CVE-2021-21601

Published: Aug 10, 2021Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Dell EMC Data Protection Search, 19.4 and prior, and IDPA, 2.6.1 and prior, contain an Information Exposure in Log File Vulnerability in CIS. A local low privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with the privileges of the compromised account.

Affected (2)

Products: Dell: Emc Data Protection Search, Emc Integrated Data Protection Appliance

2 products

Emc Data Protection Search

Emc Integrated Data Protection Appliance

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Dell Emc Data Protection Search	Before 19.5
Dell Emc Integrated Data Protection Appliance	Before 2.7

Related CWEs

Insertion of Sensitive Information into Log File

Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

References (2)

https://www.dell.com/support/kbdoc/000189555

Source: security_alert@emc.com

PatchVendor Advisory

https://www.dell.com/support/kbdoc/000189555

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.