Vulnerabilities > CVE-2021-21531 - Incorrect Resource Transfer Between Spheres vulnerability in Dell products

CVSS 4.6 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

local

low complexity

dell

CWE-669

NVD

Published: 2021-04-30

Updated: 2021-05-10

Summary

Dell Unisphere for PowerMax versions prior to 9.2.1.6 contain an Authorization Bypass Vulnerability. A local authenticated malicious user with monitor role may exploit this vulnerability to perform unauthorized actions.

Vulnerable Configurations

Part	Description	Count
Application	Dell Dell Solutions Enabler - Dell Solutions Enabler 9.2.0 Dell Solutions Enabler 9.2.1.1 Dell Solutions Enabler Virtual Appliance * Dell Unisphere FOR Powermax * Dell Unisphere FOR Powermax Virtual Appliance *	6
OS	Dell Dell Powermax OS 5978	1

Common Weakness Enumeration (CWE)

CWE-669 - Incorrect Resource Transfer Between Spheres

References

https://www.dell.com/support/kbdoc/000184565