CVE-2021-21546

Published: Jul 29, 2021Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

Dell EMC NetWorker versions 18.x,19.x prior to 19.3.0.4 and 19.4.0.0 contain an Information Disclosure in Log Files vulnerability. A local low-privileged user of the Networker server could potentially exploit this vulnerability to read plain-text credentials from server log files.

Affected (5)

Products: Dell: Emc Networker

Dell

1 product

Emc Networker

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Dell Emc Networker	From 19.1.1.0 to 19.3.0.4
Dell Emc Networker	Version 18.1.0.1
Dell Emc Networker	Version 18.1.0.2
Dell Emc Networker	Version 18.2.0.0
Dell Emc Networker	Version 19.4.0.0

Related CWEs

CWE-532

Insertion of Sensitive Information into Log File

Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

References (2)

https://www.dell.com/support/kbdoc/en-us/000185470/dsa-2021-081-dell-emc-networker-security-update-for-a-clear-text-vulnerability

Source: security_alert@emc.com

PatchVendor Advisory

https://www.dell.com/support/kbdoc/en-us/000185470/dsa-2021-081-dell-emc-networker-security-update-for-a-clear-text-vulnerability

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.