1 Rookie
•
2 Posts
0
34
June 24th, 2025 17:51
DELL Storage Manger - Apache Log4j 2.0 remote code execution vulnerability 2.17.0
Upon checking the current version of Dell Storage manger, version 20.1.20.48, I see that this current version has the fix for Apache Log4j 2.0 remote code execution vulnerability 2.17.0. I wanted to know if I were to delete the older version of apache Log4j that has the vulnerability ( log4j-core-2.17.0.jar & log4j-api-2.17.0.jar) this will not effect the current version that's part of the patch on Dell Storage manager build 20.1.20.48.
No Events found!
DELL-Joey C
Moderator
•
3.9K Posts
0
June 25th, 2025 00:15
Hi,
I'm not too sure if deleting the older version would not affect the updated version. Here's what I found on DSM security update procedure article that has been publish for remedy: https://www.dell.com/support/kbdoc/en-us/000194790/dsa-2021-310-storage-center-dell-storage-manager-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228-cve-2021-45046