CVE-2021-21538
https://notcve.org/view.php?id=CVE-2021-21538
Dell EMC iDRAC9 versions 4.40.00.00 and later, but prior to 4.40.10.00, contain an improper authentication vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain access to the virtual console. Dell EMC iDRAC9 versiones 4.40.00.00 y posteriores, pero anteriores a 4.40.10.00, contienen una vulnerabilidad de autenticación inapropiada. Un atacante no autenticado remoto podría explotar potencialmente esta vulnerabilidad para conseguir acceso a la consola virtual • https://www.dell.com/support/kbdoc/000186420 • CWE-287: Improper Authentication •
CVE-2021-21544
https://notcve.org/view.php?id=CVE-2021-21544
Dell EMC iDRAC9 versions prior to 4.40.00.00 contain an improper authentication vulnerability. A remote authenticated malicious user with high privileges could potentially exploit this vulnerability to manipulate the username field under the comment section and set the value to any user. Dell EMC iDRAC9 versiones anteriores a 4.40.00.00, contiene una vulnerabilidad de autenticación inapropiada. Un usuario malicioso autenticado remoto con privilegios elevados podría explotar potencialmente esta vulnerabilidad para manipular el campo username en la sección comment y establecer el valor para cualquier usuario. • https://www.dell.com/support/kbdoc/000185293 • CWE-287: Improper Authentication CWE-602: Client-Side Enforcement of Server-Side Security •
CVE-2021-21543
https://notcve.org/view.php?id=CVE-2021-21543
Dell EMC iDRAC9 versions prior to 4.40.00.00 contain multiple stored cross-site scripting vulnerabilities. A remote authenticated malicious user with high privileges could potentially exploit these vulnerabilities to store malicious HTML or JavaScript code through multiple affected parameters. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. Dell EMC iDRAC9 versiones anteriores a 4.40.00.00, contienen múltiples vulnerabilidades de tipo cross-site scripting almacenado. Un usuario malicioso autenticado remoto con privilegios elevados podría explotar estas vulnerabilidades para almacenar código HTML o JavaScript malicioso por medio de múltiples parámetros afectados. • https://www.dell.com/support/kbdoc/000185293 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-21542
https://notcve.org/view.php?id=CVE-2021-21542
Dell EMC iDRAC9 versions prior to 4.40.10.00 contain multiple stored cross-site scripting vulnerabilities. A remote authenticated malicious user with high privileges could potentially exploit these vulnerabilities to store malicious HTML or JavaScript code through multiple affected while generating a certificate. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. Dell EMC iDRAC9 versiones anteriores a 4.40.10.00, contienen múltiples vulnerabilidades de tipo cross-site scripting almacenado. Un usuario malicioso autenticado remoto con altos privilegios podría explotar estas vulnerabilidades para almacenar código HTML o JavaScript malicioso por medio de múltiples afectaciones mientras genera un certificado. • https://www.dell.com/support/kbdoc/000185293 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-21541
https://notcve.org/view.php?id=CVE-2021-21541
Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a DOM-based cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to DOM environment in the browser. The malicious code is then executed by the web browser in the context of the vulnerable web application. Dell EMC iDRAC9 versiones anteriores a 4.40.00.00, contiene una vulnerabilidad de tipo cross-site scripting basada en DOM. Un atacante remoto no autenticado podría explotar potencialmente esta vulnerabilidad engañando al usuario de la aplicación víctima para que suministre un código HTML o JavaScript malicioso al entorno DOM en el navegador. • https://www.dell.com/support/kbdoc/000185293 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •