CVE-2021-36349Server-Side Request Forgery in Dell Data Protection Central

CWE-918Server-Side Request Forgery3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.1%
top 67.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Dell Data Protection CentralDell EMC Data Protection Central
Timeline
PublishedJan 24
Latest updateJan 25

Description

Dell EMC Data Protection Central versions 19.5 and prior contain a Server Side Request Forgery vulnerability in the DPC DNS client processing. A remote malicious user could potentially exploit this vulnerability, allowing port scanning of external hosts.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

CVEListV5dell/data_protection_centralunspecified19.6

🔴Vulnerability Details

2
GHSA
GHSA-v4gr-cw6x-c3jw: Dell EMC Data Protection Central versions 192022-01-25
CVEList
CVE-2021-36349: Dell EMC Data Protection Central versions 192022-01-24
CVE-2021-36349 — Server-Side Request Forgery in Dell | cvebase