CVE-2021-21548

Name of the Vulnerable Software and Affected Versions Dell EMC Unisphere for PowerMax versions prior to 9.1.0.27 Dell EMC Unisphere for PowerMax Virtual Appliance versions prior to 9.1.0.27 PowerMax OS Release 5978

Description The issue is related to an improper certificate validation, which could allow an unauthenticated remote attacker to carry out a man-in-the-middle attack. This is done by supplying a crafted certificate, enabling the attacker to intercept the victim's traffic, view, or modify a victim’s data in transit.

Recommendations For Dell EMC Unisphere for PowerMax versions prior to 9.1.0.27, update to version 9.1.0.27 or later. For Dell EMC Unisphere for PowerMax Virtual Appliance versions prior to 9.1.0.27, update to version 9.1.0.27 or later. For PowerMax OS Release 5978, update to a release that includes the fix for this issue. As a temporary workaround, consider restricting access to sensitive data and implementing additional security measures to detect and prevent man-in-the-middle attacks until a patch is available.