Please note: This website includes an accessibility system. Press Control-F11 to adjust the website to the visually impaired who are using a screen reader; Press Control-F10 to open an accessibility menu.

Apache Log4j Vulnerability

Apache Log4j Vulnerability

Apache Log4j Vulnerability

Lenovo Security Advisory: LEN-76573

Potential Impact: Remote code execution, denial of service

Severity: Critical

Scope of Impact: Industry-wide

CVE Identifier: CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, CVE-2021-4104, CVE-2021-44832

Summary Description:

Lenovo is aware of the industry-wide security issues, CVE-2021-44228, CVE-2021-45046, CVE-2021-4104, CVE-2021-45105, and CVE-2021-44832, with Apache Log4j used on a wide range of internet-connected products.

Log4j v1.x is vulnerable to a variant of CVE-2021-44228, identified as CVE-2021-4104. This Log4j v1.x variant his different exposure, exploitability, and severity than the initial Log4j v2.x vulnerability. Log4j v1.x is not reported to be vulnerable to CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, or CVE-2021-44832.
Log4j v2.x is vulnerable to CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, and CVE-2021-44832. Log4j v2.x is not reported to be vulnerable to CVE-2021-4104.

 

Mitigation Strategy for Customers (what you should do to protect yourself):

See the Product Impact section below for Affected components and their fix versions or mitigation guidance as well as a list of Not Affected components (not exhaustive).

 

Product Impact:

To download the version specified for your product below, follow these steps:

Navigate to the Drivers & Software support site for your product:

  1. Search for your product by name or machine type.
  2. Click Drivers & Software on the left menu panel.
  3. Click on Manual Update to browse by Component type.
  4. Compare the minimum fix version for your product from the applicable product table below with the latest version posted on the support site.

Lenovo also offers tools to assist with update management as an alternative to the manual steps described above. Refer to the following for additional help:

PC Products and Software: https://support.lenovo.com/us/en/solutions/ht504759

Server and Enterprise Software: https://support.lenovo.com/us/en/solutions/lnvo-lxcaupd and https://datacentersupport.lenovo.com/us/en/documents/lnvo-center

 

Click below links to view affected components:

Networking Switches

Software

Storage

ThinkAgile

ThinkServer

ThinkStation

ThinkSystem

 

Click here for a list of Not Affected components

 

References:

https://logging.apache.org/log4j/2.x/security.html

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228

https://nvd.nist.gov/vuln/detail/CVE-2021-44228

https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/

https://access.redhat.com/security/vulnerabilities/RHSB-2021-009

https://security-tracker.debian.org/tracker/CVE-2021-44228

Nutanix advisory - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf

NetApp advisories

 

Revision History:

Revision

Date

Description

26 2023-06-14 Corrected CVE typo "CVE-2021-4510" to "CVE-2021-45105"
25 2022-02-07 Updated Storage, ThinkAgile
24 2022-02-02 Updated Not Affected
23 2022-01-26 Updated System x
22 2022-01-19 Updated Not Affected, System x, ThinkAgile
21 2022-01-14 Updated ThinkAgile
20 2022-01-12 Updated Summary Description, Mitigation Strategy, Not Affected
19 2022-01-11 Updated Not Affected
18 2022-01-10 Updated Not Affected,Network Switches, Storage, System x
17 2022-01-07 Updated Software
16 2022-01-06 Updated Not Affected, System x
15 2022-01-05 Updated Software, ThinkStation
14 2022-01-04 Updated Software, ThinkStation, ThinkSystem
13 2021-12-29 Updated Summary Description and Product Impact with CVE-2021-44832
12 2021-12-22 Updated Not Affected and References
11 2021-12-21 Updated Summary Description with clarity around log4j 1.x and 2.x. Updated Storage, System x
10 2021-12-20 Added CVE-2021-4104 and updated Product Impact - Software, Storage, System x, ThinkAgile, Not Affected
9 2021-12-19 Added CVE-2021-45105 and updated Product Impact to include CVE-2021-45105
8 2021-12-17 Updated Product Impact section - Networking Switches, Software, Storage, Not Affected
7 2021-12-16 Updated Product Impact section to include target availability for fixes
6 2021-12-15 Updated Product Impact section
5 2021-12-14 Removed Java version reference for LXCA and LXCI for VMware vCenter
4 2021-12-14 Updated Product Impact section
3 2021-12-13 Updated Product Impact section
2 2021-12-13 Added Mitigation Strategy, References, and Product Impact sections
1 2021-12-13 Initial release

For a complete list of all Lenovo Product Security Advisories, click here.

For the most up to date information, please remain current with updates and advisories from Lenovo regarding your equipment and software. The information provided in this advisory is provided on an “as is” basis without any warranty or guarantee of any kind. Lenovo reserves the right to change or update this advisory at any time.

