DSA-2021-138: Dell PowerFlex Security Update for a Cross-Site WebSocket Hijacking in WebUI/Presentation Server Vulnerability
Résumé: Dell PowerFlex remediation is available for the Presentation Server that could be exploited by malicious users to compromise the affected system.
Cet article concerne
Cet article ne concerne pas
Cet article n’est associé à aucun produit spécifique.
Toutes les versions du produit ne sont pas identifiées dans cet article.
Impact
Medium
Détails
| Proprietary Code CVE(s) | Description | CVSS Base Score | CVSS Vector String |
| CVE-2021-21588 | Dell PowerFlex versions 3.5.x contain a Cross-Site WebSocket Hijacking Vulnerability in the Presentation Server/WebUI. An unauthenticated attacker may potentially exploit this vulnerability by tricking the user into performing unwanted actions on the Presentation Server which may lead to configuration changes. | 6.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
| Proprietary Code CVE(s) | Description | CVSS Base Score | CVSS Vector String |
| CVE-2021-21588 | Dell PowerFlex versions 3.5.x contain a Cross-Site WebSocket Hijacking Vulnerability in the Presentation Server/WebUI. An unauthenticated attacker may potentially exploit this vulnerability by tricking the user into performing unwanted actions on the Presentation Server which may lead to configuration changes. | 6.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Produits concernés et mesure corrective
| Product | Affected Versions | Updated Version | Link to Update |
| PowerFlex Presentation Server |
3.5.x | 3.6 | https://dl.dell.com/downloads/DL104415_PowerFlex-3.6-Build-355-Complete-Software-Download.zip |
| Product | Affected Versions | Updated Version | Link to Update |
| PowerFlex Presentation Server |
3.5.x | 3.6 | https://dl.dell.com/downloads/DL104415_PowerFlex-3.6-Build-355-Complete-Software-Download.zip |
Historique des révisions
| Revision | Date | Description |
| 1.0 | 2021-07-01 | Initial Release |
Informations connexes
Mention légale
Produits concernés
Product Security InformationPropriétés de l’article
Numéro d’article: 000189265
Type d’article: Dell Security Advisory
Dernière modification: 01 Jul 2021
Trouvez des réponses à vos questions auprès d’autres utilisateurs Dell
Services de support
Vérifiez si votre appareil est couvert par les services de support.