Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-21547

Опубликовано: 30 апр. 2021
Источник: nvd
CVSS3: 6.4
CVSS3: 6.7
CVSS2: 2.1
EPSS Низкий

Описание

Dell EMC Unity, UnityVSA, and Unity XT versions prior to 5.0.7.0.5.008 contain a plain-text password storage vulnerability when the Dell Upgrade Readiness Utility is run on the system. The credentials of the Unisphere Administrator are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:dell:unity_operating_environment:*:*:*:*:*:*:*:*
Версия до 5.0.7.0.5.008 (исключая)
cpe:2.3:a:dell:unity_xt_operating_environment:*:*:*:*:*:*:*:*
Версия до 5.0.7.0.5.008 (исключая)
cpe:2.3:a:dell:unityvsa_operating_environment:*:*:*:*:*:*:*:*
Версия до 5.0.7.0.5.008 (исключая)

EPSS

Процентиль: 5%
0.00021
Низкий

6.4 Medium

CVSS3

6.7 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-312

Связанные уязвимости

github логотип

GHSA-9qwc-8pqf-mrxv

github
больше 3 лет назад

Dell EMC Unity, UnityVSA, and Unity XT versions prior to 5.0.7.0.5.008 contain a plain-text password storage vulnerability when the Dell Upgrade Readiness Utility is run on the system. The credentials of the Unisphere Administrator are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user.

EPSS

Процентиль: 5%
0.00021
Низкий

6.4 Medium

CVSS3

6.7 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-312