Ga naar hoofdinhoud
  • Snel en eenvoudig bestellen
  • Bestellingen en de verzendstatus bekijken
  • Een lijst met producten maken en openen

DSA-2021-113: Dell OpenManage Enterprise and Dell OpenManage Enterprise-Modular Security Update for Multiple Vulnerabilities

Samenvatting: Dell OpenManage Enterprise and Dell OpenManage Enterprise-Modular remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system. ...

Dit artikel is van toepassing op Dit artikel is niet van toepassing op Dit artikel is niet gebonden aan een specifiek product. Niet alle productversies worden in dit artikel vermeld.

Impact

Critical

Gegevens

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2021-21564 Dell OpenManage Enterprise versions prior to 3.6.1 contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to hijack an elevated session or perform unauthorized actions by sending malformed data. 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-21584 Dell OpenManage Enterprise version 3.5 and OpenManage Enterprise-Modular version 1.30.00 contain an information disclosure vulnerability. An authenticated low privileged attacker may potentially exploit this vulnerability leading to disclosure of the OIDC server credentials. 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
CVE-2021-21585 Dell OpenManage Enterprise versions prior to 3.6.1 contain an OS command injection vulnerability in RACADM and IPMI tools. A remote authenticated malicious user with high privileges may potentially exploit this vulnerability to execute arbitrary OS commands. 9.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2021-21596 Dell OpenManage Enterprise versions 3.4 through 3.6.1 and Dell OpenManage Enterprise Modular versions 1.20.00 through 1.30.00, contain a remote code execution vulnerability. A malicious attacker with access to the immediate subnet may potentially exploit this vulnerability leading to information disclosure and a possible elevation of privileges. 9.6 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2021-21564 Dell OpenManage Enterprise versions prior to 3.6.1 contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to hijack an elevated session or perform unauthorized actions by sending malformed data. 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-21584 Dell OpenManage Enterprise version 3.5 and OpenManage Enterprise-Modular version 1.30.00 contain an information disclosure vulnerability. An authenticated low privileged attacker may potentially exploit this vulnerability leading to disclosure of the OIDC server credentials. 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
CVE-2021-21585 Dell OpenManage Enterprise versions prior to 3.6.1 contain an OS command injection vulnerability in RACADM and IPMI tools. A remote authenticated malicious user with high privileges may potentially exploit this vulnerability to execute arbitrary OS commands. 9.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2021-21596 Dell OpenManage Enterprise versions 3.4 through 3.6.1 and Dell OpenManage Enterprise Modular versions 1.20.00 through 1.30.00, contain a remote code execution vulnerability. A malicious attacker with access to the immediate subnet may potentially exploit this vulnerability leading to information disclosure and a possible elevation of privileges. 9.6 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Dell Technologies raadt aan dat alle klanten rekening houden met zowel de basisscore van CVSS als alle relevante tijdelijke en omgevingsscores die gevolgen kunnen hebben voor de mogelijke ernst van de specifieke beveiligingsproblemen.

Getroffen producten en herstel

CVEs Addressed Product Affected Versions Updated Versions Link to Update
CVE-2021-21564 Dell OpenManage Enterprise Versions prior to 3.6.1 3.6.1 KB article 175879 :Support for Dell EMC OpenManage Enterprise
CVE-2021-21584 Dell OpenManage Enterprise Version 3.5 only 3.6.1 KB article 175879: Support for Dell EMC OpenManage Enterprise
Dell OpenManage Enterprise-Modular Version 1.30.00 1.30.10 OpenManage Enterprise Modular v1.30.10 | Driver Details | Dell US
CVE-2021-21585 Dell OpenManage Enterprise Versions prior to 3.6.1 3.6.1 KB article 175879: Support for Dell EMC OpenManage Enterprise
CVE-2021-21596 Dell OpenManage Enterprise Versions 3.4 through 3.6.1 3.6.2 https://dl.dell.com/openmanage_enterprise/3.6.2/
Dell OpenManage Enterprise-Modular Versions 1.20.00 through 1.30.00 1.30.10 OpenManage Enterprise Modular v1.30.10 | Driver Details | Dell US

Note: The table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available. Dell Technologies recommends updating to the latest versions at the earliest opportunity.
CVEs Addressed Product Affected Versions Updated Versions Link to Update
CVE-2021-21564 Dell OpenManage Enterprise Versions prior to 3.6.1 3.6.1 KB article 175879 :Support for Dell EMC OpenManage Enterprise
CVE-2021-21584 Dell OpenManage Enterprise Version 3.5 only 3.6.1 KB article 175879: Support for Dell EMC OpenManage Enterprise
Dell OpenManage Enterprise-Modular Version 1.30.00 1.30.10 OpenManage Enterprise Modular v1.30.10 | Driver Details | Dell US
CVE-2021-21585 Dell OpenManage Enterprise Versions prior to 3.6.1 3.6.1 KB article 175879: Support for Dell EMC OpenManage Enterprise
CVE-2021-21596 Dell OpenManage Enterprise Versions 3.4 through 3.6.1 3.6.2 https://dl.dell.com/openmanage_enterprise/3.6.2/
Dell OpenManage Enterprise-Modular Versions 1.20.00 through 1.30.00 1.30.10 OpenManage Enterprise Modular v1.30.10 | Driver Details | Dell US

Note: The table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available. Dell Technologies recommends updating to the latest versions at the earliest opportunity.

Revisiegeschiedenis

RevisionDateDescription
1.02021-07-19Initial release

Bevestigingen

CVE-2021-21596: Dell Technologies would like to thank Pierre Kim and Alexandre Torres for reporting this issue.

Verwante informatie

Getroffen producten

Dell EMC OpenManage Enterprise, Dell OpenManage Enterprise-Modular, Product Security Information
Artikeleigenschappen
Artikelnummer: 000189673
Artikeltype: Dell Security Advisory
Laatst aangepast: 19 jul. 2021
Vind antwoorden op uw vragen via andere Dell gebruikers
Support Services
Controleer of uw apparaat wordt gedekt door Support Services.