Impact
Medium
Gegevens
| Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
| CVE-2021-21589 |
Dell Unity, Unity XT, and UnityVSA versions before 5.1.0.0.5.394 do not exit on failed Initialization. A local authenticated Service user may potentially exploit this vulnerability to escalate privileges. |
5.7 |
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H |
| CVE-2021-21590 |
Dell Unity, Unity XT, and UnityVSA versions before 5.1.0.0.5.394 contain a plain-text password storage vulnerability. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user. |
6.4 |
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H |
| CVE-2021-21591 |
Dell Unity, Unity XT, and UnityVSA versions before 5.1.0.0.5.394 contain a plain-text password storage vulnerability. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user. |
6.4 |
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H |
| Third-party Component |
CVEs |
More Information |
| apache2 |
CVE-2019-9517 |
See NVD (http://nvd.nist.gov/) for individual scores for each CVE. |
| apache2-mod_jk |
CVE-2018-11759 |
| bind |
CVE-2020-8625 |
| CVE-2019-6465 |
| CVE-2018-5745 |
| CVE-2018-5743 |
| CVE-2018-5740 |
| Dell BSAFE™ Micro Edition Suite |
CVE-2020-1968 |
| cpio |
CVE-2019-14866 |
| cronie |
CVE-2019-9705 |
| CVE-2019-9704 |
| curl |
CVE-2020-8177 |
| dnsmasq |
CVE-2019-14834 |
| CVE-2017-15107 |
| docker |
CVE-2019-13139 |
| e2fsprogs |
CVE-2019-5188 |
| elfutils |
CVE-2019-7665 |
| CVE-2019-7150 |
| CVE-2018-18521 |
| CVE-2018-18520 |
| CVE-2018-18310 |
| CVE-2018-16403 |
| CVE-2018-16062 |
| CVE-2017-7613 |
| CVE-2017-7612 |
| CVE-2017-7611 |
| CVE-2017-7610 |
| CVE-2017-7608 |
| CVE-2017-7607 |
| expat |
CVE-2019-15903 |
| CVE-2018-20843 |
| gdb |
CVE-2019-1010180 |
| gnutls |
CVE-2018-16868 |
| gpg2 |
CVE-2019-13050 |
| ipmitool |
CVE-2020-5208 |
| Javascript library (Bootstrap) |
CVE-2019-8331 |
| Javascript library (jQuery) |
CVE-2019-11358 |
| CVE-2015-9251 |
| Javascript library (Sencha Ext) |
CVE-2018-8046 |
| krb5 |
CVE-2018-5730 |
| CVE-2018-5729 |
| libfreetype6 |
CVE-2020-15999 |
| libfuse2 |
CVE-2018-10906 |
| libmspack0 |
CVE-2018-18585 |
| CVE-2018-18584 |
| libproxy |
CVE-2020-26154 |
| CVE-2020-25219 |
| libqb |
CVE-2019-12779 |
| libseccomp |
CVE-2019-9893 |
| libtasn1 |
CVE-2018-1000654 |
| libX11 |
CVE-2020-14344 |
| CVE-2018-14600 |
| CVE-2018-14599 |
| CVE-2018-14598 |
| libxml2 |
CVE-2018-14567 |
| CVE-2018-14404 |
| CVE-2018-9251 |
| libxslt |
CVE-2019-11068 |
| Mesa |
CVE-2019-5068 |
| mozilla-nspr, mozilla-nss |
CVE-2019-17006 |
| CVE-2019-11745 |
| CVE-2018-18508 |
| ncurses |
CVE-2019-17595 |
| CVE-2019-17594 |
| openldap2 |
CVE-2020-25692 |
| CVE-2019-13565 |
| CVE-2019-13057 |
| CVE-2017-17740 |
| openssl |
CVE-2020-1971 |
| CVE-2020-1968 |
| perl |
CVE-2020-12723 |
| CVE-2020-10878 |
| CVE-2020-10543 |
| CVE-2018-18312 |
| perl-DBI |
CVE-2019-20919 |
| permissions |
CVE-2019-3690 |
| CVE-2019-3688 |
| postgresql10, libpq5 |
CVE-2020-1720 |
| python |
CVE-2020-26116 |
| CVE-2019-20907 |
| CVE-2008-3144 |
| CVE-2008-3143 |
| CVE-2008-3142 |
| screen |
CVE-2021-26937 |
| sudo |
CVE-2021-23239 |
| CVE-2019-18634 |
| systemd |
CVE-2019-20386 |
| CVE-2019-3842 |
| CVE-2018-15688 |
| tar |
CVE-2019-9923 |
| CVE-2018-20482 |
| tiff |
CVE-2019-7663 |
| CVE-2019-6128 |
| CVE-2018-19210 |
| CVE-2018-17000 |
| unzip |
CVE-2018-18384 |
| vim |
CVE-2019-20807 |
| wicked |
CVE-2020-7217 |
| CVE-2020-7216 |
| CVE-2019-18903 |
| CVE-2019-18902 |
| xerces-c |
CVE-2017-12627 |
| zmq |
CVE-2020-15166 |
| Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
| CVE-2021-21589 |
Dell Unity, Unity XT, and UnityVSA versions before 5.1.0.0.5.394 do not exit on failed Initialization. A local authenticated Service user may potentially exploit this vulnerability to escalate privileges. |
