CVE-2021-21541
https://notcve.org/view.php?id=CVE-2021-21541
Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a DOM-based cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to DOM environment in the browser. The malicious code is then executed by the web browser in the context of the vulnerable web application. Dell EMC iDRAC9 versiones anteriores a 4.40.00.00, contiene una vulnerabilidad de tipo cross-site scripting basada en DOM. Un atacante remoto no autenticado podría explotar potencialmente esta vulnerabilidad engañando al usuario de la aplicación víctima para que suministre un código HTML o JavaScript malicioso al entorno DOM en el navegador. • https://www.dell.com/support/kbdoc/000185293 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-21540
https://notcve.org/view.php?id=CVE-2021-21540
Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a stack-based overflow vulnerability. A remote authenticated attacker could potentially exploit this vulnerability to overwrite configuration information by injecting arbitrarily large payload. Dell EMC iDRAC9 versiones anteriores a 4.40.00.00, contiene una vulnerabilidad de desbordamiento en la región stack de la memoria. Un atacante autenticado remoto podría explotar potencialmente esta vulnerabilidad para sobrescribir la información de configuración al inyectar una carga útil arbitrariamente grande. • https://www.dell.com/support/kbdoc/000185293 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2021-21539
https://notcve.org/view.php?id=CVE-2021-21539
Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a Time-of-check Time-of-use (TOCTOU) race condition vulnerability. A remote authenticated attacker could potentially exploit this vulnerability to gain elevated privileges when a user with higher privileges is simultaneously accessing iDRAC through the web interface. Dell EMC iDRAC9 versiones anteriores a 4.40.00.00, contiene una vulnerabilidad de condición de carrera Time-of-check Time-of-use (TOCTOU). Un atacante autenticado remoto podría explotar potencialmente esta vulnerabilidad para alcanzar privilegios elevados cuando un usuario con privilegios más elevados accede simultáneamente a iDRAC a través de la interfaz web. • https://www.dell.com/support/kbdoc/000185293 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVE-2020-26198
https://notcve.org/view.php?id=CVE-2020-26198
Dell EMC iDRAC9 versions prior to 4.32.10.00 and 4.40.00.00 contain a reflected cross-site scripting vulnerability in the iDRAC9 web application. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript in a victim’s browser by tricking a victim in to following a specially crafted link. Dell EMC iDRAC9 versiones anteriores a 4.32.10.00 y 4.40.00.00, contienen una vulnerabilidad de tipo cross-site scripting reflejada en la aplicación web de iDRAC9. Un atacante remoto podría potencialmente explotar esta vulnerabilidad para ejecutar HTML o JavaScript maliciosos en el navegador de una víctima engañándola para que siga un enlace especialmente diseñado • https://www.dell.com/support/kbdoc/en-us/000181088/dsa-2020-268-dell-emc-idrac9-reflected-xss-vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •