PT-2021-14632 · Dell Emc · Dell Emc Powerflex

Published

2021-07-12

Updated

2021-07-14

CVE-2021-21588

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Dell EMC PowerFlex versions 3.5.x

Description The issue concerns a Cross-Site WebSocket Hijacking vulnerability in the Presentation Server/WebUI. An unauthenticated attacker could exploit this by tricking a user into performing unwanted actions, potentially leading to configuration changes.

Recommendations For versions 3.5.x, consider restricting access to the Presentation Server/WebUI to minimize the risk of exploitation until a fix is available.

Fix

Insufficient Verification of Data Authenticity

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-345

Related Identifiers

CVE-2021-21588

Affected Products

Dell Emc Powerflex

PT-2021-14632 · Dell Emc · Dell Emc Powerflex

CVE-2021-21588

Weakness Enumeration

Related Identifiers

Affected Products

References · 3