Impact
Medium
Details
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
CVE-2021-21589 |
Dell Unity, Unity XT, and UnityVSA versions before 5.1.0.0.5.394 do not exit on failed Initialization. A local authenticated Service user may potentially exploit this vulnerability to escalate privileges. |
5.7 |
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H |
CVE-2021-21590 |
Dell Unity, Unity XT, and UnityVSA versions before 5.1.0.0.5.394 contain a plain-text password storage vulnerability. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user. |
6.4 |
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H |
CVE-2021-21591 |
Dell Unity, Unity XT, and UnityVSA versions before 5.1.0.0.5.394 contain a plain-text password storage vulnerability. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user. |
6.4 |
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H |
Third-party Component |
CVEs |
More Information |
apache2 |
CVE-2019-9517 |
See NVD (http://nvd.nist.gov/) for individual scores for each CVE. |
apache2-mod_jk |
CVE-2018-11759 |
bind |
CVE-2020-8625 |
CVE-2019-6465 |
CVE-2018-5745 |
CVE-2018-5743 |
CVE-2018-5740 |
Dell BSAFE™ Micro Edition Suite |
CVE-2020-1968 |
cpio |
CVE-2019-14866 |
cronie |
CVE-2019-9705 |
CVE-2019-9704 |
curl |
CVE-2020-8177 |
dnsmasq |
CVE-2019-14834 |
CVE-2017-15107 |
docker |
CVE-2019-13139 |
e2fsprogs |
CVE-2019-5188 |
elfutils |
CVE-2019-7665 |
CVE-2019-7150 |
CVE-2018-18521 |
CVE-2018-18520 |
CVE-2018-18310 |
CVE-2018-16403 |
CVE-2018-16062 |
CVE-2017-7613 |
CVE-2017-7612 |
CVE-2017-7611 |
CVE-2017-7610 |
CVE-2017-7608 |
CVE-2017-7607 |
expat |
CVE-2019-15903 |
CVE-2018-20843 |
gdb |
CVE-2019-1010180 |
gnutls |
CVE-2018-16868 |
gpg2 |
CVE-2019-13050 |
ipmitool |
CVE-2020-5208 |
Javascript library (Bootstrap) |
CVE-2019-8331 |
Javascript library (jQuery) |
CVE-2019-11358 |
CVE-2015-9251 |
Javascript library (Sencha Ext) |
CVE-2018-8046 |
krb5 |
CVE-2018-5730 |
CVE-2018-5729 |
libfreetype6 |
CVE-2020-15999 |
libfuse2 |
CVE-2018-10906 |
libmspack0 |
CVE-2018-18585 |
CVE-2018-18584 |
libproxy |
CVE-2020-26154 |
CVE-2020-25219 |
libqb |
CVE-2019-12779 |
libseccomp |
CVE-2019-9893 |
libtasn1 |
CVE-2018-1000654 |
libX11 |
CVE-2020-14344 |
CVE-2018-14600 |
CVE-2018-14599 |
CVE-2018-14598 |
libxml2 |
CVE-2018-14567 |
CVE-2018-14404 |
CVE-2018-9251 |
libxslt |
CVE-2019-11068 |
Mesa |
CVE-2019-5068 |
mozilla-nspr, mozilla-nss |
CVE-2019-17006 |
CVE-2019-11745 |
CVE-2018-18508 |
ncurses |
CVE-2019-17595 |
CVE-2019-17594 |
openldap2 |
CVE-2020-25692 |
CVE-2019-13565 |
CVE-2019-13057 |
CVE-2017-17740 |
openssl |
CVE-2020-1971 |
CVE-2020-1968 |
perl |
CVE-2020-12723 |
CVE-2020-10878 |
CVE-2020-10543 |
CVE-2018-18312 |
perl-DBI |
CVE-2019-20919 |
permissions |
CVE-2019-3690 |
CVE-2019-3688 |
postgresql10, libpq5 |
CVE-2020-1720 |
python |
CVE-2020-26116 |
CVE-2019-20907 |
CVE-2008-3144 |
CVE-2008-3143 |
CVE-2008-3142 |
screen |
CVE-2021-26937 |
sudo |
CVE-2021-23239 |
CVE-2019-18634 |
systemd |
CVE-2019-20386 |
CVE-2019-3842 |
CVE-2018-15688 |
tar |
CVE-2019-9923 |
CVE-2018-20482 |
tiff |
CVE-2019-7663 |
CVE-2019-6128 |
CVE-2018-19210 |
CVE-2018-17000 |
unzip |
CVE-2018-18384 |
vim |
CVE-2019-20807 |
wicked |
CVE-2020-7217 |
CVE-2020-7216 |
CVE-2019-18903 |
CVE-2019-18902 |
xerces-c |
CVE-2017-12627 |
zmq |
CVE-2020-15166 |
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
CVE-2021-21589 |
