文書番号: 000193697
High
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2021-36326 | Dell EMC Streaming Data Platform, versions before 1.3 contain an SSL Strip Vulnerability in the User Interface (UI). A remote unauthenticated attacker may potentially exploit this vulnerability, leading to a downgrade in the communications between the client and server into an unencrypted format. | 6.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
| CVE-2021-36327 | Dell EMC Streaming Data Platform versions before 1.3 contain a Server Side Request Forgery Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to perform port scanning of internal networks and make HTTP requests to an arbitrary domain of the attacker's choice. | 5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N |
| CVE-2021-36328 | Dell EMC Streaming Data Platform versions before 1.3 contain a SQL Injection Vulnerability. A remote malicious user may potentially exploit this vulnerability to execute SQL commands to perform unauthorized actions and retrieve sensitive information from the database. | 8.8 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| CVE-2021-36329 | Dell EMC Streaming Data Platform versions before 1.3 contain an Indirect Object Reference Vulnerability. A remote malicious user may potentially exploit this vulnerability to gain sensitive information. | 6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
| CVE-2021-36330 | Dell EMC Streaming Data Platform versions before 1.3 contain an Insufficient Session Expiration Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to reuse old session artifacts to impersonate a legitimate user. | 8.1 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Third-Party Component |
CVEs | More information |
| busybox | CVE-2018-1000500 | See NVD (http://nvd.nist.gov/) for individual scores for each CVE |
| CVE-2018-20679 | ||
| CVE-2019-5747 | ||
| CVE-2021-28831 | ||
| @grpc/grpc-js | CVE-2020-7768 | |
| ajv | CVE-2020-15366 | |
| Apache Commons Compress | CVE-2019-12402 | |
| Apache CXF | CVE-2021-22696 | |
| CVE-2021-30468 | ||
| Apache Log4j | CVE-2017-5645 | |
| CVE-2019-17571 | ||
| Apache Thrift | CVE-2019-0205 | |
| CVE-2019-0210 | ||
| CVE-2020-13949 | ||
| apk-tools | CVE-2021-30139 | |
| Bash | CVE-2019-18276 | |
| Bouncy Castle | CVE-2020-28052 | |
| Common Unix Printing System (CUPS) | CVE-2017-18190 | |
| curl | CVE-2016-8615 | |
| CVE-2016-8617 | ||
| CVE-2016-8618 | ||
| CVE-2016-8619 | ||
| CVE-2016-8621 | ||
| CVE-2016-8622 | ||
| CVE-2016-8623 | ||
| CVE-2016-8624 | ||
| CVE-2016-8625 | ||
| CVE-2016-9586 | ||
| CVE-2017-1000254 | ||
| CVE-2018-16839 | ||
| CVE-2018-16840 | ||
| CVE-2018-16842 | ||
| CVE-2018-16890 | ||
| CVE-2019-3823 | ||
| CVE-2019-5436 | ||
| CVE-2019-5481 | ||
| CVE-2019-5482 | ||
| CVE-2020-8169 | ||
| CVE-2020-8177 | ||
| curl |
CVE-2020-8231 | |
| CVE-2020-8285 | ||
| CVE-2020-8286 | ||
| Cyrus SASL | CVE-2019-19906 | |
| Data Mapper for Jackson | CVE-2019-10172 | |
| D-Bus | CVE-2019-12749 | |
| giflib -- A library for processing GIFs | CVE-2020-23922 | |
| Git | CVE-2021-21300 | |
| GLib | CVE-2018-16429 | |
| CVE-2019-12450 | ||
| CVE-2019-13012 | ||
| CVE-2019-14822 | ||
| CVE-2021-27218 | ||
| CVE-2021-27219 | ||
| GNU Binutils | CVE-2021-20294 | |
| GNU C Library | CVE-2009-5155 | |
| CVE-2015-8982 | ||
| CVE-2016-1234 | ||
| CVE-2019-9169 | ||
| CVE-2020-1751 | ||
| CVE-2020-1752 | ||
| GNU C Library | CVE-2020-29573 | |
| CVE-2020-6096 | ||
| CVE-2021-3326 | ||
| GNU cpio | CVE-2019-14866 | |
| GnuPG | CVE-2018-1000858 | |
| CVE-2019-13050 | ||
| GnuTLS | CVE-2020-24659 | |
| CVE-2021-20231 | ||
| CVE-2021-20232 | ||
| Grafana | CVE-2021-27962 | |
| CVE-2021-28148 | ||
| Jackson data formats: Binary | CVE-2020-28491 | |
| jackson-databind | CVE-2018-19360 | |
