DSA-2021-091: Dell EMC XtremIO Security Update for Multiple Vulnerabilities
Сводка: Dell EMC XtremIO remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
Влияние
High
Подробные сведения
|
Proprietary Code CVE(s) |
Description |
CVSSBase Score |
CVSS Vector String |
|
CVE-2021-21549 |
Dell EMC XtremIO Versions prior to 6.3.3-8, contain a Cross-Site Request Forgery Vulnerability in XMS. A non-privileged attacker could potentially exploit this vulnerability, leading to a privileged victim application user being tricked into sending state-changing requests to the vulnerable application, causing unintended server operations. |
8.8 |
|
Third-Party Component
|
CVE(s) |
More information |
|
OpenSSL |
CVE-2020-1971 |
See NVD (http://nvd.nist.gov/) for individual scores for each CVE |
|
Proprietary Code CVE(s) |
Description |
CVSSBase Score |
CVSS Vector String |
|
CVE-2021-21549 |
Dell EMC XtremIO Versions prior to 6.3.3-8, contain a Cross-Site Request Forgery Vulnerability in XMS. A non-privileged attacker could potentially exploit this vulnerability, leading to a privileged victim application user being tricked into sending state-changing requests to the vulnerable application, causing unintended server operations. |
8.8 |
|
Third-Party Component
|
CVE(s) |
More information |
|
OpenSSL |
CVE-2020-1971 |
See NVD (http://nvd.nist.gov/) for individual scores for each CVE |
Затронутые продукты и исправление
|
CVE(s) Addressed |
Product |
Affected Version(s) |
Updated Version(s) |
Link to Update |
|
CVE-2020-1971 |
XtremIO X1, XtremIO X2 |
XMS versions prior to 6.3.3-8 |
XMS 6.3.3-8 |
Dell EMC recommends all customers upgrade at the earliest opportunity. Customers can contact Dell EMC support to perform the upgrade. |
|
CVE-2021-21549 |
|
CVE(s) Addressed |
Product |
Affected Version(s) |
Updated Version(s) |
Link to Update |
|
CVE-2020-1971 |
XtremIO X1, XtremIO X2 |
XMS versions prior to 6.3.3-8 |
XMS 6.3.3-8 |
Dell EMC recommends all customers upgrade at the earliest opportunity. Customers can contact Dell EMC support to perform the upgrade. |
|
CVE-2021-21549 |
Временные решения и снижение риска
None
История изменений
|
Revision |
Date |
Description |
|
1.0 |
2021-05-13 |
Initial Release |
Сведения об авторе и авторских правах
CVE-2021-21549: Dell would like to thank Tomasz Stachowicz for reporting this issue.