Dell Unity, Unity XT, and UnityVSA versions before 5.1.0.0.5.394 do not exit on failed Initialization. A local authenticated Service user may potentially exploit this vulnerability to escalate privileges. |
5.7 |
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H |
CVE-2021-21590 |
Dell Unity, Unity XT, and UnityVSA versions before 5.1.0.0.5.394 contain a plain-text password storage vulnerability. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user. |
6.4 |
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H |
CVE-2021-21591 |
Dell Unity, Unity XT, and UnityVSA versions before 5.1.0.0.5.394 contain a plain-text password storage vulnerability. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user. |
6.4 |
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H |
Third-party Component |
CVEs |
More Information |
apache2 |
CVE-2019-9517 |
See NVD (http://nvd.nist.gov/) for individual scores for each CVE. |
apache2-mod_jk |
CVE-2018-11759 |
bind |
CVE-2020-8625 |
CVE-2019-6465 |
CVE-2018-5745 |
CVE-2018-5743 |
CVE-2018-5740 |
Dell BSAFE™ Micro Edition Suite |
CVE-2020-1968 |
cpio |
CVE-2019-14866 |
cronie |
CVE-2019-9705 |
CVE-2019-9704 |
curl |
CVE-2020-8177 |
dnsmasq |
CVE-2019-14834 |
CVE-2017-15107 |
docker |
CVE-2019-13139 |
e2fsprogs |
CVE-2019-5188 |
elfutils |
CVE-2019-7665 |
CVE-2019-7150 |
CVE-2018-18521 |
CVE-2018-18520 |
CVE-2018-18310 |
CVE-2018-16403 |
CVE-2018-16062 |
CVE-2017-7613 |
CVE-2017-7612 |
CVE-2017-7611 |
CVE-2017-7610 |
CVE-2017-7608 |
CVE-2017-7607 |
expat |
CVE-2019-15903 |
CVE-2018-20843 |
gdb |
CVE-2019-1010180 |
gnutls |
CVE-2018-16868 |
gpg2 |
CVE-2019-13050 |
ipmitool |
CVE-2020-5208 |
Javascript library (Bootstrap) |
CVE-2019-8331 |
Javascript library (jQuery) |
CVE-2019-11358 |
CVE-2015-9251 |
Javascript library (Sencha Ext) |
CVE-2018-8046 |
krb5 |
CVE-2018-5730 |
CVE-2018-5729 |
libfreetype6 |
CVE-2020-15999 |
libfuse2 |
CVE-2018-10906 |
libmspack0 |
CVE-2018-18585 |
CVE-2018-18584 |
libproxy |
CVE-2020-26154 |
CVE-2020-25219 |
libqb |
CVE-2019-12779 |
libseccomp |
CVE-2019-9893 |
libtasn1 |
CVE-2018-1000654 |
libX11 |
CVE-2020-14344 |
CVE-2018-14600 |
CVE-2018-14599 |
CVE-2018-14598 |
libxml2 |
CVE-2018-14567 |
CVE-2018-14404 |
CVE-2018-9251 |
libxslt |
CVE-2019-11068 |
Mesa |
CVE-2019-5068 |
mozilla-nspr, mozilla-nss |
CVE-2019-17006 |
CVE-2019-11745 |
CVE-2018-18508 |
ncurses |
CVE-2019-17595 |
CVE-2019-17594 |
openldap2 |
CVE-2020-25692 |
CVE-2019-13565 |
CVE-2019-13057 |
CVE-2017-17740 |
openssl |
CVE-2020-1971 |
CVE-2020-1968 |
perl |
CVE-2020-12723 |
CVE-2020-10878 |
CVE-2020-10543 |
CVE-2018-18312 |
perl-DBI |
CVE-2019-20919 |
permissions |
CVE-2019-3690 |
CVE-2019-3688 |
postgresql10, libpq5 |
CVE-2020-1720 |
python |
CVE-2020-26116 |
CVE-2019-20907 |
CVE-2008-3144 |
CVE-2008-3143 |
CVE-2008-3142 |
screen |
CVE-2021-26937 |
sudo |
CVE-2021-23239 |
CVE-2019-18634 |
systemd |
CVE-2019-20386 |
CVE-2019-3842 |
CVE-2018-15688 |
tar |
CVE-2019-9923 |
CVE-2018-20482 |
tiff |
CVE-2019-7663 |
CVE-2019-6128 |
CVE-2018-19210 |
CVE-2018-17000 |
unzip |
CVE-2018-18384 |
vim |
CVE-2019-20807 |
wicked |
CVE-2020-7217 |
CVE-2020-7216 |
CVE-2019-18903 |
CVE-2019-18902 |
xerces-c |
CVE-2017-12627 |
zmq |
CVE-2020-15166 |
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.
Affected Products and Remediation
Revision History
Revision | Date | More Information |
1.0 | 2021-07-01 | Initial Release |
Related Information
Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide