Impact
High
Details
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
CVE-2021-36326 |
Dell EMC Streaming Data Platform, versions before 1.3 contain an SSL Strip Vulnerability in the User Interface (UI). A remote unauthenticated attacker may potentially exploit this vulnerability, leading to a downgrade in the communications between the client and server into an unencrypted format. |
6.5 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
CVE-2021-36327 |
Dell EMC Streaming Data Platform versions before 1.3 contain a Server Side Request Forgery Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to perform port scanning of internal networks and make HTTP requests to an arbitrary domain of the attacker's choice. |
5.3 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N |
CVE-2021-36328 |
Dell EMC Streaming Data Platform versions before 1.3 contain a SQL Injection Vulnerability. A remote malicious user may potentially exploit this vulnerability to execute SQL commands to perform unauthorized actions and retrieve sensitive information from the database. |
8.8 |
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
CVE-2021-36329 |
Dell EMC Streaming Data Platform versions before 1.3 contain an Indirect Object Reference Vulnerability. A remote malicious user may potentially exploit this vulnerability to gain sensitive information. |
6.5 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
CVE-2021-36330 |
Dell EMC Streaming Data Platform versions before 1.3 contain an Insufficient Session Expiration Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to reuse old session artifacts to impersonate a legitimate user. |
8.1 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Third-Party Component |
CVEs |
More information |
busybox |
CVE-2018-1000500 |
See NVD (http://nvd.nist.gov/) for individual scores for each CVE |
CVE-2018-20679 |
CVE-2019-5747 |
CVE-2021-28831 |
@grpc/grpc-js |
CVE-2020-7768 |
ajv |
CVE-2020-15366 |
Apache Commons Compress |
CVE-2019-12402 |
Apache CXF |
CVE-2021-22696 |
CVE-2021-30468 |
Apache Log4j |
CVE-2017-5645 |
CVE-2019-17571 |
Apache Thrift |
CVE-2019-0205 |
CVE-2019-0210 |
CVE-2020-13949 |
apk-tools |
CVE-2021-30139 |
Bash |
CVE-2019-18276 |
Bouncy Castle |
CVE-2020-28052 |
Common Unix Printing System (CUPS) |
CVE-2017-18190 |
curl |
CVE-2016-8615 |
CVE-2016-8617 |
CVE-2016-8618 |
CVE-2016-8619 |
CVE-2016-8621 |
CVE-2016-8622 |
CVE-2016-8623 |
CVE-2016-8624 |
CVE-2016-8625 |
CVE-2016-9586 |
CVE-2017-1000254 |
CVE-2018-16839 |
CVE-2018-16840 |
CVE-2018-16842 |
CVE-2018-16890 |
CVE-2019-3823 |
CVE-2019-5436 |
CVE-2019-5481 |
CVE-2019-5482 |
CVE-2020-8169 |
CVE-2020-8177 |
curl |
CVE-2020-8231 |
CVE-2020-8285 |
CVE-2020-8286 |
Cyrus SASL |
CVE-2019-19906 |
Data Mapper for Jackson |
CVE-2019-10172 |
D-Bus |
CVE-2019-12749 |
giflib -- A library for processing GIFs |
CVE-2020-23922 |
Git |
CVE-2021-21300 |
GLib |
CVE-2018-16429 |
CVE-2019-12450 |
CVE-2019-13012 |
CVE-2019-14822 |
CVE-2021-27218 |
CVE-2021-27219 |
GNU Binutils |
CVE-2021-20294 |
GNU C Library |
CVE-2009-5155 |
CVE-2015-8982 |
CVE-2016-1234 |
CVE-2019-9169 |
CVE-2020-1751 |
CVE-2020-1752 |
GNU C Library |
CVE-2020-29573 |
CVE-2020-6096 |
CVE-2021-3326 |
GNU cpio |
CVE-2019-14866 |
GnuPG |
CVE-2018-1000858 |
CVE-2019-13050 |
GnuTLS |
CVE-2020-24659 |
CVE-2021-20231 |
CVE-2021-20232 |
Grafana |
CVE-2021-27962 |
CVE-2021-28148 |
