CVE-2021-21591

CWE-200 — Information Exposure CWE-522 — Insufficiently Protected Credentials3 documents3 sources

Severity

6.7MEDIUM

EPSS

0.0%

top 85.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell Unity Dell EMC Unity Operating Environment Dell EMC Unity XT Operating Environment +1 more

Timeline

PublishedJul 12

Latest updateMay 24

Description

Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 contain a plain-text password storage vulnerability. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.5 | Impact: 5.9

Affected Packages4 packages

▶NVDdell/emc_unityvsa_operating_environment< 5.1.0.0.5.394

▶CVEListV5dell/unityunspecified — 5.1.0.0.5.394

▶NVDdell/emc_unity_operating_environment< 5.1.0.0.5.394

▶NVDdell/emc_unity_xt_operating_environment< 5.1.0.0.5.394

🔴Vulnerability Details

GHSA

GHSA-6rq3-pxgh-fw4x: Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5↗2022-05-24

▶

CVEList

CVE-2021-21591: Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5↗2021-07-12

▶