Details of VAR-202104-0674

ID

VAR-202104-0674

CVE

CVE-2021-21533

TITLE

Wyse Management Suite Input confirmation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-005190

DESCRIPTION

Wyse Management Suite versions up to 3.2 contains a vulnerability wherein a malicious authenticated user can cause a denial of service in the job status retrieval page, also affecting other users that would have normally access to the same subset of job details. Wyse Management Suite Is vulnerable to input validation.Denial of service (DoS) It may be put into a state

Trust: 1.8

sources: NVD: CVE-2021-21533 // JVNDB: JVNDB-2021-005190 // VULHUB: VHN-379937 // VULMON: CVE-2021-21533

AFFECTED PRODUCTS

vendor:	dell	model:	wyse management suite	scope:	lt	version:	3.2	Trust: 1.0
vendor:	デル	model:	dell wyse management suite	scope:	lte	version:	3.2 until	Trust: 0.8
vendor:	デル	model:	dell wyse management suite	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-005190 // NVD: CVE-2021-21533

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-21533
value:	MEDIUM
Trust: 1.0
security_alert@emc.com:	CVE-2021-21533
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-21533
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202104-072
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-379937
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-21533
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-21533
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-379937
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-21533
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2021-005190
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-379937 // VULMON: CVE-2021-21533 // JVNDB: JVNDB-2021-005190 // CNNVD: CNNVD-202104-072 // NVD: CVE-2021-21533 // NVD: CVE-2021-21533

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.1
problemtype:	Incorrect input confirmation (CWE-20) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-379937 // JVNDB: JVNDB-2021-005190 // NVD: CVE-2021-21533

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202104-072

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202104-072

PATCH

title:	DSA-2021-070	url:	https://www.dell.com/support/kbdoc/ja-jp/000184666/dsa-2021-070-dell-wyse-management-suite-security-update-for-multiple-vulnerabilities	Trust: 0.8
title:	Wyse Management Suite Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=146619	Trust: 0.6

sources: JVNDB: JVNDB-2021-005190 // CNNVD: CNNVD-202104-072

EXTERNAL IDS

db:	NVD	id:	CVE-2021-21533	Trust: 3.4
db:	JVNDB	id:	JVNDB-2021-005190	Trust: 0.8
db:	CNNVD	id:	CNNVD-202104-072	Trust: 0.6
db:	VULHUB	id:	VHN-379937	Trust: 0.1
db:	VULMON	id:	CVE-2021-21533	Trust: 0.1

sources: VULHUB: VHN-379937 // VULMON: CVE-2021-21533 // JVNDB: JVNDB-2021-005190 // CNNVD: CNNVD-202104-072 // NVD: CVE-2021-21533

REFERENCES

url:	https://www.dell.com/support/kbdoc/en-us/000184666/dsa-2021-070-dell-wyse-management-suite-security-update-for-multiple-vulnerabilities	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-21533	Trust: 1.4
url:	https://cwe.mitre.org/data/definitions/20.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/199351	Trust: 0.1

sources: VULHUB: VHN-379937 // VULMON: CVE-2021-21533 // JVNDB: JVNDB-2021-005190 // CNNVD: CNNVD-202104-072 // NVD: CVE-2021-21533

SOURCES

db:	VULHUB	id:	VHN-379937
db:	VULMON	id:	CVE-2021-21533
db:	JVNDB	id:	JVNDB-2021-005190
db:	CNNVD	id:	CNNVD-202104-072
db:	NVD	id:	CVE-2021-21533

LAST UPDATE DATE

2024-11-23T22:37:02.557000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-379937	date:	2021-04-08T00:00:00
db:	VULMON	id:	CVE-2021-21533	date:	2021-04-08T00:00:00
db:	JVNDB	id:	JVNDB-2021-005190	date:	2021-12-09T06:17:00
db:	CNNVD	id:	CNNVD-202104-072	date:	2021-04-09T00:00:00
db:	NVD	id:	CVE-2021-21533	date:	2024-11-21T05:48:32.403

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-379937	date:	2021-04-02T00:00:00
db:	VULMON	id:	CVE-2021-21533	date:	2021-04-02T00:00:00
db:	JVNDB	id:	JVNDB-2021-005190	date:	2021-12-09T00:00:00
db:	CNNVD	id:	CNNVD-202104-072	date:	2021-04-02T00:00:00
db:	NVD	id:	CVE-2021-21533	date:	2021-04-02T22:15:13.507