CVSS: 6.7EPSS: 0%CPEs: 3EXPL: 0CVE-2021-21547
https://notcve.org/view.php?id=CVE-2021-21547
Dell EMC Unity, UnityVSA, and Unity XT versions prior to 5.0.7.0.5.008 contain a plain-text password storage vulnerability when the Dell Upgrade Readiness Utility is run on the system. The credentials of the Unisphere Administrator are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user. Dell EMC Unity, UnityVSA y Unity XT versiones anteriores a 5.0.7.0.5.008 contienen una vulnerabilidad de almacenamiento de contraseña de texto plano cuando Dell Upgrade Readiness Utility es ejecutado en el sistema. Las credenciales del Administrador de Unisphere son almacenadas en texto plano. • https://www.dell.com/support/kbdoc/000185484 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 8.1EPSS: 0%CPEs: 9EXPL: 0CVE-2021-21531
https://notcve.org/view.php?id=CVE-2021-21531
Dell Unisphere for PowerMax versions prior to 9.2.1.6 contain an Authorization Bypass Vulnerability. A local authenticated malicious user with monitor role may exploit this vulnerability to perform unauthorized actions. Dell Unisphere para PowerMax versiones anteriores a 9.2.1.6, contienen una vulnerabilidad de Omisión de Autorización. Un usuario malicioso local autenticado con role de monitor puede explotar esta vulnerabilidad para llevar a cabo acciones no autorizadas. • https://www.dell.com/support/kbdoc/000184565 • CWE-602: Client-Side Enforcement of Server-Side Security CWE-669: Incorrect Resource Transfer Between Spheres •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-21530
https://notcve.org/view.php?id=CVE-2021-21530
Dell OpenManage Enterprise-Modular (OME-M) versions prior to 1.30.00 contain a security bypass vulnerability. An authenticated malicious user with low privileges may potentially exploit the vulnerability to escape from the restricted environment and gain access to sensitive information in the system, resulting in information disclosure and elevation of privilege. Dell OpenManage Enterprise-Modular (OME-M) versiones anteriores a 1.30.00, contiene una vulnerabilidad de omisión de seguridad. Un usuario malicioso autenticado con pocos privilegios puede explotar la vulnerabilidad para escapar del entorno restringido y conseguir acceso a información confidencial en el sistema, resultando en una divulgación de información y elevación de privilegios. • https://www.dell.com/support/kbdoc/000185205 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 22EXPL: 0CVE-2021-21507
https://notcve.org/view.php?id=CVE-2021-21507
Dell EMC Networking X-Series firmware versions prior to 3.0.1.8 and Dell EMC PowerEdge VRTX Switch Module firmware versions prior to 2.0.0.82 contain a Weak Password Encryption Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable system with privileges of the compromised account. Dell EMC Networking X-Series versiones anteriores a 3.0.1.8 y Dell EMC PowerEdge VRTX Module, versiones de firrmware anteriores a 2.0.0.82, contienen una vulnerabilidad de Cifrado de Contraseña Débil. Un atacante remoto no autenticado podría explotar potencialmente esta vulnerabilidad, conllevando a una divulgación de determinadas credenciales de usuario. • https://www.dell.com/support/kbdoc/000185252 • CWE-261: Weak Encoding for Password CWE-326: Inadequate Encryption Strength •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-21544
https://notcve.org/view.php?id=CVE-2021-21544
Dell EMC iDRAC9 versions prior to 4.40.00.00 contain an improper authentication vulnerability. A remote authenticated malicious user with high privileges could potentially exploit this vulnerability to manipulate the username field under the comment section and set the value to any user. Dell EMC iDRAC9 versiones anteriores a 4.40.00.00, contiene una vulnerabilidad de autenticación inapropiada. Un usuario malicioso autenticado remoto con privilegios elevados podría explotar potencialmente esta vulnerabilidad para manipular el campo username en la sección comment y establecer el valor para cualquier usuario. • https://www.dell.com/support/kbdoc/000185293 • CWE-287: Improper Authentication CWE-602: Client-Side Enforcement of Server-Side Security •