Authentication Bypass in Dell EMC OpenManage Server Administrator
CVE-2021-21513

8.6HIGH

Key Information:

Vendor: Dell
Status: Dell Open Manage Server Administrator
Vendor: CVE Published:; 2 March 2021

Summary

The Dell EMC OpenManage Server Administrator (OMSA) version 9.5, specifically in Microsoft Windows environments with Distributed Web Server (DWS) enabled, exhibits an authentication bypass vulnerability. This flaw allows remote unauthenticated attackers to exploit the system, potentially gaining administrative access without proper credentials. Organizations using this software should promptly assess their configurations to mitigate the risks associated with unauthorized access.

Affected Version(s)

Dell Open Manage Server Administrator <= 9.5

References

https://www.tenable.com/security/research/tra-2021-07

x_refsource_MISC

https://www.dell.com/support/kbdoc/en-us/000183670/dsa-20...

x_refsource_MISC

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 2, 2021
Vulnerability Reserved
Jan 4, 2021