CVE-2021-36299

Name of the Vulnerable Software and Affected Versions Dell iDRAC9 versions 4.40.00.00 through 4.40.28.00 Dell iDRAC9 version 5.00.00.00 is not affected, the issue is present in versions prior to 4.40.29.00

Description The issue is an SQL injection vulnerability that can be exploited by a remote authenticated malicious user with low privileges. This can be done by supplying specially crafted input data to the affected application, potentially causing information disclosure or denial of service.

Recommendations For Dell iDRAC9 versions 4.40.00.00 through 4.40.28.00, update to version 4.40.29.00 or later to resolve the issue. For Dell iDRAC9 versions prior to 4.40.29.00, consider restricting access to the affected application as a temporary workaround until a patch is available.