CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-36332
https://notcve.org/view.php?id=CVE-2021-36332
Dell EMC CloudLink 7.1 and all prior versions contain a HTML and Javascript Injection Vulnerability. A remote low privileged attacker, may potentially exploit this vulnerability, directing end user to arbitrary and potentially malicious websites. Dell EMC CloudLink versiones 7.1 y todas las versiones anteriores, contienen una Vulnerabilidad de Inyección de HTML y Javascript. Un atacante remoto con pocos privilegios puede explotar esta vulnerabilidad, dirigiendo al usuario final a sitios web arbitrarios y potencialmente maliciosos • https://www.dell.com/support/kbdoc/en-us/000193031/https-dellservices-lightning-force-com-one-one-app • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-36314
https://notcve.org/view.php?id=CVE-2021-36314
Dell EMC CloudLink 7.1 and all prior versions contain an Arbitrary File Creation Vulnerability. A remote unauthenticated attacker, may potentially exploit this vulnerability, leading to the execution of arbitrary files on the end user system. Dell EMC CloudLink versiones 7.1 y todas las versiones anteriores, contienen una Vulnerabilidad de Creación de Archivos Arbitrarios. Un atacante remoto no autenticado, puede potencialmente explotar esta vulnerabilidad, conllevando a una ejecución de archivos arbitrarios en el sistema del usuario final • https://www.dell.com/support/kbdoc/en-us/000193031/https-dellservices-lightning-force-com-one-one-app •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-36313
https://notcve.org/view.php?id=CVE-2021-36313
Dell EMC CloudLink 7.1 and all prior versions contain an OS command injection Vulnerability. A remote high privileged attacker, may potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker. This vulnerability is considered critical as it may be leveraged to completely compromise the vulnerable application as well as the underlying operating system. Dell recommends customers to upgrade at the earliest opportunity. • https://www.dell.com/support/kbdoc/en-us/000193031/https-dellservices-lightning-force-com-one-one-app • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-36312
https://notcve.org/view.php?id=CVE-2021-36312
Dell EMC CloudLink 7.1 and all prior versions contain a Hard-coded Password Vulnerability. A remote high privileged attacker, with the knowledge of the hard-coded credentials, may potentially exploit this vulnerability to gain unauthorized access to the system. Dell EMC CloudLink versiones 7.1 y todas las versiones anteriores, contienen una vulnerabilidad de contraseña Embebida. Un atacante remoto con altos privilegios, con el conocimiento de las credenciales codificadas, puede potencialmente explotar esta vulnerabilidad para obtener acceso no autorizado al sistema • https://www.dell.com/support/kbdoc/en-us/000193031/https-dellservices-lightning-force-com-one-one-app • CWE-259: Use of Hard-coded Password •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-36311
https://notcve.org/view.php?id=CVE-2021-36311
Dell EMC Networker versions prior to 19.5 contain an Improper Authorization vulnerability. Any local malicious user with networker user privileges may exploit this vulnerability to upload malicious file to unauthorized locations and execute it. Dell EMC Networker versiones anteriores a la 19.5, contienen una vulnerabilidad de Autorización Inapropiada. Cualquier usuario local malicioso con privilegios de usuario de Networker puede explotar esta vulnerabilidad para cargar archivos maliciosos en ubicaciones no autorizadas y ejecutarlos • https://www.dell.com/support/kbdoc/000192419 • CWE-285: Improper Authorization •