PT-2021-14580 · Dell · Dell Emc Openmanage Enterprise-Modular

Thorsten Tüllmann

Published

2021-04-30

Updated

2021-05-10

CVE-2021-21530

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Dell OpenManage Enterprise-Modular (OME-M) versions prior to 1.30.00

Description The issue allows an authenticated malicious user with low privileges to potentially exploit a security bypass, leading to information disclosure and elevation of privilege by escaping the restricted environment and accessing sensitive system information.

Recommendations For versions prior to 1.30.00, update to version 1.30.00 or later to resolve the issue.

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2021-21530

Affected Products

Dell Emc Openmanage Enterprise-Modular

PT-2021-14580 · Dell · Dell Emc Openmanage Enterprise-Modular

CVE-2021-21530

Weakness Enumeration

Related Identifiers

Affected Products

References · 3