CVE-2021-36299: SQL Injection
First published: Tue Nov 23 2021(Updated: )
Dell iDRAC9 versions 4.40.00.00 and later, but prior to 4.40.29.00 and 5.00.00.00 contain an SQL injection vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to cause information disclosure or denial of service by supplying specially crafted input data to the affected application.
Credit: security_alert@emc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dell iDRAC9 Firmware | >=4.40.00.00<4.40.29.00 | |
| Dell iDRAC9 Firmware | =5.00.00.00 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2021-36299?
CVE-2021-36299 has a severity rating of Medium due to its potential for information disclosure and denial of service.
How do I fix CVE-2021-36299?
To fix CVE-2021-36299, update the Dell iDRAC9 firmware to version 4.40.29.00 or later.
Who is affected by CVE-2021-36299?
CVE-2021-36299 affects versions of Dell iDRAC9 firmware 4.40.00.00 and later, but prior to 4.40.29.00 and version 5.00.00.00.
What type of vulnerability is CVE-2021-36299?
CVE-2021-36299 is an SQL injection vulnerability that can be exploited by remote authenticated users.
What can happen if CVE-2021-36299 is exploited?
Exploitation of CVE-2021-36299 can lead to information disclosure or cause a denial of service.
- agent/type
- agent/softwarecombine
- agent/remedy
- agent/weakness
- agent/author
- agent/severity
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/dell
- canonical/dell idrac9 firmware
- version/dell idrac9 firmware/4.40.00.00
- version/dell idrac9 firmware/5.00.00.00