CVE-2021-21595: Command Injection
First published: Mon Aug 16 2021(Updated: )
Dell EMC PowerScale OneFS versions 8.2.x - 9.1.1.x contain an improper neutralization of special elements used in an OS command. This vulnerability could allow the compadmin user to elevate privileges. This only impacts Smartlock WORM compliance mode clusters as a critical vulnerability and Dell recommends to update/upgrade at the earliest opportunity.
Credit: security_alert@emc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dell EMC Isilon OneFS | >=9.0.0.0<9.2.0 | |
| Dell EMC Isilon OneFS | =8.2.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2021-21595?
CVE-2021-21595 is classified as a critical vulnerability.
How do I fix CVE-2021-21595?
To fix CVE-2021-21595, upgrade Dell EMC PowerScale OneFS to version 9.2.0 or later.
Who is affected by CVE-2021-21595?
CVE-2021-21595 affects users of Dell EMC PowerScale OneFS versions 8.2.x to 9.1.1.x in Smartlock WORM compliance mode.
What type of vulnerability is CVE-2021-21595?
CVE-2021-21595 is an improper neutralization of special elements used in an OS command vulnerability.
What can happen if CVE-2021-21595 is exploited?
If CVE-2021-21595 is exploited, it could allow the compadmin user to elevate privileges.
- agent/type
- agent/softwarecombine
- agent/severity
- agent/author
- agent/weakness
- agent/remedy
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/dell
- canonical/dell emc isilon onefs
- version/dell emc isilon onefs/9.0.0.0
- version/dell emc isilon onefs/8.2.2