Vulnerabilities > CVE-2021-21531 - Incorrect Resource Transfer Between Spheres vulnerability in Dell products

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

dell

CWE-669

NVD

Published: 2021-04-30

Updated: 2021-05-10

Summary

Dell Unisphere for PowerMax versions prior to 9.2.1.6 contain an Authorization Bypass Vulnerability. A local authenticated malicious user with monitor role may exploit this vulnerability to perform unauthorized actions.

Vulnerable Configurations

Part	Description	Count
OS	Dell Dell Powermax OS 5978	1
Application	Dell Dell Solutions Enabler - Dell Solutions Enabler 9.2.0 Dell Solutions Enabler 9.2.1.1 Dell Unisphere FOR Powermax - Dell Unisphere FOR Powermax 9.2.1.6 Dell Unisphere FOR Powermax Virtual Appliance - Dell Unisphere FOR Powermax Virtual Appliance * Dell Solutions Enabler Virtual Appliance - Dell Solutions Enabler Virtual Appliance *	10

Common Weakness Enumeration (CWE)

CWE-669 - Incorrect Resource Transfer Between Spheres

References

https://www.dell.com/support/kbdoc/000184565