CVE-2021-21506

EPSS 0.53%
Veröffentlicht 08.03.2021 22:15:13
Zuletzt bearbeitet 21.11.2024 05:48:29
Quelle security_alert@emc.com
Teams Watchlist Login
Unerledigt Login

PowerScale OneFS 8.1.2,8.2.2 and 9.1.0 contains an improper input sanitization issue in its API handler. An un-authtenticated with ISI_PRIV_SYS_SUPPORT and ISI_PRIV_LOGIN_PAPI privileges could potentially exploit this vulnerability, leading to potential privileges escalation.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Dell ≫ Emc Powerscale Onefs Version8.1.2

Dell ≫ Emc Powerscale Onefs Version8.2.2

Dell ≫ Emc Powerscale Onefs Version9.1.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.53%	0.66

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P
security_alert@emc.com	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://www.dell.com/support/kbdoc/000183717

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-21506

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-21506

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-21506

EUVD