Sign-up

ID

VAR-202103-0638


CVE

CVE-2021-21514


TITLE

Dell EMC OpenManage Server Administrator  Traversal Vulnerability in Japan

Trust: 0.8

sources: JVNDB: JVNDB-2021-003733

DESCRIPTION

Dell EMC OpenManage Server Administrator (OMSA) versions 9.5 and prior contain a path traversal vulnerability. A remote user with admin privileges could potentially exploit this vulnerability to view arbitrary files on the target system by sending a specially crafted URL request. The solution supports online diagnosis, system operation detection, equipment management, etc

Trust: 1.8

sources: NVD: CVE-2021-21514 // JVNDB: JVNDB-2021-003733 // VULHUB: VHN-379918 // VULMON: CVE-2021-21514

AFFECTED PRODUCTS

vendor:dellmodel:openmanage server administratorscope:lteversion:9.5.0

Trust: 1.0

vendor:デルmodel:openmanage server administratorscope:eqversion: -

Trust: 0.8

vendor:デルmodel:openmanage server administratorscope:lteversion:9.5 and earlier

Trust: 0.8

sources: JVNDB: JVNDB-2021-003733 // NVD: CVE-2021-21514

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-21514
value: MEDIUM

Trust: 1.0

security_alert@emc.com: CVE-2021-21514
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-21514
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202103-140
value: MEDIUM

Trust: 0.6

VULHUB: VHN-379918
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-21514
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-21514
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-379918
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-21514
baseSeverity: MEDIUM
baseScore: 4.9
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.2
impactScore: 3.6
version: 3.1

Trust: 2.0

OTHER: JVNDB-2021-003733
baseSeverity: MEDIUM
baseScore: 4.9
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-379918 // VULMON: CVE-2021-21514 // JVNDB: JVNDB-2021-003733 // CNNVD: CNNVD-202103-140 // NVD: CVE-2021-21514 // NVD: CVE-2021-21514

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.1

problemtype:Path traversal (CWE-22) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-379918 // JVNDB: JVNDB-2021-003733 // NVD: CVE-2021-21514

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202103-140

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202103-140

PATCH

title:DSA-2021-040url:https://www.dell.com/support/kbdoc/ja-jp/000183670/dsa-2021-040-dell-emc-openmanage-server-administrator-omsa-security-update-for-multiple-vulnerabilities

Trust: 0.8

title:Dell EMC OpenManage Server Administrator Repair measures for path traversal vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=143174

Trust: 0.6

title:AWS-CVEsurl:https://github.com/sunzu94/AWS-CVEs

Trust: 0.1

sources: VULMON: CVE-2021-21514 // JVNDB: JVNDB-2021-003733 // CNNVD: CNNVD-202103-140

EXTERNAL IDS

db:NVDid:CVE-2021-21514

Trust: 2.6

db:JVNDBid:JVNDB-2021-003733

Trust: 0.8

db:CNNVDid:CNNVD-202103-140

Trust: 0.6

db:VULHUBid:VHN-379918

Trust: 0.1

db:VULMONid:CVE-2021-21514

Trust: 0.1

sources: VULHUB: VHN-379918 // VULMON: CVE-2021-21514 // JVNDB: JVNDB-2021-003733 // CNNVD: CNNVD-202103-140 // NVD: CVE-2021-21514

REFERENCES

url:https://www.dell.com/support/kbdoc/en-us/000183670/dsa-2021-040-dell-emc-openmanage-server-administrator-omsa-security-update-for-multiple-vulnerabilities

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-21514

Trust: 1.4

url:https://vigilance.fr/vulnerability/dell-emc-openmanage-server-administrator-two-vulnerabilities-34728

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/22.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/sunzu94/aws-cves

Trust: 0.1

sources: VULHUB: VHN-379918 // VULMON: CVE-2021-21514 // JVNDB: JVNDB-2021-003733 // CNNVD: CNNVD-202103-140 // NVD: CVE-2021-21514

SOURCES

db:VULHUBid:VHN-379918
db:VULMONid:CVE-2021-21514
db:JVNDBid:JVNDB-2021-003733
db:CNNVDid:CNNVD-202103-140
db:NVDid:CVE-2021-21514

LAST UPDATE DATE

2024-11-23T23:01:04.244000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-379918date:2021-03-09T00:00:00
db:VULMONid:CVE-2021-21514date:2021-03-09T00:00:00
db:JVNDBid:JVNDB-2021-003733date:2021-11-04T02:20:00
db:CNNVDid:CNNVD-202103-140date:2021-03-15T00:00:00
db:NVDid:CVE-2021-21514date:2024-11-21T05:48:30.713

SOURCES RELEASE DATE

db:VULHUBid:VHN-379918date:2021-03-02T00:00:00
db:VULMONid:CVE-2021-21514date:2021-03-02T00:00:00
db:JVNDBid:JVNDB-2021-003733date:2021-11-04T00:00:00
db:CNNVDid:CNNVD-202103-140date:2021-03-02T00:00:00
db:NVDid:CVE-2021-21514date:2021-03-02T16:15:12.987