CVE-2021-21549

Name of the Vulnerable Software and Affected Versions Dell EMC XtremIO versions prior to 6.3.3-8

Description The issue is related to a Cross-Site Request Forgery vulnerability in XMS. A non-privileged attacker could potentially exploit this, leading to a privileged victim application user being tricked into sending state-changing requests to the vulnerable application, causing unintended server operations.

Recommendations For versions prior to 6.3.3-8, update to version 6.3.3-8 or later to resolve the issue. As a temporary workaround, consider implementing additional validation checks on requests to prevent unintended server operations. Restrict access to the XMS interface to minimize the risk of exploitation.