Dell EMC Updates
2448Warning Date
Severity Level
Warning Number
Target Sector
19 April, 2020
● Critical
2020-1156
All
Description:
DELL EMC has released security updates to address several vulnerabilities in the following products:
- Dell EMC Enterprise Hybrid Cloud
- 4.1.2
- Dell EMC Integrated Data Protection Appliance
- 2.0
- 2.1
- 2.2
- 2.3
- 2.4
- 2.5
- Dell EMC VxFlex OS
- prior to 3.0.1.1
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Sensitive information disclosure
- Take control of the web content
- Denial of Service (DoS)
- Man in the Middle (MitM)
Best practice and Recommendations:
The CERT team encourages users to review DELL EMC security advisory and apply the necessary updates:
- https://www.dell.com/support/security/en-us/details/542855/DSA-2020-104-Dell-EMC-Enterprise-Hybrid-Cloud-security-update-for-vCenter-Server-vulnerability
- https://www.dell.com/support/security/en-us/details/542863/DSA-2020-076-Dell-EMC-Integrated-Data-Protection-Appliance-Security-Update-for-Apache-Tomcat-Ghos
- https://www.dell.com/support/security/en-us/details/542888/DSA-2020-107-Dell-EMC-VxFlex-OS-Security-Update-for-ESX-VCenter-Vulnerabilities