5.7 |
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H |
| CVE-2021-21590 |
Dell Unity, Unity XT, and UnityVSA versions before 5.1.0.0.5.394 contain a plain-text password storage vulnerability. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user. |
6.4 |
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H |
| CVE-2021-21591 |
Dell Unity, Unity XT, and UnityVSA versions before 5.1.0.0.5.394 contain a plain-text password storage vulnerability. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user. |
6.4 |
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H |
| Third-party Component |
CVEs |
More Information |
| apache2 |
CVE-2019-9517 |
See NVD (http://nvd.nist.gov/) for individual scores for each CVE. |
| apache2-mod_jk |
CVE-2018-11759 |
| bind |
CVE-2020-8625 |
| CVE-2019-6465 |
| CVE-2018-5745 |
| CVE-2018-5743 |
| CVE-2018-5740 |
| Dell BSAFE™ Micro Edition Suite |
CVE-2020-1968 |
| cpio |
CVE-2019-14866 |
| cronie |
CVE-2019-9705 |
| CVE-2019-9704 |
| curl |
CVE-2020-8177 |
| dnsmasq |
CVE-2019-14834 |
| CVE-2017-15107 |
| docker |
CVE-2019-13139 |
| e2fsprogs |
CVE-2019-5188 |
| elfutils |
CVE-2019-7665 |
| CVE-2019-7150 |
| CVE-2018-18521 |
| CVE-2018-18520 |
| CVE-2018-18310 |
| CVE-2018-16403 |
| CVE-2018-16062 |
| CVE-2017-7613 |
| CVE-2017-7612 |
| CVE-2017-7611 |
| CVE-2017-7610 |
| CVE-2017-7608 |
| CVE-2017-7607 |
| expat |
CVE-2019-15903 |
| CVE-2018-20843 |
| gdb |
CVE-2019-1010180 |
| gnutls |
CVE-2018-16868 |
| gpg2 |
CVE-2019-13050 |
| ipmitool |
CVE-2020-5208 |
| Javascript library (Bootstrap) |
CVE-2019-8331 |
| Javascript library (jQuery) |
CVE-2019-11358 |
| CVE-2015-9251 |
| Javascript library (Sencha Ext) |
CVE-2018-8046 |
| krb5 |
CVE-2018-5730 |
| CVE-2018-5729 |
| libfreetype6 |
CVE-2020-15999 |
| libfuse2 |
CVE-2018-10906 |
| libmspack0 |
CVE-2018-18585 |
| CVE-2018-18584 |
| libproxy |
CVE-2020-26154 |
| CVE-2020-25219 |
| libqb |
CVE-2019-12779 |
| libseccomp |
CVE-2019-9893 |
| libtasn1 |
CVE-2018-1000654 |
| libX11 |
CVE-2020-14344 |
| CVE-2018-14600 |
| CVE-2018-14599 |
| CVE-2018-14598 |
| libxml2 |
CVE-2018-14567 |
| CVE-2018-14404 |
| CVE-2018-9251 |
| libxslt |
CVE-2019-11068 |
| Mesa |
CVE-2019-5068 |
| mozilla-nspr, mozilla-nss |
CVE-2019-17006 |
| CVE-2019-11745 |
| CVE-2018-18508 |
| ncurses |
CVE-2019-17595 |
| CVE-2019-17594 |
| openldap2 |
CVE-2020-25692 |
| CVE-2019-13565 |
| CVE-2019-13057 |
| CVE-2017-17740 |
| openssl |
CVE-2020-1971 |
| CVE-2020-1968 |
| perl |
CVE-2020-12723 |
| CVE-2020-10878 |
| CVE-2020-10543 |
| CVE-2018-18312 |
| perl-DBI |
CVE-2019-20919 |
| permissions |
CVE-2019-3690 |
| CVE-2019-3688 |
| postgresql10, libpq5 |
CVE-2020-1720 |
| python |
CVE-2020-26116 |
| CVE-2019-20907 |
| CVE-2008-3144 |
| CVE-2008-3143 |
| CVE-2008-3142 |
| screen |
CVE-2021-26937 |
| sudo |
CVE-2021-23239 |
| CVE-2019-18634 |
| systemd |
CVE-2019-20386 |
| CVE-2019-3842 |
| CVE-2018-15688 |
| tar |
CVE-2019-9923 |
| CVE-2018-20482 |
| tiff |
CVE-2019-7663 |
| CVE-2019-6128 |
| CVE-2018-19210 |
| CVE-2018-17000 |
| unzip |
CVE-2018-18384 |
| vim |
CVE-2019-20807 |
| wicked |
CVE-2020-7217 |
| CVE-2020-7216 |
| CVE-2019-18903 |
| CVE-2019-18902 |
| xerces-c |
CVE-2017-12627 |
| zmq |
CVE-2020-15166 |
Dell Technologies raadt aan dat alle klanten rekening houden met zowel de basisscore van CVSS als alle relevante tijdelijke en omgevingsscores die gevolgen kunnen hebben voor de mogelijke ernst van de specifieke beveiligingsproblemen.
Getroffen producten en herstel
Revisiegeschiedenis
| Revision | Date | More Information |
| 1.0 | 2021-07-01 | Initial Release |
Verwante informatie
Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide