// For flags

CVE-2021-21524

 

Severity Score

9.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Dell SRM versions prior to 4.5.0.1 and Dell SMR versions prior to 4.5.0.1 contain an Untrusted Deserialization Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to arbitrary privileged code execution on the vulnerable application. The severity is Critical as this may lead to system compromise by unauthenticated attackers.

Dell SRM versiones anteriores a 4.5.0.1 y Dell SMR versiones anteriores a 4.5.0.1, contienen una vulnerabilidad de Deserialización No Confiable. Un atacante remoto no autenticado podría potencialmente explotar esta vulnerabilidad, conllevando una ejecución de código arbitraria privilegiada en la aplicación vulnerable. La gravedad es Crítica, ya que esto puede conllevar a comprometer el sistema por parte de atacantes no autenticados

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-01-04 CVE Reserved
  • 2021-04-12 CVE Published
  • 2024-04-16 EPSS Updated
  • 2024-09-16 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-502: Deserialization of Untrusted Data
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Dell
Search vendor "Dell"
 Storage Monitoring And Reporting
Search vendor "Dell" for product "Storage Monitoring And Reporting"
 < 4.5.0.1
Search vendor "Dell" for product "Storage Monitoring And Reporting" and version " < 4.5.0.1"
-
Affected
Dell
Search vendor "Dell"
 Storage Resource Manager
Search vendor "Dell" for product "Storage Resource Manager"
 < 4.5.0.1
Search vendor "Dell" for product "Storage Resource Manager" and version " < 4.5.0.1"
-
Affected