 

Product Impact:

Affected

Please note that the Components listed below are affected. Products listed below are not affected if they are not utilizing the vulnerable Component.

 

Networking Switches

Product Component CVE-2021-44228, CVE-2021-45046 CVE-2021-45105 CVE-2021-44832
Lenovo - B300 FC SAN Switch Brocade BNA and SANnav https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1651 Not Affected Not Affected
Lenovo - B6505 FC SAN Switch Brocade BNA and SANnav https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1651 Not Affected Not Affected
Lenovo - B6510 FC SAN Switch Brocade BNA and SANnav https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1651 Not Affected Not Affected
Lenovo ThinkSystem DB400D FC Switch Brocade BNA and SANnav https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1651 Not Affected Not Affected
Lenovo ThinkSystem DB610S FC Switch Brocade BNA and SANnav https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1651 Not Affected Not Affected
Lenovo ThinkSystem DB620S FC Switch Brocade BNA and SANnav https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1651 Not Affected Not Affected
Lenovo ThinkSystem DB630S FC Switch Brocade BNA and SANnav https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1651 Not Affected Not Affected
Lenovo ThinkSystem DB720S FC Switch Brocade BNA and SANnav https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1651 Not Affected Not Affected
Lenovo ThinkSystem DB800D FC Switch Brocade BNA and SANnav https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1651 Not Affected Not Affected

 

Software

Product Component CVE-2021-44228, CVE-2021-45046 CVE-2021-45105 CVE-2021-44832
Lenovo DSS-G Lenovo DSS-G (only GUI affected) See https://hpc.lenovo.com/dssg/dssg-log4j.html for risk exposure, resolution and mitigations See https://hpc.lenovo.com/dssg/dssg-log4j.html for risk exposure, resolution and mitigations Not Affected
Lenovo XClarity Administrator Lenovo XClarity Administrator (LXCA) 3.4.5 Not Affected Not Affected
Lenovo XClarity Administrator Lenovo XClarity Administrator Virtual Appliance Full Image (For KVM) 3.4.5 Not Affected Not Affected
Lenovo XClarity Administrator Lenovo XClarity Administrator Virtual Appliance Full Image (For VMWare) 3.4.5 Not Affected Not Affected
Lenovo XClarity Administrator Lenovo XClarity Administrator Virtual Appliance Full Image (For Windows) 3.4.5 Not Affected Not Affected
Lenovo XClarity Energy Manager Lenovo XClarity Energy Manager (LXEM) 3.3.0 Not Affected Not Affected
Lenovo xClarity Integrator Lenovo XClarity Integrator (LXCI) for VMware vCenter 7.5.0 Not Affected Not Affected

 

Storage

Product Component CVE-2021-44228, CVE-2021-45046 CVE-2021-45105 CVE-2021-44832
DM120S (ThinkSystem) ONTAP Tools for VMware vSphere (OTV) for DM Series https://datacentersupport.lenovo.com/us/en/solutions/ht513178 https://datacentersupport.lenovo.com/us/en/solutions/ht513178 Not Affected
DM120S (ThinkSystem) OnCommand Workflow Automation Linux DM Series https://datacentersupport.lenovo.com/us/en/solutions/ht513178 Not Affected Not Affected
DM120S (ThinkSystem) OnCommand Workflow Automation Windows DM Series https://datacentersupport.lenovo.com/us/en/solutions/ht513178 Not Affected Not Affected
DM120S (ThinkSystem) SnapCenter Plug-in for VMware DM Series https://datacentersupport.lenovo.com/us/en/solutions/ht513178 Not Affected Not Affected
DM120S (ThinkSystem) ThinkSystem Intelligent Monitoring Unified Manager for Linux for DM Series https://datacentersupport.lenovo.com/us/en/solutions/ht513178 Not Affected Not Affected
DM120S (ThinkSystem) ThinkSystem Intelligent Monitoring Unified Manager for VMware for DM Series https://datacentersupport.lenovo.com/us/en/solutions/ht513178 Not Affected Not Affected
DM120S (ThinkSystem) ThinkSystem Intelligent Monitoring Unified Manager for Windows for DM Series https://datacentersupport.lenovo.com/us/en/solutions/ht513178 Not Affected Not Affected
DM240N (ThinkSystem) ONTAP Tools for VMware vSphere (OTV) for DM Series https://datacentersupport.lenovo.com/us/en/solutions/ht513178 https://datacentersupport.lenovo.com/us/en/solutions/ht513178 Not Affected
DM240N (ThinkSystem) SnapCenter Plug-in for VMware DM Series https://datacentersupport.lenovo.com/us/en/solutions/ht513178 Not Affected Not Affected
DM240S (ThinkSystem) ONTAP Tools for VMware vSphere (OTV) for DM Series https://datacentersupport.lenovo.com/us/en/solutions/ht513178 https://datacentersupport.lenovo.com/us/en/solutions/ht513178 Not Affected
DM240S (ThinkSystem) OnCommand Workflow Automation Linux DM Series https://datacentersupport.lenovo.com/us/en/solutions/ht513178 Not Affected Not Affected
DM240S (ThinkSystem) OnCommand Workflow Automation Windows DM Series https://datacentersupport.lenovo.com/us/en/solutions/ht513178 Not Affected Not Affected
DM240S (ThinkSystem) SnapCenter Plug-in for VMware DM Series https://datacentersupport.lenovo.com/us/en/solutions/ht513178 Not Affected Not Affected
DM240S (ThinkSystem) ThinkSystem Intelligent Monitoring Unified Manager for Linux for DM Series https://datacentersupport.lenovo.com/us/en/solutions/ht513178 Not Affected Not Affected
DM240S (ThinkSystem) ThinkSystem Intelligent Monitoring Unified Manager for VMware for DM Series https://datacentersupport.lenovo.com/us/en/solutions/ht513178 Not Affected Not Affected
DM240S (ThinkSystem) ThinkSystem Intelligent Monitoring Unified Manager for Windows for DM Series https://datacentersupport.lenovo.com/us/en/solutions/ht513178 Not Affected Not Affected
DM3000H (ThinkSystem) ONTAP Tools for VMware vSphere (OTV) for DM Series https://datacentersupport.lenovo.com/us/en/solutions/ht513178 https://datacentersupport.lenovo.com/us/en/solutions/ht513178 Not Affected
DM3000H (ThinkSystem) OnCommand Workflow Automation Linux DM Series https://datacentersupport.lenovo.com/us/en/solutions/ht513178 Not Affected Not Affected
DM3000H (ThinkSystem) OnCommand Workflow Automation Windows DM Series https://datacentersupport.lenovo.com/us/en/solutions/ht513178 Not Affected Not Affected
DM3000H (ThinkSystem) SnapCenter Plug-in for VMware DM Series https://datacentersupport.lenovo.com/us/en/solutions/ht513178 Not Affected Not Affected
DM3000H (ThinkSystem) ThinkSystem Intelligent Monitoring Unified Manager for Linux for DM Series https://datacentersupport.lenovo.com/us/en/solutions/ht513178 Not Affected Not Affected
DM3000H (ThinkSystem) ThinkSystem Intelligent Monitoring Unified Manager for VMware for DM Series https://datacentersupport.lenovo.com/us/en/solutions/ht513178 Not Affected Not Affected
DM3000H (ThinkSystem) ThinkSystem Intelligent Monitoring Unified Manager for Windows for DM Series https://datacentersupport.lenovo.com/us/en/solutions/ht513178 Not Affected Not Affected
DM5000F (ThinkSystem) ONTAP Tools for VMware vSphere (OTV) for DM Series https://datacentersupport.lenovo.com/us/en/solutions/ht513178 https://datacentersupport.lenovo.com/us/en/solutions/ht513178 Not Affected
DM5000F (ThinkSystem) OnCommand Workflow Automation Linux DM Series https://datacentersupport.lenovo.com/us/en/solutions/ht513178 Not Affected Not Affected
DM5000F (ThinkSystem) OnCommand Workflow Automation Windows DM Series https://datacentersupport.lenovo.com/us/en/solutions/ht513178 Not Affected Not Affected