Jackson data formats: Binary |
CVE-2020-28491 |
jackson-databind |
CVE-2018-19360 |
CVE-2018-19361 |
CVE-2018-19362 |
CVE-2019-12086 |
CVE-2019-14379 |
CVE-2019-14439 |
CVE-2019-14540 |
CVE-2019-14892 |
CVE-2019-14893 |
|
CVE-2019-16335 |
CVE-2019-16942 |
CVE-2019-16943 |
CVE-2019-17267 |
CVE-2019-17531 |
CVE-2019-20330 |
CVE-2020-10672 |
CVE-2020-10673 |
CVE-2020-10968 |
CVE-2020-10969 |
CVE-2020-11111 |
CVE-2020-11112 |
CVE-2020-11113 |
CVE-2020-11619 |
CVE-2020-11620 |
CVE-2020-14060 |
CVE-2020-14061 |
CVE-2020-14062 |
CVE-2020-14195 |
CVE-2020-24616 |
CVE-2020-24750 |
|
CVE-2020-25649 |
CVE-2020-35490 |
CVE-2020-35491 |
CVE-2020-35728 |
CVE-2020-36179 |
CVE-2020-36180 |
CVE-2020-36181 |
CVE-2020-36182 |
CVE-2020-36183 |
CVE-2020-36184 |
CVE-2020-36185 |
CVE-2020-36186 |
CVE-2020-36187 |
CVE-2020-36188 |
CVE-2020-36189 |
CVE-2020-8840 |
CVE-2020-9546 |
CVE-2020-9547 |
CVE-2020-9548 |
CVE-2021-20190 |
JBoss Remoting |
CVE-2020-35510 |
Jetty: Java based HTTP/1.x, HTTP/2, Servlet, WebSocket Server |
CVE-2017-7656 |
CVE-2017-7657 |
CVE-2017-7658 |
CVE-2017-9735 |
CVE-2018-12538 |
CVE-2018-12545 |
CVE-2020-27216 |
CVE-2021-28165 |
json-bigint |
CVE-2020-8237 |
krb5/krb5 |
CVE-2020-28196 |
Kubernetes Client API |
CVE-2020-8570 |
libarchive |
CVE-2017-14502 |
libexpat |
CVE-2016-4472 |
CVE-2016-5300 |
CVE-2017-9233 |
CVE-2018-20843 |
CVE-2019-15903 |
libgcrypt |
CVE-2021-33560 |
Open SSL |
CVE-2021-3711 |
CVE-2021-3712 |
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
CVE-2021-36326 |
Dell EMC Streaming Data Platform, versions before 1.3 contain an SSL Strip Vulnerability in the User Interface (UI). A remote unauthenticated attacker may potentially exploit this vulnerability, leading to a downgrade in the communications between the client and server into an unencrypted format. |
6.5 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
CVE-2021-36327 |
Dell EMC Streaming Data Platform versions before 1.3 contain a Server Side Request Forgery Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to perform port scanning of internal networks and make HTTP requests to an arbitrary domain of the attacker's choice. |
5.3 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N |
CVE-2021-36328 |
Dell EMC Streaming Data Platform versions before 1.3 contain a SQL Injection Vulnerability. A remote malicious user may potentially exploit this vulnerability to execute SQL commands to perform unauthorized actions and retrieve sensitive information from the database. |
8.8 |
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
CVE-2021-36329 |
Dell EMC Streaming Data Platform versions before 1.3 contain an Indirect Object Reference Vulnerability. A remote malicious user may potentially exploit this vulnerability to gain sensitive information. |
6.5 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
CVE-2021-36330 |
Dell EMC Streaming Data Platform versions before 1.3 contain an Insufficient Session Expiration Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to reuse old session artifacts to impersonate a legitimate user. |
8.1 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Third-Party Component |
CVEs |
More information |
busybox |
CVE-2018-1000500 |
See NVD (http://nvd.nist.gov/) for individual scores for each CVE |
CVE-2018-20679 |
CVE-2019-5747 |
CVE-2021-28831 |
@grpc/grpc-js |
CVE-2020-7768 |
ajv |
CVE-2020-15366 |
Apache Commons Compress |
