QID 730367

Date Published: 2022-02-24

QID 730367: Dell EMC SRM Remote Code Execution (RCE) Vulnerability (DSA-2021-301)

Dell Storage Resource Manager (SRM) is a comprehensive monitoring and reporting solution that helps IT visualize, analyze and optimize today's storage infrastructure while providing a management framework that supports investments in on-prem and cloud storage infrastructure.

Dell EMC SRM using apache log4j libraries as a third party component those are vulnerable to remote code execution.

Affected Versions:
Dell EMC SRM 4.5.0.0 and 4.5.0.1
Dell EMC SRM 4.6.0.0 and 4.6.0.1

QID Detection Logic:(Unauthenticated)
This QID checks for vulnerable version of Dell EMC SRM by checking the HTTP response of /APG/info/about.

Successful exploitation of these vulnerabilities may allow an remote attacker to execute arbitrary code on the target system.

  • CVSS V3 rated as Critical - 10 severity.
  • CVSS V2 rated as Critical - 9.3 severity.
  • Solution
    Customer are advised to download Dell EMC SRM 4.5.0.2 or 4.6.0.2 or later to remediate these vulnerabilities. Please refer to DSA-2021-301 for more information.

    CVEs related to QID 730367

    Software Advisories
    Advisory ID Software Component Link
    DSA-2021-301 URL Logo www.dell.com/support/kbdoc/en-in/000194613/dsa-2021-301