Details of VAR-202202-1671

ID

VAR-202202-1671

CVE

CVE-2021-43590

TITLE

Dell's Vrealize_operations for enterprise storage analytics Vulnerability in plaintext storage of important information in

Trust: 0.8

sources: JVNDB: JVNDB-2021-018688

DESCRIPTION

Dell EMC Enterprise Storage Analytics for vRealize Operations, versions 4.0.1 to 6.2.1, contain a Plain-text password storage vulnerability. A local high privileged malicious user may potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account

Trust: 1.71

sources: NVD: CVE-2021-43590 // JVNDB: JVNDB-2021-018688 // VULHUB: VHN-406228

AFFECTED PRODUCTS

vendor:	dell	model:	enterprise storage analytics	scope:	gte	version:	4.0.1	Trust: 1.0
vendor:	dell	model:	enterprise storage analytics	scope:	lte	version:	6.2.1	Trust: 1.0
vendor:	デル	model:	enterprise storage analytics	scope:	eq	version:	4.0.1 to 6.2.1	Trust: 0.8
vendor:	デル	model:	enterprise storage analytics	scope:	eq	version:	-	Trust: 0.8
vendor:	デル	model:	enterprise storage analytics	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-018688 // NVD: CVE-2021-43590

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-43590
value:	MEDIUM
Trust: 1.0
security_alert@emc.com:	CVE-2021-43590
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-43590
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202202-1598
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-406228
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2021-43590
severity:	LOW
baseScore:	3.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-406228
severity:	LOW
baseScore:	3.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-43590
baseSeverity:	MEDIUM
baseScore:	6.0
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	0.8
impactScore:	5.2
version:	3.1
Trust: 2.0
NVD:	CVE-2021-43590
baseSeverity:	MEDIUM
baseScore:	6.0
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-406228 // JVNDB: JVNDB-2021-018688 // CNNVD: CNNVD-202202-1598 // NVD: CVE-2021-43590 // NVD: CVE-2021-43590

PROBLEMTYPE DATA

problemtype:	CWE-312	Trust: 1.1
problemtype:	CWE-256	Trust: 1.0
problemtype:	Plaintext storage of important information (CWE-312) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-406228 // JVNDB: JVNDB-2021-018688 // NVD: CVE-2021-43590

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202202-1598

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202202-1598

PATCH

title:

Dell Emc Enterprise Storage Analytics For Vrealize Operations Security vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=184878

Trust: 0.6

sources: CNNVD: CNNVD-202202-1598

EXTERNAL IDS

db:	NVD	id:	CVE-2021-43590	Trust: 3.3
db:	JVNDB	id:	JVNDB-2021-018688	Trust: 0.8
db:	CS-HELP	id:	SB2022021805	Trust: 0.6
db:	CNNVD	id:	CNNVD-202202-1598	Trust: 0.6
db:	VULHUB	id:	VHN-406228	Trust: 0.1

sources: VULHUB: VHN-406228 // JVNDB: JVNDB-2021-018688 // CNNVD: CNNVD-202202-1598 // NVD: CVE-2021-43590

REFERENCES

url:	https://www.dell.com/support/kbdoc/en-us/000196329/dsa-2021	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2021-43590	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2021-43590/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022021805	Trust: 0.6

sources: VULHUB: VHN-406228 // JVNDB: JVNDB-2021-018688 // CNNVD: CNNVD-202202-1598 // NVD: CVE-2021-43590

SOURCES

db:	VULHUB	id:	VHN-406228
db:	JVNDB	id:	JVNDB-2021-018688
db:	CNNVD	id:	CNNVD-202202-1598
db:	NVD	id:	CVE-2021-43590

LAST UPDATE DATE

2024-11-23T22:57:47.656000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-406228	date:	2022-03-12T00:00:00
db:	JVNDB	id:	JVNDB-2021-018688	date:	2023-07-05T08:11:00
db:	CNNVD	id:	CNNVD-202202-1598	date:	2022-03-14T00:00:00
db:	NVD	id:	CVE-2021-43590	date:	2024-11-21T06:29:30.060

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-406228	date:	2022-03-04T00:00:00
db:	JVNDB	id:	JVNDB-2021-018688	date:	2023-07-05T00:00:00
db:	CNNVD	id:	CNNVD-202202-1598	date:	2022-02-18T00:00:00
db:	NVD	id:	CVE-2021-43590	date:	2022-03-04T21:15:09.450