影響
Critical
詳細
Proprietary Code CVE |
Description |
CVSS Base Score |
CVSS Vector String |
CVE-2021-21508 |
Dell VxRail, versions prior to 4.7.530 contain a Plain-text Password Storage Vulnerability. A sys-admin user may exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. |
6.7 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Third-Party Component |
CVEs |
More information |
VMware ESXi |
CVE-2021-21994 |
VMSA-2021-0014 |
CVE-2021-21995 |
VxRail Manager: SUSE Grub2 and others |
CVE-2020-14372 |
SUSE grub2 UEFI secure boot bypass issues SUSE updates |
CVE-2020-25632 |
CVE-2020-25647 |
CVE-2020-27749 |
CVE-2020-27779 |
CVE-2021-20225 |
CVE-2021-20233 |
CVE-2019-18348 |
CVE-2021-23336 |
CVE-2019-20916 |
CVE-2021-3177 |
CVE-2021-27219 |
CVE-2021-27218 |
CVE-2021-3348 |
CVE-2020-25211 |
CVE-2020-25639 |
CVE-2020-27835 |
CVE-2020-29568 |
CVE-2020-29569 |
CVE-2021-0342 |
CVE-2021-20177 |
CVE-2021-3347 |
CVE-2020-36221 |
CVE-2020-36222 |
CVE-2020-36223 |
CVE-2020-36224 |
CVE-2020-36225 |
CVE-2020-36226 |
CVE-2020-36227 |
CVE-2020-36228 |
CVE-2020-36229 |
CVE-2020-36230 |
CVE-2021-27212 |
CVE-2021-20193 |
CVE-2021-23840 |
CVE-2021-23841 |
CVE-2020-8625 |
CVE-2021-20229 |
CVE-2021-3393 |
CVE-2019-25013 |
CVE-2021-3326 |
CVE-2020-14803 |
CVE-2020-14792 |
CVE-2020-14781 |
CVE-2020-14782 |
CVE-2020-14797 |
CVE-2020-14779 |
CVE-2020-14796 |
CVE-2020-14798 |
VxRail Manager: OpenSSL |
CVE-2020-1971 |
OpenSSL |
VxRail Node: Dell iDRAC8 Updates
- VxRail E460
- VxRail E460F
- VxRail P470
- VxRail P470F
- VxRail V470
- VxRail V470F
- VxRail S470
|
CVE-2021-21510 |
DSA-2021-041: Dell iDRAC 8 Security Update for a host header injection |
VxRail Node: Dell iDRAC9 Updates
- VxRail E560
- VxRail E560F
- VxRail E560N
- VxRail P570
- VxRail P570F
- VxRail V570
- VxRail V570F
- VxRail G560
- VxRail G560/F
- VxRail S570
- VxRail P580N
- VxRail D560
- VxRail D560F
|
CVE-2021-21539 |
DSA-2021-073: Dell iDRAC 9 Security Update for Multiple Vulnerabilities |
CVE-2021-21540 |
CVE-2021-21541 |
CVE-2021-21542 |
CVE-2021-21543 |
CVE-2021-21544 |
VxRail Node: Dell iDRAC9 Updates
- VxRail E560
- VxRail E560F
- VxRail E560N
- VxRail P570
- VxRail P570F
- VxRail V570
- VxRail V570F
- VxRail G560
- VxRail G560/F
- VxRail S570
- VxRail P580N
- VxRail D560
- VxRail D560F
|
CVE-2020-26198 |
DSA-2020-268: Dell EMC iDRAC9 Reflected XSS Vulnerability |
VxRail Node: Dell iDRAC9 Updates
- VxRail E560
- VxRail E560F
- VxRail E560N
- VxRail P570
- VxRail P570F
- VxRail V570
- VxRail V570F
- VxRail G560
- VxRail G560/F
- VxRail S570
- VxRail P580N
- VxRail D560
- VxRail D560F
|
CVE-2021-21538 |
DSA-2021-082: Dell iDRAC 9 Security Update for Improper Authentication Vulnerability |
|
Proprietary Code CVE |
Description |
CVSS Base Score |
CVSS Vector String |
CVE-2021-21508 |
Dell VxRail, versions prior to 4.7.530 contain a Plain-text Password Storage Vulnerability. A sys-admin user may exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. |
6.7 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Third-Party Component |
CVEs |
