DSA-2021-113: Dell OpenManage Enterprise and Dell OpenManage Enterprise-Modular Security Update for Multiple Vulnerabilities
摘要: Dell OpenManage Enterprise and Dell OpenManage Enterprise-Modular remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system. ...
本文章適用於
本文章不適用於
本文無關於任何特定產品。
本文未識別所有產品版本。
影響
Critical
詳細資料
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2021-21564 | Dell OpenManage Enterprise versions prior to 3.6.1 contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to hijack an elevated session or perform unauthorized actions by sending malformed data. | 9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| CVE-2021-21584 | Dell OpenManage Enterprise version 3.5 and OpenManage Enterprise-Modular version 1.30.00 contain an information disclosure vulnerability. An authenticated low privileged attacker may potentially exploit this vulnerability leading to disclosure of the OIDC server credentials. | 7.7 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N |
| CVE-2021-21585 | Dell OpenManage Enterprise versions prior to 3.6.1 contain an OS command injection vulnerability in RACADM and IPMI tools. A remote authenticated malicious user with high privileges may potentially exploit this vulnerability to execute arbitrary OS commands. | 9.1 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
| CVE-2021-21596 | Dell OpenManage Enterprise versions 3.4 through 3.6.1 and Dell OpenManage Enterprise Modular versions 1.20.00 through 1.30.00, contain a remote code execution vulnerability. A malicious attacker with access to the immediate subnet may potentially exploit this vulnerability leading to information disclosure and a possible elevation of privileges. | 9.6 | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2021-21564 | Dell OpenManage Enterprise versions prior to 3.6.1 contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to hijack an elevated session or perform unauthorized actions by sending malformed data. | 9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| CVE-2021-21584 | Dell OpenManage Enterprise version 3.5 and OpenManage Enterprise-Modular version 1.30.00 contain an information disclosure vulnerability. An authenticated low privileged attacker may potentially exploit this vulnerability leading to disclosure of the OIDC server credentials. | 7.7 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N |
| CVE-2021-21585 | Dell OpenManage Enterprise versions prior to 3.6.1 contain an OS command injection vulnerability in RACADM and IPMI tools. A remote authenticated malicious user with high privileges may potentially exploit this vulnerability to execute arbitrary OS commands. | 9.1 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
| CVE-2021-21596 | Dell OpenManage Enterprise versions 3.4 through 3.6.1 and Dell OpenManage Enterprise Modular versions 1.20.00 through 1.30.00, contain a remote code execution vulnerability. A malicious attacker with access to the immediate subnet may potentially exploit this vulnerability leading to information disclosure and a possible elevation of privileges. | 9.6 | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
受影響的產品與補救措施
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2021-21564 | Dell OpenManage Enterprise | Versions prior to 3.6.1 | 3.6.1 | KB article 175879 :Support for Dell EMC OpenManage Enterprise |
| CVE-2021-21584 | Dell OpenManage Enterprise | Version 3.5 only | 3.6.1 | KB article 175879: Support for Dell EMC OpenManage Enterprise |
| Dell OpenManage Enterprise-Modular | Version 1.30.00 | 1.30.10 | OpenManage Enterprise Modular v1.30.10 | Driver Details | Dell US | |
| CVE-2021-21585 | Dell OpenManage Enterprise | Versions prior to 3.6.1 | 3.6.1 | KB article 175879: Support for Dell EMC OpenManage Enterprise |
| CVE-2021-21596 | Dell OpenManage Enterprise | Versions 3.4 through 3.6.1 | 3.6.2 | https://dl.dell.com/openmanage_enterprise/3.6.2/ |
| Dell OpenManage Enterprise-Modular | Versions 1.20.00 through 1.30.00 | 1.30.10 | OpenManage Enterprise Modular v1.30.10 | Driver Details | Dell US |
Note: The table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available. Dell Technologies recommends updating to the latest versions at the earliest opportunity.
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2021-21564 | Dell OpenManage Enterprise | Versions prior to 3.6.1 | 3.6.1 | KB article 175879 :Support for Dell EMC OpenManage Enterprise |
| CVE-2021-21584 | Dell OpenManage Enterprise | Version 3.5 only | 3.6.1 | KB article 175879: Support for Dell EMC OpenManage Enterprise |
| Dell OpenManage Enterprise-Modular | Version 1.30.00 | 1.30.10 | OpenManage Enterprise Modular v1.30.10 | Driver Details | Dell US | |
| CVE-2021-21585 | Dell OpenManage Enterprise | Versions prior to 3.6.1 | 3.6.1 | KB article 175879: Support for Dell EMC OpenManage Enterprise |
| CVE-2021-21596 | Dell OpenManage Enterprise | Versions 3.4 through 3.6.1 | 3.6.2 | https://dl.dell.com/openmanage_enterprise/3.6.2/ |
| Dell OpenManage Enterprise-Modular | Versions 1.20.00 through 1.30.00 | 1.30.10 | OpenManage Enterprise Modular v1.30.10 | Driver Details | Dell US |
Note: The table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available. Dell Technologies recommends updating to the latest versions at the earliest opportunity.
修訂歷史記錄
| Revision | Date | Description |
| 1.0 | 2021-07-19 | Initial release |
感謝
CVE-2021-21596: Dell Technologies would like to thank Pierre Kim and Alexandre Torres for reporting this issue.
相關資訊
法律免責聲明
受影響的產品
Dell EMC OpenManage Enterprise, Dell OpenManage Enterprise-Modular, Product Security Information文章屬性
文章編號: 000189673
文章類型: Dell Security Advisory
上次修改時間: 19 7月 2021
向其他 Dell 使用者尋求您問題的答案
支援服務
檢查您的裝置是否在支援服務的涵蓋範圍內。