CVE-2021-21558 HIGH

CVE-2021-21558

Vendor Dell
Product NetWorker
Weakness CWE-532 · Sensitive info in logs
Published June 8, 2021
Last update September 16, 2024

CVSS base score

8.2/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

Dell EMC NetWorker, 18.x, 19.1.x, 19.2.x 19.3.x, 19.4 and 19.4.0.1, contains an Information Disclosure vulnerability. A local administrator of the gstd system may potentially exploit this vulnerability to read LDAP credentials from local logs and use the stolen credentials to make changes to the network domain.

Key dates

02Disclosure timeline

June 8, 2021 CVE published
September 16, 2024 Record updated