Article Number: 000184753
Critical
| Proprietary Code CVE | Description | CVSSBase Score | CVSS Vector String |
| CVE-2021-21524 | Dell SRM versions prior to 4.5.0.1 and Dell SMR versions prior to 4.5.0.1 contain an Untrusted Deserialization Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to arbitrary privileged code execution on the vulnerable application. The severity is Critical as this may lead to system compromise by unauthenticated attackers. | 9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Third-party Component | CVE(s) | More information |
| SUSE Linux Binaries *Only for vApp. |
CVE-2016-2339 | See NVD (http://nvd.nist.gov/) for individual scores for each CVE |
| CVE-2017-0898 | ||
| CVE-2017-0899 | ||
| CVE-2017-0903 | ||
| CVE-2017-2518 | ||
| CVE-2017-9228 | ||
| CVE-2017-12627 | ||
| CVE-2017-14064 | ||
| CVE-2017-17790 | ||
| CVE-2018-8780 | ||
| CVE-2018-16395 | ||
| CVE-2018-1000076 | ||
| CVE-2019-17006 | ||
| CVE-2019-19906 | ||
| CVE-2019-20916 | ||
| CVE-2020-0404 | ||
| CVE-2020-1971 | ||
| CVE-2020-14363 | ||
| CVE-2020-25219 | ||
| CVE-2020-25692 | ||
| CVE-2020-28196 | ||
| MySQL |
CVE-2021-2010 | |
| CVE-2021-2011 | ||
| CVE-2021-2014 | ||
| CVE-2021-2022 | ||
| CVE-2021-2032 | ||
| CVE-2021-2060 | ||
| Apache Tomcat | CVE-2020-13942 | |
| CVE-2020-17527 | ||
| CVE-2021-24122 | ||
| Apache Struts | CVE-2020-17530 | |
| Eclipse Jetty | CVE-2020-27216 | |
| CVE-2020-27218 |
| Proprietary Code CVE | Description | CVSSBase Score | CVSS Vector String |
| CVE-2021-21524 | Dell SRM versions prior to 4.5.0.1 and Dell SMR versions prior to 4.5.0.1 contain an Untrusted Deserialization Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to arbitrary privileged code execution on the vulnerable application. The severity is Critical as this may lead to system compromise by unauthenticated attackers. | 9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Third-party Component | CVE(s) | More information |
| SUSE Linux Binaries *Only for vApp. |
CVE-2016-2339 | See NVD (http://nvd.nist.gov/) for individual scores for each CVE |
| CVE-2017-0898 | ||
| CVE-2017-0899 | ||
| CVE-2017-0903 | ||
| CVE-2017-2518 | ||
| CVE-2017-9228 | ||
| CVE-2017-12627 | ||
| CVE-2017-14064 | ||
| CVE-2017-17790 | ||
| CVE-2018-8780 | ||
| CVE-2018-16395 | ||
| CVE-2018-1000076 | ||
| CVE-2019-17006 | ||
| CVE-2019-19906 | ||
| CVE-2019-20916 | ||
| CVE-2020-0404 | ||
| CVE-2020-1971 | ||
| CVE-2020-14363 | ||
| CVE-2020-25219 | ||
| CVE-2020-25692 | ||
| CVE-2020-28196 | ||
| MySQL |
CVE-2021-2010 | |
| CVE-2021-2011 | ||
| CVE-2021-2014 | ||
| CVE-2021-2022 | ||
| CVE-2021-2032 | ||
| CVE-2021-2060 | ||
| Apache Tomcat | CVE-2020-13942 | |
| CVE-2020-17527 | ||
| CVE-2021-24122 | ||
| Apache Struts | CVE-2020-17530 | |
| Eclipse Jetty | CVE-2020-27216 | |
| CVE-2020-27218 |
| Product | Affected Version(s) | Updated Version(s) | Link to Update | |
| Dell SRM | Versions prior to 4.5.0.1 |
4.5.0.1 | https://support.emc.com/downloads/34247_SRM |
|
| Dell SMR | Versions prior to 4.5.0.1 | 4.5.0.1 | https://support.emc.com/downloads/40532_SMR | |
| Product | Affected Version(s) | Updated Version(s) | Link to Update | |
| Dell SRM | Versions prior to 4.5.0.1 |
4.5.0.1 | https://support.emc.com/downloads/34247_SRM |
|
| Dell SMR | Versions prior to 4.5.0.1 | 4.5.0.1 | https://support.emc.com/downloads/40532_SMR | |
Dell would like to thank An Trinh for reporting CVE-2021-21524.
| Revision | Date |
| 1.0 | 2021-03-30 |
EMC Storage Monitoring and Reporting, SRM, SRM
Storage Monitoring and Reporting, Product Security Information
30 Mar 2021
Dell Security Advisory