文書番号: 000186363
High
Proprietary Code CVE(s) |
Description |
CVSSBase Score |
CVSS Vector String |
CVE-2021-21549 |
Dell EMC XtremIO Versions prior to 6.3.3-8, contain a Cross-Site Request Forgery Vulnerability in XMS. A non-privileged attacker could potentially exploit this vulnerability, leading to a privileged victim application user being tricked into sending state-changing requests to the vulnerable application, causing unintended server operations. |
8.8 |
Third-Party Component
|
CVE(s) |
More information |
OpenSSL |
CVE-2020-1971 |
See NVD (http://nvd.nist.gov/) for individual scores for each CVE |
Proprietary Code CVE(s) |
Description |
CVSSBase Score |
CVSS Vector String |
CVE-2021-21549 |
Dell EMC XtremIO Versions prior to 6.3.3-8, contain a Cross-Site Request Forgery Vulnerability in XMS. A non-privileged attacker could potentially exploit this vulnerability, leading to a privileged victim application user being tricked into sending state-changing requests to the vulnerable application, causing unintended server operations. |
8.8 |
Third-Party Component
|
CVE(s) |
More information |
OpenSSL |
CVE-2020-1971 |
See NVD (http://nvd.nist.gov/) for individual scores for each CVE |
CVE(s) Addressed |
Product |
Affected Version(s) |
Updated Version(s) |
Link to Update |
CVE-2020-1971 |
XtremIO X1, XtremIO X2 |
XMS versions prior to 6.3.3-8 |
XMS 6.3.3-8 |
Dell EMC recommends all customers upgrade at the earliest opportunity. Customers can contact Dell EMC support to perform the upgrade. |
CVE-2021-21549 |
CVE(s) Addressed |
Product |
Affected Version(s) |
Updated Version(s) |
Link to Update |
CVE-2020-1971 |
XtremIO X1, XtremIO X2 |
XMS versions prior to 6.3.3-8 |
XMS 6.3.3-8 |
Dell EMC recommends all customers upgrade at the earliest opportunity. Customers can contact Dell EMC support to perform the upgrade. |
CVE-2021-21549 |
None
CVE-2021-21549: Dell would like to thank Tomasz Stachowicz for reporting this issue.
Revision |
Date |
Description |
1.0 |
2021-05-13 |
Initial Release |
13 5月 2021
Dell Security Advisory