CVE-2021-21580

Name of the Vulnerable Software and Affected Versions Dell EMC iDRAC8 versions prior to 2.80.80.80 Dell EMC iDRAC9 versions prior to 5.00.00.00

Description The issue is related to content spoofing and text injection, where a malicious URL can inject text to present a customized message on the application. This can lead to phishing attacks, making users believe the message is legitimate. A malicious URL can be used to inject text and present a customized message.

Recommendations For Dell EMC iDRAC8 versions prior to 2.80.80.80, update to version 2.80.80.80 or later. For Dell EMC iDRAC9 versions prior to 5.00.00.00, update to version 5.00.00.00 or later. As a temporary workaround, consider restricting access to the application to minimize the risk of exploitation. Avoid using malicious URLs in the application until the issue is resolved.