Security Warnings

Classification
These posts contain security warnings, including digital loopholes, electronic attacks, technical updates, and they are classified base on the level of severity.

Critical

High

Medium

Low

Dell Update

247

Warning Date: 31 March, 2021

Severity Level ● Critical

Warning Number: 2021-2697

Target Sector: All

Description:

Dell EMC has released security update to address multiple vulnerabilities in the following product:

  • Dell SRM and Dell Storage Monitoring and Reporting (SMR)
    • SUSE Linux Binaries
      *Only for vApp.
    • MySQL
    • Apache Tomcat
    • Apache Struts
    • Eclipse Jetty
  • Dell PowerFlex rack kernel-default-base
    • vCenter Server
    • VMware ESXi
    • Embedded OS
    • Cisco Nexus
  • Dell PowerStore Family
    • VMware ESXi 6.7
  • Dell PowerFlex Appliance
    • vCenter Server
    • VMware ESXi
    • Embedded OS
  • Dell Networking W-Series AirWave Wireless Management Suite
    • Aruba Airwave Management System
  • Dell Unisphere for PowerMax, Dell Unisphere for PowerMax Virtual Appliance, Dell Solutions Enabler Virtual Appliance, and Dell PowerMax Embedded Management
    • Oracle
    • Spring Framework
    • OpenSSL
    • Internet Explorer 11
    • Microsoft .NET
    • Windows 10

Threats:

Attacker could exploit these vulnerabilities by doing the following:

  • Unauthorized disclosure of information
  • Buffer Overflow
  • Execute arbitrary code remotely

Best practice and Recommendations:

The CERT team encourages users to review Dell EMC security advisory and apply the necessary updates:

Last updated at 31 March, 2021