CVE-2021-21547

Published: Apr 30, 2021Modified: Nov 21, 2024

6.7

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.8 / Impact: 5.9

Source: NVD

Description

Dell EMC Unity, UnityVSA, and Unity XT versions prior to 5.0.7.0.5.008 contain a plain-text password storage vulnerability when the Dell Upgrade Readiness Utility is run on the system. The credentials of the Unisphere Administrator are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user.

Affected (3)

Products: Dell: Unity Operating Environment, Unity Xt Operating Environment, Unityvsa Operating Environment

Dell

3 products

Unity Operating Environment

Unity Xt Operating Environment

Unityvsa Operating Environment

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Dell Unity Operating Environment	Before 5.0.7.0.5.008
Dell Unity Xt Operating Environment	Before 5.0.7.0.5.008
Dell Unityvsa Operating Environment	Before 5.0.7.0.5.008

Related CWEs

CWE-312

Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

References (2)

https://www.dell.com/support/kbdoc/000185484

Source: security_alert@emc.com

PatchVendor Advisory

https://www.dell.com/support/kbdoc/000185484

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.