PT-2021-14628 · Dell · Dell Openmanage Enterprise+1

Published

2021-08-09

Updated

2021-08-13

CVE-2021-21584

CVSS v3.1

7.7

High

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Dell OpenManage Enterprise version 3.5 Dell OpenManage Enterprise-Modular version 1.30.00

Description The issue allows an authenticated low privileged attacker to potentially exploit it, leading to disclosure of the OIDC server credentials.

Recommendations For Dell OpenManage Enterprise version 3.5, update to a version that contains a fix for this issue. For Dell OpenManage Enterprise-Modular version 1.30.00, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to the OIDC server credentials until a patch is available.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2021-21584

Affected Products

Dell Openmanage Enterprise

Dell Emc Openmanage Enterprise-Modular

PT-2021-14628 · Dell · Dell Openmanage Enterprise+1

CVE-2021-21584

Weakness Enumeration

Related Identifiers

Affected Products

References · 5