Dell EMC Security Advisory February 22, 2018

Dell EMC Security Advisories

All Dell EMC Products - Current Year

The “All EMC Products Current Year - Customer ESA List” is a summary of all published Dell EMC Security
Advisories (DSAs).

A DSA provides notification when:

• A Dell EMC product is impacted by a security vulnerability and a remedy that must be applied by
customers is available from Dell EMC.
• Security relevant information or a work-around is required for customers to be able to adequately
protect themselves from attack by malicious parties.
• Dell EMC wants to inform customers about a new or updated recommendation on security best
practices.

Below is a list of all security advisories for 2018. To subscribe to a product specific Dell EMC Advisory, log onto
SupportZone and navigate to https://support.emc.com/preferences/subscriptions/advisories. Select the
products for which you would like to subscribe. For RSA Advisories, log onto https://knowledge.rsasecurity.com.
From the right side banner, under ‘Security Advisory Center’, select ‘Subscribe to Notes & Advisories’. Select
the products for which you would like to subscribe and click ‘submit’. For a list of all prior year DSA’s, please
use the following link in SupportZone: https://support.emc.com/search/?text=docu45184.

Latest updates are highlighted in RED. Active link(s) highlighted in BLUE.

Dell EMC
Article ID Dell EMC Security Advisory Identifier(s) CVE (s) Date
518121 DSA-2018-041: Dell EMC Virtual Storage DSA-2018-041 See Advisory 21-Feb-2018
Integrator for VMware vSphere Security
Update for Multiprocessor Side-Channel
Analysis Attacks (Meltdown and Spectre)
518084 DSA-2018-031: Dell EMC Cloud Tiering DSA-2018-031 See Advisory 21-Feb-2018
Appliance Security Update for Multiple
Vulnerabilities in Third Party

517851 DSA-2018-039: Dell EMC Enterprise Hybrid DSA-2018-039 See Advisory 19-Feb-2018
Cloud Security Update for embedded Dell EMC
ScaleIO

517849 DSA-2018-019: Dell EMC Enterprise Hybrid DSA-2018-019 See Advisory 19-Feb-2018
Cloud Security Update for embedded Dell EMC
Data Domain

517847 DSA-2018-036: Dell EMC RecoverPoint DSA-2018-036 See Advisory 19-Feb-2018

Security Update for Oracle JRE

1
 Dell EMC Security Advisory February 22, 2018

Dell EMC
Article ID Dell EMC Security Advisory Identifier(s) CVE (s) Date
517702 DSA-2018-016: Dell EMC NetWorker vProxy DSA-2018-016 See Advisory 14-Feb-2018
Security Update for Linux Kernel
Vulnerabilities

RSA Link DSA-2018-027: RSA Security Analytics Security DSA-2018-027 See Advisory 13-Feb-2018
Update for multiple embedded component
vulnerabilities

RSA Link DSA-2018-026 RSA® Authentication Manager DSA-2018-026 See Advisory 12-Feb-2018
Security Update for Vulnerabilities in Apache
Struts

517610 DSA-2018-030: Dell EMC Atmos Security DSA-2018-030 See Advisory 12-Feb-2018
Update for SUSE Linux Enterprise Server
components

517504 DSA-2018-032: Dell EMC ESRS-Virtual DSA-2018-032 See Advisory 08-Feb-2018

Edition Security Update for Multiple
Embedded Component Vulnerabilities

517448 DSA-2018-029: EMC ESRS-Virtual Edition DSA-2018-029 See Advisory 07-Feb-2018

Security Update for Multiprocessor Side-
Channel Analysis Attacks (Meltdown and
Spectre)
517409 DSA-2018-024: Dell EMC VMAX Virtual DSA-2018-024 See Advisory 06-Feb-2018
Appliance (vApp) Manager Multiple
Vulnerabilities
517396 DSA-2018-021: Dell EMC NetWorker Security DSA-2018-021 CVE-2017-7679 06-Feb-2018
Update for Apache HTTP

517391 DSA-2018-020: Dell EMC Data Protection DSA-2018-020 CVE-2018-1206 06-Feb-2018

Advisor Hardcoded Password Vulnerability

517389 DSA-2018-010: Dell EMC Avamar Security DSA-2018-010 See Advisory 06-Feb-2018
Update for Jackson-Databind Vulnerabilities

517328 DSA-2018-022: Dell EMC Unisphere for VMAX DSA-2018-022 See Advisory 05-Feb-2018
Virtual Appliance, Dell EMC VASA Virtual
Appliance, Dell EMC Solutions Enabler Virtual
517321 DSA-2018-028: Dell EMC Connectrix B-Series DSA-2018-028 CVE-2017-6225 05-Feb-2018
Fabric OS Multiple Cross-Site Scripting
Vulnerabilities

2
 Dell EMC Security Advisory February 22, 2018

Dell EMC
Article ID Dell EMC Security Advisory Identifier(s) CVE (s) Date
517320 DSA-2018-017: DELL EMC ViPR SRM and DSA-2018-017 See Advisory 05-Feb-2018
Dell EMC Storage M&R Security Update for
Multiple Embedded Component Vulnerabilities
517318 DSA-2018-008: DELL EMC Cloud Tiering DSA-2018-008 See Advisory 05-Feb-2018
Appliance Security Update for Multiple
Vulnerabilities in Embedded Components
516831 ESA-2018-015: EMC RecoverPoint Command ESA-2018-015 See Advisory 23-Jan-2018
Injection Vulnerabilities

516692 ESA-2018-014: EMC ESRS-Virtual Edition ESA-2018-014 See Advisory 22-Jan-2018

Security Update for Multiple Embedded
Component Vulnerabilities
RSA Link ESA-2018-003: RSA® Authentication Manager ESA-2018-003 See Advisory 17-Jan-2018
Security Update for Oracle WebLogic
Vulnerabilities
RSA Link ESA-2018-002: RSA® Authentication Manager ESA-2018-002 CVE-2017-15546 17-Jan-2018
SQL Injection Vulnerability

516514 ESA-2018-006: EMC Data Protection Advisor ESA-2018-006 See Advisory 15-Jan-2018
Security Update for Oracle Java Runtime
Environment (JRE) Vulnerabilities
516422 ESA-2018-012: EMC ViPR Controller Security ESA-2018-012 See Advisory 11-Jan-2018
Update for Multiple Security Vulnerabilities

RSA Link ESA-2018-004: RSA Validation Manager ESA-2018-004 See Advisory 05-Jan-2018
Security Update for RSA® BSAFE MES

516140 ESA-2018-007: EMC ESRS Virtual Edition ESA-2018-007 See Advisory 04-Jan-2018
Security Update for Linux Kernel

516138 ESA-2018-009: EMC CloudArray Security ESA-2018-009 See Advisory 04-Jan-2018

Update for Samba Vulnerabilities

515814 ESA-2018-001: EMC Avamar Server, ESA-2018-001 See Advisory 03-Jan-2018

NetWorker Virtual Edition and Integrated Data
Protection Appliance Multiple Security
Vulnerabilities