DM5000F (ThinkSystem) SnapCenter Plug-in for VMware DM Series https://datacentersupport.lenovo.com/us/en/solutions/ht513178 Not Affected Not Affected
DM5000F (ThinkSystem) ThinkSystem Intelligent Monitoring Unified Manager for Linux for DM Series https://datacentersupport.lenovo.com/us/en/solutions/ht513178 Not Affected Not Affected
DM5000F (ThinkSystem) ThinkSystem Intelligent Monitoring Unified Manager for VMware for DM Series https://datacentersupport.lenovo.com/us/en/solutions/ht513178 Not Affected Not Affected
DM5000F (ThinkSystem) ThinkSystem Intelligent Monitoring Unified Manager for Windows for DM Series https://datacentersupport.lenovo.com/us/en/solutions/ht513178 Not Affected Not Affected
DM5000H (ThinkSystem) ONTAP Tools for VMware vSphere (OTV) for DM Series https://datacentersupport.lenovo.com/us/en/solutions/ht513178 https://datacentersupport.lenovo.com/us/en/solutions/ht513178 Not Affected
DM5000H (ThinkSystem) OnCommand Workflow Automation Linux DM Series https://datacentersupport.lenovo.com/us/en/solutions/ht513178 Not Affected Not Affected
DM5000H (ThinkSystem) OnCommand Workflow Automation Windows DM Series https://datacentersupport.lenovo.com/us/en/solutions/ht513178 Not Affected Not Affected
DM5000H (ThinkSystem) SnapCenter Plug-in for VMware DM Series https://datacentersupport.lenovo.com/us/en/solutions/ht513178 Not Affected Not Affected
DM5000H (ThinkSystem) ThinkSystem Intelligent Monitoring Unified Manager for Linux for DM Series https://datacentersupport.lenovo.com/us/en/solutions/ht513178 Not Affected Not Affected
DM5000H (ThinkSystem) ThinkSystem Intelligent Monitoring Unified Manager for VMware for DM Series https://datacentersupport.lenovo.com/us/en/solutions/ht513178 Not Affected Not Affected
DM5000H (ThinkSystem) ThinkSystem Intelligent Monitoring Unified Manager for Windows for DM Series https://datacentersupport.lenovo.com/us/en/solutions/ht513178 Not Affected Not Affected
DM5100F (ThinkSystem) ONTAP Tools for VMware vSphere (OTV) for DM Series https://datacentersupport.lenovo.com/us/en/solutions/ht513178 https://datacentersupport.lenovo.com/us/en/solutions/ht513178 Not Affected
DM5100F (ThinkSystem) OnCommand Workflow Automation Linux DM Series https://datacentersupport.lenovo.com/us/en/solutions/ht513178 Not Affected Not Affected
DM5100F (ThinkSystem) OnCommand Workflow Automation Windows DM Series https://datacentersupport.lenovo.com/us/en/solutions/ht513178 Not Affected Not Affected
DM5100F (ThinkSystem) SnapCenter Plug-in for VMware DM Series https://datacentersupport.lenovo.com/us/en/solutions/ht513178 Not Affected Not Affected
DM5100F (ThinkSystem) ThinkSystem Intelligent Monitoring Unified Manager for Linux for DM Series https://datacentersupport.lenovo.com/us/en/solutions/ht513178 Not Affected Not Affected
DM5100F (ThinkSystem) ThinkSystem Intelligent Monitoring Unified Manager for VMware for DM Series https://datacentersupport.lenovo.com/us/en/solutions/ht513178 Not Affected Not Affected
DM5100F (ThinkSystem) ThinkSystem Intelligent Monitoring Unified Manager for Windows for DM Series https://datacentersupport.lenovo.com/us/en/solutions/ht513178 Not Affected Not Affected
DM600S (ThinkSystem) ONTAP Tools for VMware vSphere (OTV) for DM Series https://datacentersupport.lenovo.com/us/en/solutions/ht513178 https://datacentersupport.lenovo.com/us/en/solutions/ht513178 Not Affected
DM600S (ThinkSystem) OnCommand Workflow Automation Linux DM Series https://datacentersupport.lenovo.com/us/en/solutions/ht513178 Not Affected Not Affected
DM600S (ThinkSystem) OnCommand Workflow Automation Windows DM Series https://datacentersupport.lenovo.com/us/en/solutions/ht513178 Not Affected Not Affected
DM600S (ThinkSystem) SnapCenter Plug-in for VMware DM Series https://datacentersupport.lenovo.com/us/en/solutions/ht513178 Not Affected Not Affected
DM600S (ThinkSystem) ThinkSystem Intelligent Monitoring Unified Manager for Linux for DM Series https://datacentersupport.lenovo.com/us/en/solutions/ht513178 Not Affected Not Affected
DM600S (ThinkSystem) ThinkSystem Intelligent Monitoring Unified Manager for VMware for DM Series https://datacentersupport.lenovo.com/us/en/solutions/ht513178 Not Affected Not Affected
DM600S (ThinkSystem) ThinkSystem Intelligent Monitoring Unified Manager for Windows for DM Series https://datacentersupport.lenovo.com/us/en/solutions/ht513178 Not Affected Not Affected
DM7000F (ThinkSystem) ONTAP Tools for VMware vSphere (OTV) for DM Series https://datacentersupport.lenovo.com/us/en/solutions/ht513178 https://datacentersupport.lenovo.com/us/en/solutions/ht513178 Not Affected
DM7000F (ThinkSystem) OnCommand Workflow Automation Linux DM Series https://datacentersupport.lenovo.com/us/en/solutions/ht513178 Not Affected Not Affected
DM7000F (ThinkSystem) OnCommand Workflow Automation Windows DM Series https://datacentersupport.lenovo.com/us/en/solutions/ht513178 Not Affected Not Affected
DM7000F (ThinkSystem) SnapCenter Plug-in for VMware DM Series https://datacentersupport.lenovo.com/us/en/solutions/ht513178 Not Affected Not Affected
DM7000F (ThinkSystem) ThinkSystem Intelligent Monitoring Unified Manager for Linux for DM Series https://datacentersupport.lenovo.com/us/en/solutions/ht513178 Not Affected Not Affected
DM7000F (ThinkSystem) ThinkSystem Intelligent Monitoring Unified Manager for VMware for DM Series https://datacentersupport.lenovo.com/us/en/solutions/ht513178 Not Affected Not Affected
DM7000F (ThinkSystem) ThinkSystem Intelligent Monitoring Unified Manager for Windows for DM Series https://datacentersupport.lenovo.com/us/en/solutions/ht513178 Not Affected Not Affected
DM7000H (ThinkSystem) ONTAP Tools for VMware vSphere (OTV) for DM Series https://datacentersupport.lenovo.com/us/en/solutions/ht513178 https://datacentersupport.lenovo.com/us/en/solutions/ht513178 Not Affected
DM7000H (ThinkSystem) OnCommand Workflow Automation Linux DM Series https://datacentersupport.lenovo.com/us/en/solutions/ht513178 Not Affected Not Affected
DM7000H (ThinkSystem) OnCommand Workflow Automation Windows DM Series https://datacentersupport.lenovo.com/us/en/solutions/ht513178 Not Affected Not Affected
DM7000H (ThinkSystem) SnapCenter Plug-in for VMware DM Series https://datacentersupport.lenovo.com/us/en/solutions/ht513178 Not Affected Not Affected
DM7000H (ThinkSystem) ThinkSystem Intelligent Monitoring Unified Manager for Linux for DM Series https://datacentersupport.lenovo.com/us/en/solutions/ht513178 Not Affected Not Affected
DM7000H (ThinkSystem) ThinkSystem Intelligent Monitoring Unified Manager for VMware for DM Series https://datacentersupport.lenovo.com/us/en/solutions/ht513178 Not Affected Not Affected
DM7000H (ThinkSystem) ThinkSystem Intelligent Monitoring Unified Manager for Windows for DM Series https://datacentersupport.lenovo.com/us/en/solutions/ht513178 Not Affected Not Affected
DM7100F (ThinkSystem) ONTAP Tools for VMware vSphere (OTV) for DM Series https://datacentersupport.lenovo.com/us/en/solutions/ht513178 https://datacentersupport.lenovo.com/us/en/solutions/ht513178 Not Affected
DM7100F (ThinkSystem) OnCommand Workflow Automation Linux DM Series https://datacentersupport.lenovo.com/us/en/solutions/ht513178 Not Affected Not Affected
DM7100F (ThinkSystem) OnCommand Workflow Automation Windows DM Series https://datacentersupport.lenovo.com/us/en/solutions/ht513178 Not Affected Not Affected
DM7100F (ThinkSystem) SnapCenter Plug-in for VMware DM Series https://datacentersupport.lenovo.com/us/en/solutions/ht513178 Not Affected Not Affected
DM7100F (ThinkSystem) ThinkSystem Intelligent Monitoring Unified Manager for Linux for DM Series https://datacentersupport.lenovo.com/us/en/solutions/ht513178 Not Affected Not Affected
DM7100F (ThinkSystem) ThinkSystem Intelligent Monitoring Unified Manager for VMware for DM Series https://datacentersupport.lenovo.com/us/en/solutions/ht513178 Not Affected Not Affected
DM7100F (ThinkSystem) ThinkSystem Intelligent Monitoring Unified Manager for Windows for DM Series https://datacentersupport.lenovo.com/us/en/solutions/ht513178 Not Affected Not Affected
DM7100H (ThinkSystem) ONTAP Tools for VMware vSphere (OTV) for DM Series https://datacentersupport.lenovo.com/us/en/solutions/ht513178 https://datacentersupport.lenovo.com/us/en/solutions/ht513178 Not Affected
DM7100H (ThinkSystem) OnCommand Workflow Automation Linux DM Series https://datacentersupport.lenovo.com/us/en/solutions/ht513178 Not Affected Not Affected
DM7100H (ThinkSystem) OnCommand Workflow Automation Windows DM Series https://datacentersupport.lenovo.com/us/en/solutions/ht513178 Not Affected Not Affected
DM7100H (ThinkSystem) SnapCenter Plug-in for VMware DM Series https://datacentersupport.lenovo.com/us/en/solutions/ht513178 Not Affected Not Affected
DM7100H (ThinkSystem) ThinkSystem Intelligent Monitoring Unified Manager for Linux for DM Series https://datacentersupport.lenovo.com/us/en/solutions/ht513178 Not Affected Not Affected
DM7100H (ThinkSystem) ThinkSystem Intelligent Monitoring Unified Manager for VMware for DM Series https://datacentersupport.lenovo.com/us/en/solutions/ht513178 Not Affected Not Affected
DM7100H (ThinkSystem) ThinkSystem Intelligent Monitoring Unified Manager for Windows for DM Series https://datacentersupport.lenovo.com/us/en/solutions/ht513178 Not Affected Not Affected

 

System x

Product Component CVE-2021-4104 (log4j 1.x) CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, CVE-2021-44832 (log4j 2.x)
Compute Node - nx360 M5 (NeXtScale) MegaRAID Storage Manager for Linux - Lenovo x86 Servers 17.05.06.00-0 Not Affected
Compute Node - nx360 M5 (NeXtScale) MegaRAID Storage Manager for Microsoft Windows - Lenovo x86 Servers 17.05.06.00-0 Not Affected
Compute Node - nx360 M5 water-cooled (NeXtScale) MegaRAID Storage Manager for Linux - Lenovo x86 Servers 17.05.06.00-0 Not Affected
Compute Node - x240 (Flex) MegaRAID Storage Manager for Linux - Lenovo x86 Servers 17.05.06.00-0 Not Affected
Compute Node - x240 (Flex) MegaRAID Storage Manager for Microsoft Windows - Lenovo x86 Servers 17.05.06.00-0 Not Affected
Compute Node - x240 M5 (Flex) MegaRAID Storage Manager for Linux - Lenovo x86 Servers 17.05.06.00-0 Not Affected
Compute Node - x240 M5 (Flex) MegaRAID Storage Manager for Microsoft Windows - Lenovo x86 Servers 17.05.06.00-0 Not Affected
Compute Node - x280 X6 (Flex) MegaRAID Storage Manager for Linux - Lenovo x86 Servers 17.05.06.00-0 Not Affected
Compute Node - x280 X6 (Flex) MegaRAID Storage Manager for Microsoft Windows - Lenovo x86 Servers 17.05.06.00-0 Not Affected
Compute Node - x440 (Flex) MegaRAID Storage Manager for Linux - Lenovo x86 Servers 17.05.06.00-0 Not Affected
Compute Node - x440 (Flex) MegaRAID Storage Manager for Microsoft Windows - Lenovo x86 Servers 17.05.06.00-0 Not Affected
Compute Node - x480 X6 (Flex) MegaRAID Storage Manager for Linux - Lenovo x86 Servers 17.05.06.00-0 Not Affected
Compute Node - x480 X6 (Flex) MegaRAID Storage Manager for Microsoft Windows - Lenovo x86 Servers 17.05.06.00-0 Not Affected
Compute Node - x880 X6 (Flex) MegaRAID Storage Manager for Linux - Lenovo x86 Servers 17.05.06.00-0 Not Affected
Compute Node - x880 X6 (Flex) MegaRAID Storage Manager for Microsoft Windows - Lenovo x86 Servers 17.05.06.00-0 Not Affected
System x3500 M5 MegaRAID Storage Manager for Linux - Lenovo x86 Servers 17.05.06.00-0 Not Affected
System x3500 M5 MegaRAID Storage Manager for Microsoft Windows - Lenovo x86 Servers 17.05.06.00-0 Not Affected
System x3550 M5 MegaRAID Storage Manager for Linux - Lenovo x86 Servers 17.05.06.00-0 Not Affected
System x3550 M5 MegaRAID Storage Manager for Microsoft Windows - Lenovo x86 Servers 17.05.06.00-0 Not Affected
System x3650 M5 MegaRAID Storage Manager for Linux - Lenovo x86 Servers 17.05.06.00-0 Not Affected
System x3650 M5 MegaRAID Storage Manager for Microsoft Windows - Lenovo x86 Servers 17.05.06.00-0 Not Affected
System x3750 M4 MegaRAID Storage Manager for Linux - Lenovo x86 Servers 17.05.06.00-0 Not Affected
System x3750 M4 MegaRAID Storage Manager for Microsoft Windows - Lenovo x86 Servers 17.05.06.00-0 Not Affected
System x3850 X6 MegaRAID Storage Manager for Linux - Lenovo x86 Servers 17.05.06.00-0 Not Affected
System x3850 X6 MegaRAID Storage Manager for Microsoft Windows - Lenovo x86 Servers 17.05.06.00-0 Not Affected
System x3950 X6 MegaRAID Storage Manager for Linux - Lenovo x86 Servers 17.05.06.00-0 Not Affected
System x3950 X6 MegaRAID Storage Manager for Microsoft Windows - Lenovo x86 Servers 17.05.06.00-0 Not Affected

 

ThinkAgile

Product Component CVE-2021-44228, CVE-2021-45046 CVE-2021-45105 CVE-2021-44832
CP4000 (ThinkAgile) ThinkAgile CP-Management Web Console All ThinkAgileCP customers have been updated All ThinkAgileCP customers have been updated All ThinkAgileCP customers have been updated
CP6000 (ThinkAgile) ThinkAgile CP-Management Web Console All ThinkAgileCP customers have been updated All ThinkAgileCP customers have been updated All ThinkAgileCP customers have been updated
SAP Solutions ThinkAgile HX - VMware Components https://www.vmware.com/security/advisories/VMSA-2021-0028.html Not Affected Not Affected
SAP Solutions ThinkAgile VX - VMware Components https://www.vmware.com/security/advisories/VMSA-2021-0028.html Not Affected Not Affected
ThinkAgile HX VMware Components https://www.vmware.com/security/advisories/VMSA-2021-0028.html Not Affected Not Affected
ThinkAgile VX VMware Components https://www.vmware.com/security/advisories/VMSA-2021-0028.html Not Affected Not Affected