| CVE-2018-19361 | ||
| CVE-2018-19362 | ||
| CVE-2019-12086 | ||
| CVE-2019-14379 | ||
| CVE-2019-14439 | ||
| CVE-2019-14540 | ||
| CVE-2019-14892 | ||
| CVE-2019-14893 | ||
| CVE-2019-16335 | ||
| CVE-2019-16942 | ||
| CVE-2019-16943 | ||
| CVE-2019-17267 | ||
| CVE-2019-17531 | ||
| CVE-2019-20330 | ||
| CVE-2020-10672 | ||
| CVE-2020-10673 | ||
| CVE-2020-10968 | ||
| CVE-2020-10969 | ||
| CVE-2020-11111 | ||
| CVE-2020-11112 | ||
| CVE-2020-11113 | ||
| CVE-2020-11619 | ||
| CVE-2020-11620 | ||
| CVE-2020-14060 | ||
| CVE-2020-14061 | ||
| CVE-2020-14062 | ||
| CVE-2020-14195 | ||
| CVE-2020-24616 | ||
| CVE-2020-24750 | ||
| CVE-2020-25649 | ||
| CVE-2020-35490 | ||
| CVE-2020-35491 | ||
| CVE-2020-35728 | ||
| CVE-2020-36179 | ||
| CVE-2020-36180 | ||
| CVE-2020-36181 | ||
| CVE-2020-36182 | ||
| CVE-2020-36183 | ||
| CVE-2020-36184 | ||
| CVE-2020-36185 | ||
| CVE-2020-36186 | ||
| CVE-2020-36187 | ||
| CVE-2020-36188 | ||
| CVE-2020-36189 | ||
| CVE-2020-8840 | ||
| CVE-2020-9546 | ||
| CVE-2020-9547 | ||
| CVE-2020-9548 | ||
| CVE-2021-20190 | ||
| JBoss Remoting | CVE-2020-35510 | |
| Jetty: Java based HTTP/1.x, HTTP/2, Servlet, WebSocket Server | CVE-2017-7656 | |
| CVE-2017-7657 | ||
| CVE-2017-7658 | ||
| CVE-2017-9735 | ||
| CVE-2018-12538 | ||
| CVE-2018-12545 | ||
| CVE-2020-27216 | ||
| CVE-2021-28165 | ||
| json-bigint | CVE-2020-8237 | |
| krb5/krb5 | CVE-2020-28196 | |
| Kubernetes Client API | CVE-2020-8570 | |
| libarchive | CVE-2017-14502 | |
| libexpat |
CVE-2016-4472 | |
| CVE-2016-5300 | ||
| CVE-2017-9233 | ||
| CVE-2018-20843 | ||
| CVE-2019-15903 | ||
| libgcrypt | CVE-2021-33560 | |
| Open SSL | CVE-2021-3711 | |
| CVE-2021-3712 |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2021-36326 | Dell EMC Streaming Data Platform, versions before 1.3 contain an SSL Strip Vulnerability in the User Interface (UI). A remote unauthenticated attacker may potentially exploit this vulnerability, leading to a downgrade in the communications between the client and server into an unencrypted format. | 6.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
| CVE-2021-36327 | Dell EMC Streaming Data Platform versions before 1.3 contain a Server Side Request Forgery Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to perform port scanning of internal networks and make HTTP requests to an arbitrary domain of the attacker's choice. | 5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N |
| CVE-2021-36328 | Dell EMC Streaming Data Platform versions before 1.3 contain a SQL Injection Vulnerability. A remote malicious user may potentially exploit this vulnerability to execute SQL commands to perform unauthorized actions and retrieve sensitive information from the database. | 8.8 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| CVE-2021-36329 | Dell EMC Streaming Data Platform versions before 1.3 contain an Indirect Object Reference Vulnerability. A remote malicious user may potentially exploit this vulnerability to gain sensitive information. | 6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
| CVE-2021-36330 | Dell EMC Streaming Data Platform versions before 1.3 contain an Insufficient Session Expiration Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to reuse old session artifacts to impersonate a legitimate user. | 8.1 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Third-Party Component |
CVEs | More information |
| busybox | CVE-2018-1000500 | See NVD (http://nvd.nist.gov/) for individual scores for each CVE |
| CVE-2018-20679 | ||
| CVE-2019-5747 | ||
| CVE-2021-28831 | ||
| @grpc/grpc-js | CVE-2020-7768 | |
| ajv | CVE-2020-15366 | |
| Apache Commons Compress | CVE-2019-12402 | |
| Apache CXF | CVE-2021-22696 | |
| CVE-2021-30468 | ||
| Apache Log4j | CVE-2017-5645 | |
| CVE-2019-17571 | ||
