DSA-2021-060: Dell OpenManage Enterprise-Modular (OME-M) Security Update for a Bypass Vulnerability
Zusammenfassung: Dell OpenManage Enterprise-Modular (OME-M) remediation is available for a security bypass vulnerability that may be exploited to compromise the affected systems.
Dieser Artikel gilt für
Dieser Artikel gilt nicht für
Dieser Artikel ist nicht an ein bestimmtes Produkt gebunden.
In diesem Artikel werden nicht alle Produktversionen aufgeführt.
Auswirkungen
High
Details
| Proprietary Code CVE(s) | Description | CVSS Base Score | CVSS Vector String |
| CVE-2021-21530 | Dell OpenManage Enterprise-Modular (OME-M) versions prior to 1.30.00 contain a security bypass vulnerability. An authenticated malicious user with low privileges may potentially exploit the vulnerability to escape from the restricted environment and gain access to sensitive information in the system, resulting in information disclosure and elevation of privilege. | 8.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H |
| Proprietary Code CVE(s) | Description | CVSS Base Score | CVSS Vector String |
| CVE-2021-21530 | Dell OpenManage Enterprise-Modular (OME-M) versions prior to 1.30.00 contain a security bypass vulnerability. An authenticated malicious user with low privileges may potentially exploit the vulnerability to escape from the restricted environment and gain access to sensitive information in the system, resulting in information disclosure and elevation of privilege. | 8.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H |
Betroffene Produkte und Korrektur
| Product | Affected Version(s) | Updated Version(s) | Link to Update |
| OpenManage Enterprise-Modular (OME-M) | Versions prior to 1.30.00 | 1.30.00 | OpenManage Enterprise Modular v1.30.00 | Driver Details | Dell US |
| Product | Affected Version(s) | Updated Version(s) | Link to Update |
| OpenManage Enterprise-Modular (OME-M) | Versions prior to 1.30.00 | 1.30.00 | OpenManage Enterprise Modular v1.30.00 | Driver Details | Dell US |
Revisionsverlauf
| Revision | Date | Description |
| 1.0 | 2020-04-12 | Initial Release |
Danksagung
CVE-2021-21530: Dell would like to thank Thorsten Tüllmann of Karlsruhe Institute of Technology
Zugehörige Informationen
Rechtlicher Hinweis
Betroffene Produkte
Dell OpenManage Enterprise-ModularProdukte
Product Security InformationArtikeleigenschaften
Artikelnummer: 000185205
Artikeltyp: Dell Security Advisory
Zuletzt geändert: 13 Apr. 2021
Antworten auf Ihre Fragen erhalten Sie von anderen Dell NutzerInnen
Support Services
Prüfen Sie, ob Ihr Gerät durch Support Services abgedeckt ist.