Vulnerabilities > Dell > Idrac9 Firmware > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-18 | CVE-2022-34435 | Improper Input Validation vulnerability in Dell Idrac9 Firmware Dell iDRAC9 version 6.00.02.00 and prior contain an improper input validation vulnerability in Racadm when the firmware lock-down configuration is set. | 4.9 |
| 2021-04-30 | CVE-2021-21543 | Cross-site Scripting vulnerability in Dell Idrac9 Firmware Dell EMC iDRAC9 versions prior to 4.40.00.00 contain multiple stored cross-site scripting vulnerabilities. | 4.8 |
| 2021-04-30 | CVE-2021-21542 | Cross-site Scripting vulnerability in Dell Idrac9 Firmware Dell EMC iDRAC9 versions prior to 4.40.10.00 contain multiple stored cross-site scripting vulnerabilities. | 4.8 |
| 2021-04-30 | CVE-2021-21541 | Cross-site Scripting vulnerability in Dell Idrac9 Firmware Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a DOM-based cross-site scripting vulnerability. | 6.1 |
| 2020-12-16 | CVE-2020-26198 | Cross-site Scripting vulnerability in Dell Idrac9 Firmware Dell EMC iDRAC9 versions prior to 4.32.10.00 and 4.40.00.00 contain a reflected cross-site scripting vulnerability in the iDRAC9 web application. | 6.1 |
| 2020-07-09 | CVE-2020-5366 | Path Traversal vulnerability in Dell Idrac9 Firmware Dell EMC iDRAC9 versions prior to 4.20.20.20 contain a Path Traversal Vulnerability. | 6.5 |
| 2019-11-07 | CVE-2019-3764 | Unspecified vulnerability in Dell Idrac7 Firmware, Idrac8 Firmware and Idrac9 Firmware Dell EMC iDRAC7 versions prior to 2.65.65.65, iDRAC8 versions prior to 2.70.70.70 and iDRAC9 versions prior to 3.36.36.36 contain an improper authorization vulnerability. | 4.3 |
| 2018-07-02 | CVE-2018-1249 | Unspecified vulnerability in Dell Idrac9 Firmware Dell EMC iDRAC9 versions prior to 3.21.21.21 did not enforce the use of TLS/SSL for a connection to iDRAC web server for certain URLs. | 5.9 |