Details of VAR-202111-1454

ID

VAR-202111-1454

CVE

CVE-2021-36332

TITLE

Dell EMC CloudLink Open redirect vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-015443

DESCRIPTION

Dell EMC CloudLink 7.1 and all prior versions contain a HTML and Javascript Injection Vulnerability. A remote low privileged attacker, may potentially exploit this vulnerability, directing end user to arbitrary and potentially malicious websites. Dell EMC CloudLink Exists in an open redirect vulnerability.Information may be obtained and information may be tampered with

Trust: 1.71

sources: NVD: CVE-2021-36332 // JVNDB: JVNDB-2021-015443 // VULHUB: VHN-398216

AFFECTED PRODUCTS

vendor:	dell	model:	emc cloud link	scope:	lt	version:	7.1.1	Trust: 1.0
vendor:	デル	model:	cloudlink	scope:	-	version:	-	Trust: 0.8
vendor:	デル	model:	cloudlink	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-015443 // NVD: CVE-2021-36332

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-36332
value:	MEDIUM
Trust: 1.0
security_alert@emc.com:	CVE-2021-36332
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-36332
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202111-1990
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-398216
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-36332
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:N/AC:M/AU:S/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-398216
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:N/AC:M/AU:S/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-36332
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.3
impactScore:	2.7
version:	3.1
Trust: 1.0
security_alert@emc.com:	CVE-2021-36332
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.5
version:	3.1
Trust: 1.0
NVD:	CVE-2021-36332
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-398216 // JVNDB: JVNDB-2021-015443 // CNNVD: CNNVD-202111-1990 // NVD: CVE-2021-36332 // NVD: CVE-2021-36332

PROBLEMTYPE DATA

problemtype:	CWE-601	Trust: 1.1
problemtype:	Open redirect (CWE-601) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-398216 // JVNDB: JVNDB-2021-015443 // NVD: CVE-2021-36332

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202111-1990

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202111-1990

PATCH

title:	DSA-2021-194	url:	https://www.dell.com/support/kbdoc/ja-jp/000193031/https-dellservices-lightning-force-com-one-one-app	Trust: 0.8
title:	Dell EMC CloudLink Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=171954	Trust: 0.6

sources: JVNDB: JVNDB-2021-015443 // CNNVD: CNNVD-202111-1990

EXTERNAL IDS

db:	NVD	id:	CVE-2021-36332	Trust: 3.3
db:	JVNDB	id:	JVNDB-2021-015443	Trust: 0.8
db:	CNNVD	id:	CNNVD-202111-1990	Trust: 0.6
db:	VULHUB	id:	VHN-398216	Trust: 0.1

sources: VULHUB: VHN-398216 // JVNDB: JVNDB-2021-015443 // CNNVD: CNNVD-202111-1990 // NVD: CVE-2021-36332

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2021-36332	Trust: 1.4
url:	https://www.dell.com/support/kbdoc/en-us/000193031/https-dellservices-lightning-force-com-one-one-app	Trust: 1.1
url:	https-dellservices-lightning-force-com-one-one-app	Trust: 0.6
url:	https://www.dell.com/support/kbdoc/en-us/000193031/	Trust: 0.6

sources: VULHUB: VHN-398216 // JVNDB: JVNDB-2021-015443 // CNNVD: CNNVD-202111-1990 // NVD: CVE-2021-36332

SOURCES

db:	VULHUB	id:	VHN-398216
db:	JVNDB	id:	JVNDB-2021-015443
db:	CNNVD	id:	CNNVD-202111-1990
db:	NVD	id:	CVE-2021-36332

LAST UPDATE DATE

2024-08-14T15:37:50.970000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-398216	date:	2021-11-27T00:00:00
db:	JVNDB	id:	JVNDB-2021-015443	date:	2022-11-21T06:48:00
db:	CNNVD	id:	CNNVD-202111-1990	date:	2021-11-29T00:00:00
db:	NVD	id:	CVE-2021-36332	date:	2021-11-27T03:54:59.330

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-398216	date:	2021-11-23T00:00:00
db:	JVNDB	id:	JVNDB-2021-015443	date:	2022-11-21T00:00:00
db:	CNNVD	id:	CNNVD-202111-1990	date:	2021-11-23T00:00:00
db:	NVD	id:	CVE-2021-36332	date:	2021-11-23T20:15:11.230