| Apache Thrift | CVE-2019-0205 | |
| CVE-2019-0210 | ||
| CVE-2020-13949 | ||
| apk-tools | CVE-2021-30139 | |
| Bash | CVE-2019-18276 | |
| Bouncy Castle | CVE-2020-28052 | |
| Common Unix Printing System (CUPS) | CVE-2017-18190 | |
| curl | CVE-2016-8615 | |
| CVE-2016-8617 | ||
| CVE-2016-8618 | ||
| CVE-2016-8619 | ||
| CVE-2016-8621 | ||
| CVE-2016-8622 | ||
| CVE-2016-8623 | ||
| CVE-2016-8624 | ||
| CVE-2016-8625 | ||
| CVE-2016-9586 | ||
| CVE-2017-1000254 | ||
| CVE-2018-16839 | ||
| CVE-2018-16840 | ||
| CVE-2018-16842 | ||
| CVE-2018-16890 | ||
| CVE-2019-3823 | ||
| CVE-2019-5436 | ||
| CVE-2019-5481 | ||
| CVE-2019-5482 | ||
| CVE-2020-8169 | ||
| CVE-2020-8177 | ||
| curl |
CVE-2020-8231 | |
| CVE-2020-8285 | ||
| CVE-2020-8286 | ||
| Cyrus SASL | CVE-2019-19906 | |
| Data Mapper for Jackson | CVE-2019-10172 | |
| D-Bus | CVE-2019-12749 | |
| giflib -- A library for processing GIFs | CVE-2020-23922 | |
| Git | CVE-2021-21300 | |
| GLib | CVE-2018-16429 | |
| CVE-2019-12450 | ||
| CVE-2019-13012 | ||
| CVE-2019-14822 | ||
| CVE-2021-27218 | ||
| CVE-2021-27219 | ||
| GNU Binutils | CVE-2021-20294 | |
| GNU C Library | CVE-2009-5155 | |
| CVE-2015-8982 | ||
| CVE-2016-1234 | ||
| CVE-2019-9169 | ||
| CVE-2020-1751 | ||
| CVE-2020-1752 | ||
| GNU C Library | CVE-2020-29573 | |
| CVE-2020-6096 | ||
| CVE-2021-3326 | ||
| GNU cpio | CVE-2019-14866 | |
| GnuPG | CVE-2018-1000858 | |
| CVE-2019-13050 | ||
| GnuTLS | CVE-2020-24659 | |
| CVE-2021-20231 | ||
| CVE-2021-20232 | ||
| Grafana | CVE-2021-27962 | |
| CVE-2021-28148 | ||
| Jackson data formats: Binary | CVE-2020-28491 | |
| jackson-databind | CVE-2018-19360 | |
| CVE-2018-19361 | ||
| CVE-2018-19362 | ||
| CVE-2019-12086 | ||
| CVE-2019-14379 | ||
| CVE-2019-14439 | ||
| CVE-2019-14540 | ||
| CVE-2019-14892 | ||
| CVE-2019-14893 | ||
| CVE-2019-16335 | ||
| CVE-2019-16942 | ||
| CVE-2019-16943 | ||
| CVE-2019-17267 | ||
| CVE-2019-17531 | ||
| CVE-2019-20330 | ||
| CVE-2020-10672 | ||
| CVE-2020-10673 | ||
| CVE-2020-10968 | ||
| CVE-2020-10969 | ||
| CVE-2020-11111 | ||
| CVE-2020-11112 | ||
| CVE-2020-11113 | ||
| CVE-2020-11619 | ||
| CVE-2020-11620 | ||
| CVE-2020-14060 | ||
| CVE-2020-14061 | ||
| CVE-2020-14062 | ||
| CVE-2020-14195 | ||
| CVE-2020-24616 | ||
| CVE-2020-24750 | ||
| CVE-2020-25649 | ||
| CVE-2020-35490 | ||
| CVE-2020-35491 | ||
| CVE-2020-35728 | ||
| CVE-2020-36179 | ||
| CVE-2020-36180 | ||
| CVE-2020-36181 | ||
| CVE-2020-36182 | ||
| CVE-2020-36183 | ||
| CVE-2020-36184 | ||
| CVE-2020-36185 | ||
| CVE-2020-36186 | ||
| CVE-2020-36187 | ||
| CVE-2020-36188 | ||
| CVE-2020-36189 | ||
| CVE-2020-8840 | ||
| CVE-2020-9546 | ||
| CVE-2020-9547 | ||
| CVE-2020-9548 | ||
| CVE-2021-20190 | ||
| JBoss Remoting | CVE-2020-35510 | |
| Jetty: Java based HTTP/1.x, HTTP/2, Servlet, WebSocket Server | CVE-2017-7656 | |
| CVE-2017-7657 | ||
| CVE-2017-7658 | ||
| CVE-2017-9735 | ||
| CVE-2018-12538 | ||
| CVE-2018-12545 | ||
| CVE-2020-27216 | ||
| CVE-2021-28165 | ||
| json-bigint | CVE-2020-8237 | |
| krb5/krb5 | CVE-2020-28196 | |
| Kubernetes Client API | CVE-2020-8570 | |
| libarchive | CVE-2017-14502 | |
| libexpat |
CVE-2016-4472 | |
| CVE-2016-5300 | ||
| CVE-2017-9233 | ||
| CVE-2018-20843 | ||
| CVE-2019-15903 | ||
| libgcrypt | CVE-2021-33560 | |
| Open SSL | CVE-2021-3711 | |
| CVE-2021-3712 |
| Product | Affected Versions | Updated Version | Link to Update |
| Dell EMC Streaming Data Platform | 1.1.x and 1.2.x | 1.3 | Link to update |
| Product | Affected Versions | Updated Version | Link to Update |
| Dell EMC Streaming Data Platform | 1.1.x and 1.2.x | 1.3 | Link to update |
| Revision | Date | Description |
| 1.0 | 2021-11-19 | Initial Release |
Streaming Data Platform
Product Security Information
19 11月 2021
2
Dell Security Advisory