admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 01:02:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2021/CVE-2021-215xx/CVE-2021-21524.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

144 lines
4.6 KiB
JSON
Raw Blame History

{
"id": "CVE-2021-21524",
"sourceIdentifier": "security_alert@emc.com",
"published": "2021-04-12T20:15:11.680",
"lastModified": "2021-04-22T14:43:35.793",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Dell SRM versions prior to 4.5.0.1 and Dell SMR versions prior to 4.5.0.1 contain an Untrusted Deserialization Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to arbitrary privileged code execution on the vulnerable application. The severity is Critical as this may lead to system compromise by unauthenticated attackers."
},
{
"lang": "es",
"value": "Dell SRM versiones anteriores a 4.5.0.1 y Dell SMR versiones anteriores a 4.5.0.1, contienen una vulnerabilidad de Deserializaci\u00f3n No Confiable. Un atacante remoto no autenticado podr\u00eda potencialmente explotar esta vulnerabilidad, conllevando una ejecuci\u00f3n de c\u00f3digo arbitraria privilegiada en la aplicaci\u00f3n vulnerable. La gravedad es Cr\u00edtica, ya que esto puede conllevar a comprometer el sistema por parte de atacantes no autenticados"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dell:storage_monitoring_and_reporting:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.5.0.1",
"matchCriteriaId": "21994916-AA81-4287-AF20-6849D53D5396"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.5.0.1",
"matchCriteriaId": "A1CA2142-2C18-4FF6-8223-39ED31AF7787"
}
]
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000184753/dsa-2021-054-dell-emc-srm-and-dell-emc-storage-monitoring-and-reporting-smr-security-update-for-multiple-vulnerabilities",
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink