Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an authentication bypass vulnerability. A remote unauthenticated attacker may exploit this vulnerability by forging a cookie to login as any user.
References
Configurations
Configuration 1 (hide)
AND |
|
History
31 Jan 2022, 21:29
Type | Values Removed | Values Added |
---|---|---|
First Time |
Dell vnx8000
Dell vnx7600 Dell vnx5200 Dell vnx5600 Dell Dell vnx5400 Dell vnx Vg10 Dell emc Unity Operating Environment Dell vnx5800 Dell vnx Vg50 |
|
CWE | CWE-330 | |
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
CPE | cpe:2.3:h:dell:vnx8000:-:*:*:*:*:*:*:* cpe:2.3:h:dell:vnx5400:-:*:*:*:*:*:*:* cpe:2.3:h:dell:vnx5800:-:*:*:*:*:*:*:* cpe:2.3:h:dell:vnx5600:-:*:*:*:*:*:*:* cpe:2.3:h:dell:vnx7600:-:*:*:*:*:*:*:* cpe:2.3:h:dell:vnx_vg50:-:*:*:*:*:*:*:* cpe:2.3:h:dell:vnx_vg10:-:*:*:*:*:*:*:* cpe:2.3:h:dell:vnx5200:-:*:*:*:*:*:*:* cpe:2.3:a:dell:emc_unity_operating_environment:*:*:*:*:*:*:*:* |
|
References | (MISC) https://www.dell.com/support/kbdoc/en-us/000191155/dsa-2021-164-dell-vnx2-control-station-security-update-for-multiple-vulnerabilities - Vendor Advisory |
25 Jan 2022, 23:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-01-25 23:15
Updated : 2023-12-10 14:09
NVD link : CVE-2021-36294
Mitre link : CVE-2021-36294
CVE.ORG link : CVE-2021-36294
JSON object : View
Products Affected
dell
- vnx5200
- emc_unity_operating_environment
- vnx5600
- vnx_vg50
- vnx_vg10
- vnx5800
- vnx7600
- vnx8000
- vnx5400