7.8
CVE-2025-21103
- EPSS 0.06%
- Published 17.02.2025 14:15:08
- Last modified 17.02.2025 14:15:08
- Source security_alert@emc.com
- Teams watchlist Login
- Open Login
Dell NetWorker Management Console, version(s) 19.11 through 19.11.0.3 & Versions prior to 19.10.0.7 contain(s) an improper neutralization of server-side vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability and run arbitrary code on the server.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
VendorDell
≫
Product
NetWorker Management Console
Default Statusunaffected
Version <=
19.11.0.3
Version
19.11
Status
affected
Version <
19.10.0.7
Version
N/A
Status
affected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.06% | 0.174 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| security_alert@emc.com | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
CWE-97 Improper Neutralization of Server-Side Includes (SSI) Within a Web Page
The product generates a web page, but does not neutralize or incorrectly neutralizes user-controllable input that could be interpreted as a server-side include (SSI) directive.