CVE-2021-21513

{"id": "CVE-2021-21513", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "security_alert@emc.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 4.7, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2021-03-02T16:15:12.817", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000183670/dsa-2021-040-dell-emc-openmanage-server-administrator-omsa-security-update-for-multiple-vulnerabilities", "tags": ["Vendor Advisory"], "source": "security_alert@emc.com"}, {"url": "https://www.tenable.com/security/research/tra-2021-07", "tags": ["Exploit", "Third Party Advisory"], "source": "security_alert@emc.com"}, {"url": "https://www.dell.com/support/kbdoc/en-us/000183670/dsa-2021-040-dell-emc-openmanage-server-administrator-omsa-security-update-for-multiple-vulnerabilities", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.tenable.com/security/research/tra-2021-07", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security_alert@emc.com", "description": [{"lang": "en", "value": "CWE-287"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "Dell EMC OpenManage Server Administrator (OMSA) version 9.5 Microsoft Windows installations with Distributed Web Server (DWS) enabled configuration contains an authentication bypass vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain admin access on the affected system."}, {"lang": "es", "value": "Las instalaciones de Microsoft Windows de Dell EMC OpenManage Server Administrator (OMSA) versi\u00f3n 9.5, con configuraci\u00f3n habilitada de Distributed Web Server (DWS) contienen una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n. Un atacante remoto no autenticado podr\u00eda potencialmente explotar esta vulnerabilidad para conseguir acceso de administrador en el sistema afectado"}], "lastModified": "2024-11-21T05:48:30.583", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dell:openmanage_server_administrator:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BEDA83EB-FBB0-479E-88BC-21A3CFB5B068", "versionEndExcluding": "9.4.0.3"}, {"criteria": "cpe:2.3:a:dell:openmanage_server_administrator:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B600F2C4-37A8-4B2C-84EA-4DCFB1F48C82", "versionEndExcluding": "9.5.0.1", "versionStartIncluding": "9.5.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}