 

ThinkStation

Product Component CVE-2021-44228, CVE-2021-45046 CVE-2021-45105 CVE-2021-44832
P920 Rack Workstation (ThinkStation) Lenovo XClarity Energy Manager (LXEM) 3.3.0 Not Affected Not Affected

 

ThinkSystem

Product Component CVE-2021-44228, CVE-2021-45046 CVE-2021-45105 CVE-2021-44832
SR530 (ThinkSystem) storman command line tool (For Linux) 24713 Not Affected Not Affected
SR530 (ThinkSystem) storman command line tool (For VMWare) 24713 Not Affected Not Affected
SR530 (ThinkSystem) storman command line tool (For Windows) 24713 Not Affected Not Affected
SR550 (ThinkSystem) storman command line tool (For Linux) 24713 Not Affected Not Affected
SR550 (ThinkSystem) storman command line tool (For VMWare) 24713 Not Affected Not Affected
SR550 (ThinkSystem) storman command line tool (For Windows) 24713 Not Affected Not Affected
SR570 (ThinkSystem) storman command line tool (For Linux) 24713 Not Affected Not Affected
SR570 (ThinkSystem) storman command line tool (For VMWare) 24713 Not Affected Not Affected
SR570 (ThinkSystem) storman command line tool (For Windows) 24713 Not Affected Not Affected
SR590 (ThinkSystem) storman command line tool (For Linux) 24713 Not Affected Not Affected
SR590 (ThinkSystem) storman command line tool (For VMWare) 24713 Not Affected Not Affected
SR590 (ThinkSystem) storman command line tool (For Windows) 24713 Not Affected Not Affected
SR630 (ThinkSystem) storman command line tool (For Linux) 24713 Not Affected Not Affected
SR630 (ThinkSystem) storman command line tool (For VMWare) 24713 Not Affected Not Affected
SR630 (ThinkSystem) storman command line tool (For Windows) 24713 Not Affected Not Affected
SR630 V2 (ThinkSystem) storman command line tool (For Linux) 24713 Not Affected Not Affected
SR630 V2 (ThinkSystem) storman command line tool (For VMWare) 24713 Not Affected Not Affected
SR630 V2 (ThinkSystem) storman command line tool (For Windows) 24713 Not Affected Not Affected
SR645 (ThinkSystem) storman command line tool (For Linux) 24713 Not Affected Not Affected
SR645 (ThinkSystem) storman command line tool (For VMWare) 24713 Not Affected Not Affected
SR645 (ThinkSystem) storman command line tool (For Windows) 24713 Not Affected Not Affected
SR650 (ThinkSystem) storman command line tool (For Linux) 24713 Not Affected Not Affected
SR650 (ThinkSystem) storman command line tool (For VMWare) 24713 Not Affected Not Affected
SR650 (ThinkSystem) storman command line tool (For Windows) 24713 Not Affected Not Affected
SR650 V2 (ThinkSystem) storman command line tool (For Linux) 24713 Not Affected Not Affected
SR650 V2 (ThinkSystem) storman command line tool (For VMWare) 24713 Not Affected Not Affected
SR650 V2 (ThinkSystem) storman command line tool (For Windows) 24713 Not Affected Not Affected
SR665 (ThinkSystem) storman command line tool (For Linux) 24713 Not Affected Not Affected
SR665 (ThinkSystem) storman command line tool (For VMWare) 24713 Not Affected Not Affected
SR665 (ThinkSystem) storman command line tool (For Windows) 24713 Not Affected Not Affected
SR850 V2 (ThinkSystem) storman command line tool (For Linux) 24713 Not Affected Not Affected
SR850 V2 (ThinkSystem) storman command line tool (For VMWare) 24713 Not Affected Not Affected
SR850 V2 (ThinkSystem) storman command line tool (For Windows) 24713 Not Affected Not Affected
SR860 V2 (ThinkSystem) storman command line tool (For Linux) 24713 Not Affected Not Affected
SR860 V2 (ThinkSystem) storman command line tool (For VMWare) 24713 Not Affected Not Affected
SR860 V2 (ThinkSystem) storman command line tool (For Windows) 24713 Not Affected Not Affected
ST550 (ThinkSystem) storman command line tool (For Linux) 24713 Not Affected Not Affected
ST550 (ThinkSystem) storman command line tool (For VMWare) 24713 Not Affected Not Affected
ST550 (ThinkSystem) storman command line tool (For Windows) 24713 Not Affected Not Affected
ST558 (ThinkSystem) storman command line tool (For Linux) 24713 Not Affected Not Affected
ST558 (ThinkSystem) storman command line tool (For VMWare) 24713 Not Affected Not Affected
ST558 (ThinkSystem) storman command line tool (For Windows) 24713 Not Affected Not Affected

