CVE-2021-21591
12.07.2021, 16:15
Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 contain a plain-text password storage vulnerability. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user.Enginsight
| Vendor | Product | Version |
|---|---|---|
| dell | emc_unity_operating_environment | 𝑥 < 5.1.0.0.5.394 |
| dell | emc_unity_xt_operating_environment | 𝑥 < 5.1.0.0.5.394 |
| dell | emc_unityvsa_operating_environment | 𝑥 < 5.1.0.0.5.394 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-200 - Exposure of Sensitive Information to an Unauthorized ActorThe product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
- CWE-522 - Insufficiently Protected CredentialsThe product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.