First published: Wed Apr 14 2021(Updated: )
Dell EMC iDRAC9 versions prior to 4.40.10.00 contain multiple stored cross-site scripting vulnerabilities. A remote authenticated malicious user with high privileges could potentially exploit these vulnerabilities to store malicious HTML or JavaScript code through multiple affected while generating a certificate. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application.
Credit: security_alert@emc.com
Affected Software | Affected Version | How to fix |
---|---|---|
Dell Idrac9 Firmware | <4.40.00.00 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-21542 is a vulnerability in Dell EMC iDRAC9 versions prior to 4.40.10.00 that allows for multiple stored cross-site scripting attacks.
A remote authenticated malicious user with high privileges can exploit this vulnerability to store malicious HTML or JavaScript code.
The severity of CVE-2021-21542 is medium, with a CVSS score of 4.8.
Versions of Dell EMC iDRAC9 firmware prior to 4.40.10.00 are affected by CVE-2021-21542.
To fix CVE-2021-21542, update your Dell EMC iDRAC9 firmware to version 4.40.10.00 or later.