 

Not Affected

Any 5594 UPS unit

Any 5595 UPS unit

BIOS/UEFI

Chassis Management Module 2 (CMM)

Commercial Vantage

Confluent

Core OEM (for Zoom/Teams/Partner solutions)Eaton UPS Network Management Card (NMC)

Embedded System Management Java-based KVM clients

Fan Power Controller (FPC)

Fan Power Controller2 (FPC2)

Google Series One Kits (Small, Medium, Large)IBM Advanced Management Module (AMM)

IBM LCM8 Local Console Managers, 1754-A1X

IBM LCM16 Local Console Managers, 1754-A2X

IBM GCM16 Global Console Managers, 1754-D1X

IBM GCM32 Global Console Managers, 1754-D2X

Integrated Management Module II (IMM2)

Lenovo and IBM V-series Storage (including V1, Storwize, and V2)

Lenovo Cloud Deploy

Lenovo Device Intelligence (LDI)

Lenovo Dock Manager

Lenovo Dynamic System Analysis (DSA)

Lenovo LCM8 Local Console Managers, 1754-A1X

Lenovo LCM16 Local Console Managers, 1754-A2X

Lenovo GCM16 Global Console Managers, 1754-D1X

Lenovo GCM32 Global Console Managers, 1754-D2X

Lenovo Migration Assistant

Lenovo Patch for MEM

Lenovo SAP Solutions - Components other than ThinkAgile VX

Lenovo Scaling Utility

Lenovo System Update

Lenovo Thin Installer

Lenovo Thinclient Manager (LTM)

Lenovo ThinkSystem Digital 2x1x16 KVM Switch, 1754-D1T

Lenovo Update Retriever

Lenovo UPS Network Management Card, p/n 46M4110

Lenovo UPS Power Manager for Virtual Appliances, any release

Lenovo UPS Power Manager for Microsoft Windows, any release

Lenovo UPS Power Protector for Linux, any release

Lenovo UPS Power Protector for Microsoft Windows

Lenovo Vantage

Lenovo XClarity Orchestrator (LXCO)

Lenovo XClarity Mobile (LXCM) (Android and IOS)

Lenovo XClarity Integrator (LXCI) for Windows Admin Center

Lenovo XClarity Integrator (LXCI) for Microsoft System Center

Lenovo XClarity Integrator (LXCI) for ServiceNow

Lenovo XClarity Integrator (LXCI) for Nagios

Lenovo XClarity Integrator (LXCI) for Microsoft Azure Analytics

Lenovo XClarity Controller (XCC)

Lenovo XClarity Essentials (LXCE)

Lenovo XClarity Provisioning Manager (LXPM)

LeTOS

LSI Storage Authority

MegaCLI

Network Switches running

  • Lenovo CNOS
  • Lenovo ENOS
  • IBM ENOS
  • Brocade FOS

StorCLI

Switched and Monitored PDUs

  • 1U 9 C19/3 C13 Switched and Monitored DPI PDU, 46M4002
  • 1U 9 C19/3 C13 Switched and Monitored 60A 3-phase PDU, 46M4003
  • 1U 12 C13 Switched and Monitored DPI PDU, 46M4004
  • 1U 12 C13 Switched and Monitored 60A 3-phase PDU, 46M4005

System Management Module (SMM)

System Management Module 2 (SMM2)

ThinkAgile HX

  • Nutanix Components Not Affected - See Nutanix advisory listed under References section
  • Hardware Not Affected

ThinkAgile VX

  • Hardware Not Affected

ThinkShield Edge Mobile Management (Android and IOS)

ThinkSmart Hub500

ThinkSmart Hub60/HubG2

ThinkSmart Core (Core + Controller and Core Full Room Kit)

ThinkSmart View

ThinkSmart Cam

ThinkSmart Bar and BarXL

ThinkSmart Manager (and associated iOS and Android mobile apps)

ThinkSystem 2x1x16 Digital KVM Switch - Type 1754D1T

ThinkSystem DE Series Storage - See NetApp advisories listed under References section

ThinkSystem DM Series Storage - See NetApp advisories listed under References section

ThinkSystem DS Series Storage

ThinkSystem Manager (TSM)

TET M920Q (for Zoom/Teams/Partner solutions)

Vertiv rPDUs for Lenovo

View for Zoom


Alias Id:LEN-76573
Document ID:PS500457
Original Publish Date:12/13/2021
Last Modified Date:06/14/2023