Cross-Site Request Forgery in Dell EMC XtremIO Management Software
CVE-2021-21549

8.8HIGH

Key Information:

Vendor: Dell
Status: Xtremio
Vendor: CVE Published:; 21 May 2021

What is CVE-2021-21549?

The Dell EMC XtremIO Management Software prior to version 6.3.3-8 is susceptible to a Cross-Site Request Forgery (CSRF) vulnerability. This vulnerability could allow a non-privileged attacker to trick a privileged user into performing unintended actions on the XtremIO application. By manipulating the victim into sending malicious requests, the attacker could potentially affect the application's state and compromise its integrity.

Affected Version(s)

XtremIO < unspecified

References

https://www.dell.com/support/kbdoc/000186363

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 21, 2021
Vulnerability Reserved
Jan 4, 2021