_Complete_Software.zip (with latest PowerFlex Gateway rpm) PowerFlex_3.5.1.6_110_Complete_Software.zip (with latest PowerFlex Gateway rpm) |
|||||
CVE-2021-21248 CVE-2021-21282 CVE-2021-21283 CVE-2021-21293 CVE-2021-21294 CVE-2021-21296 | PowerFlex Software | PowerFlex versions before 3.6.0.4 | PowerFlex 3.6.0.4 and later versions | PowerFlex_3.6.0.4_107_Complete_Software.zip (with latest OVA) For customer managed operating system, self-upgrade is required with package java-1.8.0-openjdk-headless-1.8.0.322 based package for the compatible operating system or the java compatible version, an example for CentOS7.9: java-1.8.0-openjdk-headless-1.8.0.322.b06-1.el7_9 Guidelines: Java upgrade prerequisites. |
|||||
CVE-2021-26373 CVE-2021-26339 CVE-2021-26344 CVE-2021-26347 CVE-2021-26376 CVE-2021-26375 CVE-2021-26378 CVE-2021-26372 CVE-2021-26348 CVE-2021-26342 CVE-2021-26388 CVE-2021-26349 CVE-2021-26328 |
R6525 custom node |
BIOS Versions before 2.6.6 for AMD |
AMD BIOS: 2.6.6 | Downloads (when upgrade is with using OME) Documents (when manual upgrade) |
Revision | Date | Description |
1.0 | 2022-05-02 | Initial Draft for review |
2.0 | 2022-05-03 | Clarified some OpenSSL upgrade info |
3.0 | 2022-05-06 | Updated CVEs for AMD issue based on new AMD-SN |
PowerFlex custom node, PowerFlex custom node, PowerFlex custom node R650, PowerFlex custom node R6525
Product Security Information
30 Nov 2022
Dell Security Advisory