CVE-2019-12402 |
Apache CXF |
CVE-2021-22696 |
CVE-2021-30468 |
Apache Log4j |
CVE-2017-5645 |
CVE-2019-17571 |
Apache Thrift |
CVE-2019-0205 |
CVE-2019-0210 |
CVE-2020-13949 |
apk-tools |
CVE-2021-30139 |
Bash |
CVE-2019-18276 |
Bouncy Castle |
CVE-2020-28052 |
Common Unix Printing System (CUPS) |
CVE-2017-18190 |
curl |
CVE-2016-8615 |
CVE-2016-8617 |
CVE-2016-8618 |
CVE-2016-8619 |
CVE-2016-8621 |
CVE-2016-8622 |
CVE-2016-8623 |
CVE-2016-8624 |
CVE-2016-8625 |
CVE-2016-9586 |
CVE-2017-1000254 |
CVE-2018-16839 |
CVE-2018-16840 |
CVE-2018-16842 |
CVE-2018-16890 |
CVE-2019-3823 |
CVE-2019-5436 |
CVE-2019-5481 |
CVE-2019-5482 |
CVE-2020-8169 |
CVE-2020-8177 |
curl |
CVE-2020-8231 |
CVE-2020-8285 |
CVE-2020-8286 |
Cyrus SASL |
CVE-2019-19906 |
Data Mapper for Jackson |
CVE-2019-10172 |
D-Bus |
CVE-2019-12749 |
giflib -- A library for processing GIFs |
CVE-2020-23922 |
Git |
CVE-2021-21300 |
GLib |
CVE-2018-16429 |
CVE-2019-12450 |
CVE-2019-13012 |
CVE-2019-14822 |
CVE-2021-27218 |
CVE-2021-27219 |
GNU Binutils |
CVE-2021-20294 |
GNU C Library |
CVE-2009-5155 |
CVE-2015-8982 |
CVE-2016-1234 |
CVE-2019-9169 |
CVE-2020-1751 |
CVE-2020-1752 |
GNU C Library |
CVE-2020-29573 |
CVE-2020-6096 |
CVE-2021-3326 |
GNU cpio |
CVE-2019-14866 |
GnuPG |
CVE-2018-1000858 |
CVE-2019-13050 |
GnuTLS |
CVE-2020-24659 |
CVE-2021-20231 |
CVE-2021-20232 |
Grafana |
CVE-2021-27962 |
CVE-2021-28148 |
Jackson data formats: Binary |
CVE-2020-28491 |
jackson-databind |
CVE-2018-19360 |
CVE-2018-19361 |
CVE-2018-19362 |
CVE-2019-12086 |
CVE-2019-14379 |
CVE-2019-14439 |
CVE-2019-14540 |
CVE-2019-14892 |
CVE-2019-14893 |
|
CVE-2019-16335 |
CVE-2019-16942 |
CVE-2019-16943 |
CVE-2019-17267 |
CVE-2019-17531 |
CVE-2019-20330 |
CVE-2020-10672 |
CVE-2020-10673 |
CVE-2020-10968 |
CVE-2020-10969 |
CVE-2020-11111 |
CVE-2020-11112 |
CVE-2020-11113 |
CVE-2020-11619 |
CVE-2020-11620 |
CVE-2020-14060 |
CVE-2020-14061 |
CVE-2020-14062 |
CVE-2020-14195 |
CVE-2020-24616 |
CVE-2020-24750 |
|
CVE-2020-25649 |
CVE-2020-35490 |
CVE-2020-35491 |
CVE-2020-35728 |
CVE-2020-36179 |
CVE-2020-36180 |
CVE-2020-36181 |
CVE-2020-36182 |
CVE-2020-36183 |
CVE-2020-36184 |
CVE-2020-36185 |
CVE-2020-36186 |
CVE-2020-36187 |
CVE-2020-36188 |
CVE-2020-36189 |
CVE-2020-8840 |
CVE-2020-9546 |
CVE-2020-9547 |
CVE-2020-9548 |
CVE-2021-20190 |
JBoss Remoting |
CVE-2020-35510 |
Jetty: Java based HTTP/1.x, HTTP/2, Servlet, WebSocket Server |
CVE-2017-7656 |
CVE-2017-7657 |
CVE-2017-7658 |
CVE-2017-9735 |
CVE-2018-12538 |
CVE-2018-12545 |
CVE-2020-27216 |
CVE-2021-28165 |
json-bigint |
CVE-2020-8237 |
krb5/krb5 |
CVE-2020-28196 |
Kubernetes Client API |
CVE-2020-8570 |
libarchive |
CVE-2017-14502 |
libexpat |
CVE-2016-4472 |
CVE-2016-5300 |
CVE-2017-9233 |
CVE-2018-20843 |
CVE-2019-15903 |
libgcrypt |
CVE-2021-33560 |
Open SSL |
CVE-2021-3711 |
CVE-2021-3712 |
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.
Product |
Affected Versions |
Updated Version |
Link to Update |
Dell EMC Streaming Data Platform |
1.1.x and 1.2.x |
1.3 |
Link to update |
Product |
Affected Versions |
Updated Version |
Link to Update |
Dell EMC Streaming Data Platform |
1.1.x and 1.2.x |
1.3 |
Link to update |
Revision History
Revision | Date | Description |
1.0 | 2021-11-19 | Initial Release |
Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide
Affected Products
Streaming Data Platform
Products
Product Security Information