More information |
VMware ESXi |
CVE-2021-21994 |
VMSA-2021-0014 |
CVE-2021-21995 |
VxRail Manager: SUSE Grub2 and others |
CVE-2020-14372 |
SUSE grub2 UEFI secure boot bypass issues SUSE updates |
CVE-2020-25632 |
CVE-2020-25647 |
CVE-2020-27749 |
CVE-2020-27779 |
CVE-2021-20225 |
CVE-2021-20233 |
CVE-2019-18348 |
CVE-2021-23336 |
CVE-2019-20916 |
CVE-2021-3177 |
CVE-2021-27219 |
CVE-2021-27218 |
CVE-2021-3348 |
CVE-2020-25211 |
CVE-2020-25639 |
CVE-2020-27835 |
CVE-2020-29568 |
CVE-2020-29569 |
CVE-2021-0342 |
CVE-2021-20177 |
CVE-2021-3347 |
CVE-2020-36221 |
CVE-2020-36222 |
CVE-2020-36223 |
CVE-2020-36224 |
CVE-2020-36225 |
CVE-2020-36226 |
CVE-2020-36227 |
CVE-2020-36228 |
CVE-2020-36229 |
CVE-2020-36230 |
CVE-2021-27212 |
CVE-2021-20193 |
CVE-2021-23840 |
CVE-2021-23841 |
CVE-2020-8625 |
CVE-2021-20229 |
CVE-2021-3393 |
CVE-2019-25013 |
CVE-2021-3326 |
CVE-2020-14803 |
CVE-2020-14792 |
CVE-2020-14781 |
CVE-2020-14782 |
CVE-2020-14797 |
CVE-2020-14779 |
CVE-2020-14796 |
CVE-2020-14798 |
VxRail Manager: OpenSSL |
CVE-2020-1971 |
OpenSSL |
VxRail Node: Dell iDRAC8 Updates
- VxRail E460
- VxRail E460F
- VxRail P470
- VxRail P470F
- VxRail V470
- VxRail V470F
- VxRail S470
|
CVE-2021-21510 |
DSA-2021-041: Dell iDRAC 8 Security Update for a host header injection |
VxRail Node: Dell iDRAC9 Updates
- VxRail E560
- VxRail E560F
- VxRail E560N
- VxRail P570
- VxRail P570F
- VxRail V570
- VxRail V570F
- VxRail G560
- VxRail G560/F
- VxRail S570
- VxRail P580N
- VxRail D560
- VxRail D560F
|
CVE-2021-21539 |
DSA-2021-073: Dell iDRAC 9 Security Update for Multiple Vulnerabilities |
CVE-2021-21540 |
CVE-2021-21541 |
CVE-2021-21542 |
CVE-2021-21543 |
CVE-2021-21544 |
VxRail Node: Dell iDRAC9 Updates
- VxRail E560
- VxRail E560F
- VxRail E560N
- VxRail P570
- VxRail P570F
- VxRail V570
- VxRail V570F
- VxRail G560
- VxRail G560/F
- VxRail S570
- VxRail P580N
- VxRail D560
- VxRail D560F
|
CVE-2020-26198 |
DSA-2020-268: Dell EMC iDRAC9 Reflected XSS Vulnerability |
VxRail Node: Dell iDRAC9 Updates
- VxRail E560
- VxRail E560F
- VxRail E560N
- VxRail P570
- VxRail P570F
- VxRail V570
- VxRail V570F
- VxRail G560
- VxRail G560/F
- VxRail S570
- VxRail P580N
- VxRail D560
- VxRail D560F
|
CVE-2021-21538 |
DSA-2021-082: Dell iDRAC 9 Security Update for Improper Authentication Vulnerability |
|
デル・テクノロジーズでは、すべてのお客様に対して、CVSSベース スコアに加えて、特定のセキュリティの脆弱性に付随する潜在的な重要度に影響する可能性のある現状スコアや環境スコアも考慮することをお勧めしています。
影響を受ける製品と修復
CVEs Addressed |
Product |
Affected Versions |
Updated Version |
See table above |
Dell VxRail Appliance |
4.7.x versions before 4.7.530 |
4.7.530 |
CVEs Addressed |
Product |
Affected Versions |
Updated Version |
See table above |
Dell VxRail Appliance |
4.7.x versions before 4.7.530 |
4.7.530 |
変更履歴
1.0 | 2021-05-05 | Initial Release | 1.1 | 2021-05-11 | Updated with DSA-2021-082 after embargo date. | 1.2 | 2021-06-04 | Added CVE updates for SUSE packages. | 1.3 | 2021-08-03 | Updated with VMSA-2021-0014 after embargo date |
|
|
|
関連情報
Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide