From d44ffdad16b121be3dd67f984620e00da79277a4 Mon Sep 17 00:00:00 2001 From: DellEMCProductSecurity Date: Tue, 2 Mar 2021 10:54:08 -0500 Subject: [PATCH] Added 2 CVEs --- 2021/21xxx/CVE-2021-21513.json | 71 +++++++++++++++++++++++++++++----- 2021/21xxx/CVE-2021-21514.json | 71 +++++++++++++++++++++++++++++----- 2 files changed, 124 insertions(+), 18 deletions(-) diff --git a/2021/21xxx/CVE-2021-21513.json b/2021/21xxx/CVE-2021-21513.json index 60163c645b2..4bc5b416d47 100644 --- a/2021/21xxx/CVE-2021-21513.json +++ b/2021/21xxx/CVE-2021-21513.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-21513", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, + "ASSIGNER": "secure@dell.com", + "DATE_PUBLIC": "2021-03-01", + "ID": "CVE-2021-21513", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Dell Open Manage Server Administrator", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "9.5" + } + ] + } + } + ] + }, + "vendor_name": "Dell" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang": "eng", + "value": "Dell EMC OpenManage Server Administrator (OMSA) version 9.5 Microsoft Windows installations with Distributed Web Server (DWS) enabled configuration contains an authentication bypass vulnerability. \r\n\r\nA remote unauthenticated attacker could potentially exploit this vulnerability to gain admin access on the affected system." + } + ] + }, + "impact": { + "cvss": { + "baseScore": 8.6, + "baseSeverity": "High", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287: Improper Authentication" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://www.dell.com/support/kbdoc/en-us/000183670/dsa-2021-040-dell-emc-openmanage-server-administrator-omsa-security-update-for-multiple-vulnerabilities" } ] } diff --git a/2021/21xxx/CVE-2021-21514.json b/2021/21xxx/CVE-2021-21514.json index da23ac21dea..6d88fe20f54 100644 --- a/2021/21xxx/CVE-2021-21514.json +++ b/2021/21xxx/CVE-2021-21514.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-21514", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, + "ASSIGNER": "secure@dell.com", + "DATE_PUBLIC": "2021-03-01", + "ID": "CVE-2021-21514", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Dell Open Manage Server Administrator", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "9.5" + } + ] + } + } + ] + }, + "vendor_name": "Dell" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang": "eng", + "value": "Dell EMC OpenManage Server Administrator (OMSA) versions 9.5 and prior contain a path traversal vulnerability. A remote user with admin privileges could potentially exploit this vulnerability to view arbitrary files on the target system by sending a specially crafted URL request." + } + ] + }, + "impact": { + "cvss": { + "baseScore": 4.9, + "baseSeverity": "Medium", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://www.dell.com/support/kbdoc/en-us/000183670/dsa-2021-040-dell-emc-openmanage-server-administrator-omsa-security-update-for-multiple-vulnerabilities" } ] }