Details of VAR-202108-0401

ID

VAR-202108-0401

CVE

CVE-2021-21564

TITLE

Dell OpenManage Enterprise Authentication vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2021-009517

DESCRIPTION

Dell OpenManage Enterprise versions prior to 3.6.1 contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to hijack an elevated session or perform unauthorized actions by sending malformed data. Dell OpenManage Enterprise Contains an authentication vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Trust: 1.8

sources: NVD: CVE-2021-21564 // JVNDB: JVNDB-2021-009517 // VULHUB: VHN-379968 // VULMON: CVE-2021-21564

AFFECTED PRODUCTS

vendor:	dell	model:	openmanage enterprise	scope:	lt	version:	3.6.1	Trust: 1.0
vendor:	デル	model:	dell openmanage enterprise	scope:	eq	version:	-	Trust: 0.8
vendor:	デル	model:	dell openmanage enterprise	scope:	eq	version:	3.6.1	Trust: 0.8

sources: JVNDB: JVNDB-2021-009517 // NVD: CVE-2021-21564

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-21564
value:	CRITICAL
Trust: 1.0
security_alert@emc.com:	CVE-2021-21564
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2021-21564
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202107-1500
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-379968
value:	HIGH
Trust: 0.1
VULMON:	CVE-2021-21564
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-21564
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-379968
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-21564
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2021-009517
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-379968 // VULMON: CVE-2021-21564 // JVNDB: JVNDB-2021-009517 // CNNVD: CNNVD-202107-1500 // NVD: CVE-2021-21564 // NVD: CVE-2021-21564

PROBLEMTYPE DATA

problemtype:	CWE-287	Trust: 1.1
problemtype:	CWE-200	Trust: 1.0
problemtype:	Improper authentication (CWE-287) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-379968 // JVNDB: JVNDB-2021-009517 // NVD: CVE-2021-21564

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202107-1500

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202107-1500

PATCH

title:	DSA-2021-113	url:	https://www.dell.com/support/kbdoc/000189673	Trust: 0.8
title:	Dell OpenManage Enterprise Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=159154	Trust: 0.6

sources: JVNDB: JVNDB-2021-009517 // CNNVD: CNNVD-202107-1500

EXTERNAL IDS

db:	NVD	id:	CVE-2021-21564	Trust: 3.4
db:	JVNDB	id:	JVNDB-2021-009517	Trust: 0.8
db:	CNNVD	id:	CNNVD-202107-1500	Trust: 0.6
db:	VULHUB	id:	VHN-379968	Trust: 0.1
db:	VULMON	id:	CVE-2021-21564	Trust: 0.1

sources: VULHUB: VHN-379968 // VULMON: CVE-2021-21564 // JVNDB: JVNDB-2021-009517 // CNNVD: CNNVD-202107-1500 // NVD: CVE-2021-21564

REFERENCES

url:	https://www.dell.com/support/kbdoc/000189673	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-21564	Trust: 0.8
url:	https://vigilance.fr/vulnerability/dell-openmanage-enterprise-four-vulnerabilities-35926	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/287.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-379968 // VULMON: CVE-2021-21564 // JVNDB: JVNDB-2021-009517 // CNNVD: CNNVD-202107-1500 // NVD: CVE-2021-21564

SOURCES

db:	VULHUB	id:	VHN-379968
db:	VULMON	id:	CVE-2021-21564
db:	JVNDB	id:	JVNDB-2021-009517
db:	CNNVD	id:	CNNVD-202107-1500
db:	NVD	id:	CVE-2021-21564

LAST UPDATE DATE

2024-08-14T15:06:46.389000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-379968	date:	2022-10-25T00:00:00
db:	VULMON	id:	CVE-2021-21564	date:	2021-08-13T00:00:00
db:	JVNDB	id:	JVNDB-2021-009517	date:	2022-05-02T09:16:00
db:	CNNVD	id:	CNNVD-202107-1500	date:	2021-08-16T00:00:00
db:	NVD	id:	CVE-2021-21564	date:	2022-10-25T16:03:45.067

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-379968	date:	2021-08-09T00:00:00
db:	VULMON	id:	CVE-2021-21564	date:	2021-08-09T00:00:00
db:	JVNDB	id:	JVNDB-2021-009517	date:	2022-05-02T00:00:00
db:	CNNVD	id:	CNNVD-202107-1500	date:	2021-07-20T00:00:00
db:	NVD	id:	CVE-2021-21564	date:	2021-08-09T21:15:07.713