Dell Integrated Dell Remote Access Controller vulnerabilities
26 known vulnerabilities affecting dell/integrated_dell_remote_access_controller.
Total CVEs
26
CISA KEV
0
Public exploits
0
Exploited in wild
1
Severity breakdown
CRITICAL2HIGH7MEDIUM16LOW1
Vulnerabilities
Page 2 of 2
CVE-2021-21576P4MEDIUMCVSS 6.1≥ unspecified, < 4.40.40.002021-08-03
CVE-2021-21576 [MEDIUM] CWE-79 CVE-2021-21576: Dell EMC iDRAC9 versions prior to 4.40.40.00 contain a DOM-based cross-site scripting vulnerability.
Dell EMC iDRAC9 versions prior to 4.40.40.00 contain a DOM-based cross-site scripting vulnerability. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript in a victim’s browser by tricking a victim in to following a specially crafted link.
nvd
CVE-2021-21543P4MEDIUMCVSS 4.8≥ unspecified, < 4.40.00.002021-04-30
CVE-2021-21543 [MEDIUM] CWE-79 CVE-2021-21543: Dell EMC iDRAC9 versions prior to 4.40.00.00 contain multiple stored cross-site scripting vulnerabil
Dell EMC iDRAC9 versions prior to 4.40.00.00 contain multiple stored cross-site scripting vulnerabilities. A remote authenticated malicious user with high privileges could potentially exploit these vulnerabilities to store malicious HTML or JavaScript code through multiple affected parameters. When victim users access the submitted data through their
nvd
CVE-2021-21542P4MEDIUMCVSS 4.8≥ unspecified, < 4.40.10.002021-04-30
CVE-2021-21542 [MEDIUM] CWE-79 CVE-2021-21542: Dell EMC iDRAC9 versions prior to 4.40.10.00 contain multiple stored cross-site scripting vulnerabil
Dell EMC iDRAC9 versions prior to 4.40.10.00 contain multiple stored cross-site scripting vulnerabilities. A remote authenticated malicious user with high privileges could potentially exploit these vulnerabilities to store malicious HTML or JavaScript code through multiple affected while generating a certificate. When victim users access the submitte
nvd
CVE-2019-3764P4MEDIUMCVSS 4.3≥ unspecified, < iDRAC7: 2.65.65.65, iDRAC8: 2.70.70.70, iDRAC9: 3.40.40.40 and 3.36.36.362019-11-07
CVE-2019-3764 [MEDIUM] CWE-285 CVE-2019-3764: Dell EMC iDRAC7 versions prior to 2.65.65.65, iDRAC8 versions prior to 2.70.70.70 and iDRAC9 version
Dell EMC iDRAC7 versions prior to 2.65.65.65, iDRAC8 versions prior to 2.70.70.70 and iDRAC9 versions prior to 3.36.36.36 contain an improper authorization vulnerability. A remote authenticated malicious iDRAC user with low privileges may potentially exploit this vulnerability to obtain sensitive information such as password hashes.
nvd
CVE-2021-21580P4MEDIUMCVSS 4.3≥ unspecified, < 5.00.00.002021-08-03
CVE-2021-21580 [MEDIUM] CWE-74 CVE-2021-21580: Dell EMC iDRAC8 versions prior to 2.80.80.80 & Dell EMC iDRAC9 versions prior to 5.00.00.00 contain
Dell EMC iDRAC8 versions prior to 2.80.80.80 & Dell EMC iDRAC9 versions prior to 5.00.00.00 contain a Content spoofing / Text injection, where a malicious URL can inject text to present a customized message on the application that can phish users into believing that the message is legitimate.
nvd
CVE-2021-21544P4LOWCVSS 2.7≥ unspecified, < 4.40.00.002021-04-30
CVE-2021-21544 [LOW] CWE-602 CVE-2021-21544: Dell EMC iDRAC9 versions prior to 4.40.00.00 contain an improper authentication vulnerability. A rem
Dell EMC iDRAC9 versions prior to 4.40.00.00 contain an improper authentication vulnerability. A remote authenticated malicious user with high privileges could potentially exploit this vulnerability to manipulate the username field under the comment section and set the value to any user.
nvd
← Previous2 / 2