Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.

Article Number: 000189673


DSA-2021-113: Dell OpenManage Enterprise and Dell OpenManage Enterprise-Modular Security Update for Multiple Vulnerabilities

Summary: Dell OpenManage Enterprise and Dell OpenManage Enterprise-Modular remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromiseSee more

Article Content


Impact

Critical

Details

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2021-21564 Dell OpenManage Enterprise versions prior to 3.6.1 contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to hijack an elevated session or perform unauthorized actions by sending malformed data. 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-21584 Dell OpenManage Enterprise version 3.5 and OpenManage Enterprise-Modular version 1.30.00 contain an information disclosure vulnerability. An authenticated low privileged attacker may potentially exploit this vulnerability leading to disclosure of the OIDC server credentials. 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
CVE-2021-21585 Dell OpenManage Enterprise versions prior to 3.6.1 contain an OS command injection vulnerability in RACADM and IPMI tools. A remote authenticated malicious user with high privileges may potentially exploit this vulnerability to execute arbitrary OS commands. 9.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2021-21596 Dell OpenManage Enterprise versions 3.4 through 3.6.1 and Dell OpenManage Enterprise Modular versions 1.20.00 through 1.30.00, contain a remote code execution vulnerability. A malicious attacker with access to the immediate subnet may potentially exploit this vulnerability leading to information disclosure and a possible elevation of privileges. 9.6 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2021-21564 Dell OpenManage Enterprise versions prior to 3.6.1 contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to hijack an elevated session or perform unauthorized actions by sending malformed data. 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-21584 Dell OpenManage Enterprise version 3.5 and OpenManage Enterprise-Modular version 1.30.00 contain an information disclosure vulnerability. An authenticated low privileged attacker may potentially exploit this vulnerability leading to disclosure of the OIDC server credentials. 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
CVE-2021-21585 Dell OpenManage Enterprise versions prior to 3.6.1 contain an OS command injection vulnerability in RACADM and IPMI tools. A remote authenticated malicious user with high privileges may potentially exploit this vulnerability to execute arbitrary OS commands. 9.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2021-21596 Dell OpenManage Enterprise versions 3.4 through 3.6.1 and Dell OpenManage Enterprise Modular versions 1.20.00 through 1.30.00, contain a remote code execution vulnerability. A malicious attacker with access to the immediate subnet may potentially exploit this vulnerability leading to information disclosure and a possible elevation of privileges. 9.6 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

CVEs Addressed Product Affected Versions Updated Versions Link to Update
CVE-2021-21564 Dell OpenManage Enterprise Versions prior to 3.6.1 3.6.1 KB article 175879 :Support for Dell EMC OpenManage Enterprise
CVE-2021-21584 Dell OpenManage Enterprise Version 3.5 only 3.6.1 KB article 175879: Support for Dell EMC OpenManage Enterprise
Dell OpenManage Enterprise-Modular Version 1.30.00 1.30.10 OpenManage Enterprise Modular v1.30.10 | Driver Details | Dell US
CVE-2021-21585 Dell OpenManage Enterprise Versions prior to 3.6.1 3.6.1 KB article 175879: Support for Dell EMC OpenManage Enterprise
CVE-2021-21596 Dell OpenManage Enterprise Versions 3.4 through 3.6.1 3.6.2 https://dl.dell.com/openmanage_enterprise/3.6.2/
Dell OpenManage Enterprise-Modular Versions 1.20.00 through 1.30.00 1.30.10 OpenManage Enterprise Modular v1.30.10 | Driver Details | Dell US

Note: The table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available. Dell Technologies recommends updating to the latest versions at the earliest opportunity.
CVEs Addressed Product Affected Versions Updated Versions Link to Update
CVE-2021-21564 Dell OpenManage Enterprise Versions prior to 3.6.1 3.6.1 KB article 175879 :Support for Dell EMC OpenManage Enterprise
CVE-2021-21584 Dell OpenManage Enterprise Version 3.5 only 3.6.1 KB article 175879: Support for Dell EMC OpenManage Enterprise
Dell OpenManage Enterprise-Modular Version 1.30.00 1.30.10 OpenManage Enterprise Modular v1.30.10 | Driver Details | Dell US
CVE-2021-21585 Dell OpenManage Enterprise Versions prior to 3.6.1 3.6.1 KB article 175879: Support for Dell EMC OpenManage Enterprise
CVE-2021-21596 Dell OpenManage Enterprise Versions 3.4 through 3.6.1 3.6.2 https://dl.dell.com/openmanage_enterprise/3.6.2/
Dell OpenManage Enterprise-Modular Versions 1.20.00 through 1.30.00 1.30.10 OpenManage Enterprise Modular v1.30.10 | Driver Details | Dell US

Note: The table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available. Dell Technologies recommends updating to the latest versions at the earliest opportunity.
Acknowledgements

CVE-2021-21596: Dell Technologies would like to thank Pierre Kim and Alexandre Torres for reporting this issue.

Revision History

RevisionDateDescription
1.02021-07-19Initial release

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide


Article Properties


Affected Product

Dell EMC OpenManage Enterprise, Dell OpenManage Enterprise-Modular, Product Security Information

Last Published Date

19 Jul 2021

Version

2

Article Type

Dell Security Advisory