Article Number: 000189193
Medium
Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
CVE-2021-21581 | Dell EMC iDRAC9 versions before 5.00.00.00 contain a cross-site scripting vulnerability. A remote attacker may potentially exploit this vulnerability to run malicious HTML or JavaScript in a victim’s browser by tricking a victim to following a specially crafted link. | 6.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |
CVE-2021-21580 | Dell EMC iDRAC8 versions before 2.80.80.80 and Dell EMC iDRAC9 versions before 5.00.00.00 contain a Content spoofing or Text injection, where a malicious URL can inject text to present a customized message on the application that can phish users into believing that the message is legitimate. | 4.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |
CVE-2021-21579 |
Dell EMC iDRAC9 versions before 4.40.40.00 contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click maliciously crafted links. | 6.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
CVE-2021-21578 | Dell EMC iDRAC9 versions before 4.40.40.00 contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click maliciously crafted links. | 6.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
CVE-2021-21577 | Dell EMC iDRAC9 versions before 4.40.40.00 contain a DOM-based cross-site scripting vulnerability. A remote attacker may potentially exploit this vulnerability to run malicious HTML or JavaScript in a victim’s browser by tricking a victim in to following a specially crafted link. | 6.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
CVE-2021-21576 | Dell EMC iDRAC9 versions before 4.40.40.00 contain a DOM-based cross-site scripting vulnerability. A remote attacker may potentially exploit this vulnerability to run malicious HTML or JavaScript in a victim’s browser by tricking a victim in to following a specially crafted link. | 6.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
CVE-2021-21581 | Dell EMC iDRAC9 versions before 5.00.00.00 contain a cross-site scripting vulnerability. A remote attacker may potentially exploit this vulnerability to run malicious HTML or JavaScript in a victim’s browser by tricking a victim to following a specially crafted link. | 6.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |
CVE-2021-21580 | Dell EMC iDRAC8 versions before 2.80.80.80 and Dell EMC iDRAC9 versions before 5.00.00.00 contain a Content spoofing or Text injection, where a malicious URL can inject text to present a customized message on the application that can phish users into believing that the message is legitimate. | 4.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |
CVE-2021-21579 |
Dell EMC iDRAC9 versions before 4.40.40.00 contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click maliciously crafted links. | 6.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
CVE-2021-21578 | Dell EMC iDRAC9 versions before 4.40.40.00 contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click maliciously crafted links. | 6.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
CVE-2021-21577 | Dell EMC iDRAC9 versions before 4.40.40.00 contain a DOM-based cross-site scripting vulnerability. A remote attacker may potentially exploit this vulnerability to run malicious HTML or JavaScript in a victim’s browser by tricking a victim in to following a specially crafted link. | 6.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
CVE-2021-21576 | Dell EMC iDRAC9 versions before 4.40.40.00 contain a DOM-based cross-site scripting vulnerability. A remote attacker may potentially exploit this vulnerability to run malicious HTML or JavaScript in a victim’s browser by tricking a victim in to following a specially crafted link. | 6.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update |
CVE-2021-21576 | Dell EMC iDRAC9 | Versions before 4.40.40.00 | 4.40.40.00 | 4.40.40.00 |
CVE-2021-21579 | ||||
CVE-2021-21578 |
||||
CVE-2021-21577 |
||||
CVE-2021-21581 | Dell EMC iDRAC9 | Versions before 5.00.00.00 | 5.00.00.00 | 5.00.00.00 |
CVE-2021-21580 | Dell EMC iDRAC8 and Dell EMC iDRAC9 |
Versions before 2.80.80.80 & 5.00.00.00 | 2.80.80.80 and 5.00.00.00 | 2.80.80.80 5.00.00.00 |
CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update |
CVE-2021-21576 | Dell EMC iDRAC9 | Versions before 4.40.40.00 | 4.40.40.00 | 4.40.40.00 |
CVE-2021-21579 | ||||
CVE-2021-21578 |
||||
CVE-2021-21577 |
||||
CVE-2021-21581 | Dell EMC iDRAC9 | Versions before 5.00.00.00 | 5.00.00.00 | 5.00.00.00 |
CVE-2021-21580 | Dell EMC iDRAC8 and Dell EMC iDRAC9 |
Versions before 2.80.80.80 & 5.00.00.00 | 2.80.80.80 and 5.00.00.00 | 2.80.80.80 5.00.00.00 |
CVE-2021-21580: Dell Technologies would like to thank Jameel Nabbo for reporting this issue.
Revision | Date | Description |
1.0 | 2021-06-30 | Initial Release |
30 Jun 2021
Dell Security Advisory