メイン コンテンツに進む
  • すばやく簡単にご注文が可能
  • 注文内容の表示、配送状況をトラック
  • 会員限定の特典や割引のご利用
  • 製品リストの作成とアクセスが可能
  • 「Company Administration(会社情報の管理)」では、お使いのDell EMCのサイトや製品、製品レベルでのコンタクト先に関する情報を管理できます。

文書番号: 000193697


DSA-2021-205: Dell EMC Streaming Data Platform Security Update for Multiple Vulnerabilities

概要: Dell EMC Streaming Data Platform contains remediation for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

文書の内容


影響

High

詳細

 
Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2021-36326 Dell EMC Streaming Data Platform, versions before 1.3 contain an SSL Strip Vulnerability in the User Interface (UI). A remote unauthenticated attacker may potentially exploit this vulnerability, leading to a downgrade in the communications between the client and server into an unencrypted format. 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2021-36327 Dell EMC Streaming Data Platform versions before 1.3 contain a Server Side Request Forgery Vulnerability.  A remote unauthenticated attacker may potentially exploit this vulnerability to perform port scanning of internal networks and make HTTP requests to an arbitrary domain of the attacker's choice.   5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
CVE-2021-36328 Dell EMC Streaming Data Platform versions before 1.3 contain a SQL Injection Vulnerability. A remote malicious user may potentially exploit this vulnerability to execute SQL commands to perform unauthorized actions and retrieve sensitive information from the database. 8.8 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-36329 Dell EMC Streaming Data Platform versions before 1.3 contain an Indirect Object Reference Vulnerability. A remote malicious user may potentially exploit this vulnerability to gain sensitive information. 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2021-36330 Dell EMC Streaming Data Platform versions before 1.3 contain an Insufficient Session Expiration Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to reuse old session artifacts to impersonate a legitimate user. 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
 
Third-Party Component
 
CVEs More information
busybox CVE-2018-1000500 See NVD (http://nvd.nist.gov/) for individual scores for each CVE
CVE-2018-20679
CVE-2019-5747
CVE-2021-28831
@grpc/grpc-js CVE-2020-7768
ajv CVE-2020-15366
Apache Commons Compress CVE-2019-12402
Apache CXF CVE-2021-22696
CVE-2021-30468
Apache Log4j CVE-2017-5645
CVE-2019-17571
Apache Thrift CVE-2019-0205
CVE-2019-0210
CVE-2020-13949
apk-tools CVE-2021-30139
Bash CVE-2019-18276
Bouncy Castle CVE-2020-28052
Common Unix Printing System (CUPS) CVE-2017-18190
curl CVE-2016-8615
CVE-2016-8617
CVE-2016-8618
CVE-2016-8619
CVE-2016-8621
CVE-2016-8622
CVE-2016-8623
CVE-2016-8624
CVE-2016-8625
CVE-2016-9586
CVE-2017-1000254
CVE-2018-16839
CVE-2018-16840
CVE-2018-16842
CVE-2018-16890
CVE-2019-3823
CVE-2019-5436
CVE-2019-5481
CVE-2019-5482
CVE-2020-8169
CVE-2020-8177
curl
 
CVE-2020-8231
CVE-2020-8285
CVE-2020-8286
Cyrus SASL CVE-2019-19906
Data Mapper for Jackson CVE-2019-10172
D-Bus CVE-2019-12749
giflib -- A library for processing GIFs CVE-2020-23922
Git CVE-2021-21300
GLib CVE-2018-16429
CVE-2019-12450
CVE-2019-13012
CVE-2019-14822
CVE-2021-27218
CVE-2021-27219
GNU Binutils CVE-2021-20294
GNU C Library CVE-2009-5155
CVE-2015-8982
CVE-2016-1234
CVE-2019-9169
CVE-2020-1751
CVE-2020-1752
GNU C Library CVE-2020-29573
CVE-2020-6096
CVE-2021-3326
GNU cpio CVE-2019-14866
GnuPG CVE-2018-1000858
CVE-2019-13050
GnuTLS CVE-2020-24659
CVE-2021-20231
CVE-2021-20232
Grafana CVE-2021-27962
CVE-2021-28148
Jackson data formats: Binary CVE-2020-28491
jackson-databind CVE-2018-19360
CVE-2018-19361
CVE-2018-19362
CVE-2019-12086
CVE-2019-14379
CVE-2019-14439
CVE-2019-14540
CVE-2019-14892
CVE-2019-14893
  CVE-2019-16335
CVE-2019-16942
CVE-2019-16943
CVE-2019-17267
CVE-2019-17531
CVE-2019-20330
CVE-2020-10672
CVE-2020-10673
CVE-2020-10968
CVE-2020-10969
CVE-2020-11111
CVE-2020-11112
CVE-2020-11113
CVE-2020-11619
CVE-2020-11620
CVE-2020-14060
CVE-2020-14061
CVE-2020-14062
CVE-2020-14195
CVE-2020-24616
CVE-2020-24750
  CVE-2020-25649
CVE-2020-35490
CVE-2020-35491
CVE-2020-35728
CVE-2020-36179
CVE-2020-36180
CVE-2020-36181
CVE-2020-36182
CVE-2020-36183
CVE-2020-36184
CVE-2020-36185
CVE-2020-36186
CVE-2020-36187
CVE-2020-36188
CVE-2020-36189
CVE-2020-8840
CVE-2020-9546
CVE-2020-9547
CVE-2020-9548
CVE-2021-20190
JBoss Remoting CVE-2020-35510
Jetty: Java based HTTP/1.x, HTTP/2, Servlet, WebSocket Server CVE-2017-7656
CVE-2017-7657
CVE-2017-7658
CVE-2017-9735
CVE-2018-12538
CVE-2018-12545
CVE-2020-27216
CVE-2021-28165
json-bigint CVE-2020-8237
krb5/krb5 CVE-2020-28196
Kubernetes Client API CVE-2020-8570
libarchive CVE-2017-14502
libexpat
 
CVE-2016-4472
CVE-2016-5300
CVE-2017-9233
CVE-2018-20843
CVE-2019-15903
libgcrypt CVE-2021-33560
Open SSL CVE-2021-3711
CVE-2021-3712
 
Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2021-36326 Dell EMC Streaming Data Platform, versions before 1.3 contain an SSL Strip Vulnerability in the User Interface (UI). A remote unauthenticated attacker may potentially exploit this vulnerability, leading to a downgrade in the communications between the client and server into an unencrypted format. 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2021-36327 Dell EMC Streaming Data Platform versions before 1.3 contain a Server Side Request Forgery Vulnerability.  A remote unauthenticated attacker may potentially exploit this vulnerability to perform port scanning of internal networks and make HTTP requests to an arbitrary domain of the attacker's choice.   5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
CVE-2021-36328 Dell EMC Streaming Data Platform versions before 1.3 contain a SQL Injection Vulnerability. A remote malicious user may potentially exploit this vulnerability to execute SQL commands to perform unauthorized actions and retrieve sensitive information from the database. 8.8 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-36329 Dell EMC Streaming Data Platform versions before 1.3 contain an Indirect Object Reference Vulnerability. A remote malicious user may potentially exploit this vulnerability to gain sensitive information. 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2021-36330 Dell EMC Streaming Data Platform versions before 1.3 contain an Insufficient Session Expiration Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to reuse old session artifacts to impersonate a legitimate user. 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
 
Third-Party Component
 
CVEs More information
busybox CVE-2018-1000500 See NVD (http://nvd.nist.gov/) for individual scores for each CVE
CVE-2018-20679
CVE-2019-5747
CVE-2021-28831
@grpc/grpc-js CVE-2020-7768
ajv CVE-2020-15366
Apache Commons Compress CVE-2019-12402
Apache CXF CVE-2021-22696
CVE-2021-30468
Apache Log4j CVE-2017-5645
CVE-2019-17571
Apache Thrift CVE-2019-0205
CVE-2019-0210
CVE-2020-13949
apk-tools CVE-2021-30139
Bash CVE-2019-18276
Bouncy Castle CVE-2020-28052
Common Unix Printing System (CUPS) CVE-2017-18190
curl CVE-2016-8615
CVE-2016-8617
CVE-2016-8618
CVE-2016-8619
CVE-2016-8621
CVE-2016-8622
CVE-2016-8623
CVE-2016-8624
CVE-2016-8625
CVE-2016-9586
CVE-2017-1000254
CVE-2018-16839
CVE-2018-16840
CVE-2018-16842
CVE-2018-16890
CVE-2019-3823
CVE-2019-5436
CVE-2019-5481
CVE-2019-5482
CVE-2020-8169
CVE-2020-8177
curl
 
CVE-2020-8231
CVE-2020-8285
CVE-2020-8286
Cyrus SASL CVE-2019-19906
Data Mapper for Jackson CVE-2019-10172
D-Bus CVE-2019-12749
giflib -- A library for processing GIFs CVE-2020-23922
Git CVE-2021-21300
GLib CVE-2018-16429
CVE-2019-12450
CVE-2019-13012
CVE-2019-14822
CVE-2021-27218
CVE-2021-27219
GNU Binutils CVE-2021-20294
GNU C Library CVE-2009-5155
CVE-2015-8982
CVE-2016-1234
CVE-2019-9169
CVE-2020-1751
CVE-2020-1752
GNU C Library CVE-2020-29573
CVE-2020-6096
CVE-2021-3326
GNU cpio CVE-2019-14866
GnuPG CVE-2018-1000858
CVE-2019-13050
GnuTLS CVE-2020-24659
CVE-2021-20231
CVE-2021-20232
Grafana CVE-2021-27962
CVE-2021-28148
Jackson data formats: Binary CVE-2020-28491
jackson-databind CVE-2018-19360
CVE-2018-19361
CVE-2018-19362
CVE-2019-12086
CVE-2019-14379
CVE-2019-14439
CVE-2019-14540
CVE-2019-14892
CVE-2019-14893
  CVE-2019-16335
CVE-2019-16942
CVE-2019-16943
CVE-2019-17267
CVE-2019-17531
CVE-2019-20330
CVE-2020-10672
CVE-2020-10673
CVE-2020-10968
CVE-2020-10969
CVE-2020-11111
CVE-2020-11112
CVE-2020-11113
CVE-2020-11619
CVE-2020-11620
CVE-2020-14060
CVE-2020-14061
CVE-2020-14062
CVE-2020-14195
CVE-2020-24616
CVE-2020-24750
  CVE-2020-25649
CVE-2020-35490
CVE-2020-35491
CVE-2020-35728
CVE-2020-36179
CVE-2020-36180
CVE-2020-36181
CVE-2020-36182
CVE-2020-36183
CVE-2020-36184
CVE-2020-36185
CVE-2020-36186
CVE-2020-36187
CVE-2020-36188
CVE-2020-36189
CVE-2020-8840
CVE-2020-9546
CVE-2020-9547
CVE-2020-9548
CVE-2021-20190
JBoss Remoting CVE-2020-35510
Jetty: Java based HTTP/1.x, HTTP/2, Servlet, WebSocket Server CVE-2017-7656
CVE-2017-7657
CVE-2017-7658
CVE-2017-9735
CVE-2018-12538
CVE-2018-12545
CVE-2020-27216
CVE-2021-28165
json-bigint CVE-2020-8237
krb5/krb5 CVE-2020-28196
Kubernetes Client API CVE-2020-8570
libarchive CVE-2017-14502
libexpat
 
CVE-2016-4472
CVE-2016-5300
CVE-2017-9233
CVE-2018-20843
CVE-2019-15903
libgcrypt CVE-2021-33560
Open SSL CVE-2021-3711
CVE-2021-3712
デル・テクノロジーズでは、すべてのお客様に対して、CVSSベース スコアに加えて、特定のセキュリティの脆弱性に付随する潜在的な重要度に影響する可能性のある現状スコアや環境スコアも考慮することをお勧めしています。

影響を受ける製品と修復

Product Affected Versions Updated Version Link to Update
Dell EMC Streaming Data Platform 1.1.x and 1.2.x 1.3 Link to update
 
Product Affected Versions Updated Version Link to Update
Dell EMC Streaming Data Platform 1.1.x and 1.2.x 1.3 Link to update
 

変更履歴

RevisionDateDescription
1.02021-11-19Initial Release

関連情報


文書のプロパティ


影響を受ける製品

Streaming Data Platform

製品

Product Security Information

最後に公開された日付

19 11月 2021

バージョン

2

文書の種類

Dell Security Advisory