Lucene search

[email protected]NVD:CVE-2021-36327

HistoryNov 30, 2021 - 9:15 p.m.

CVE-2021-36327

2021-11-3021:15:07

CWE-918

[email protected]

web.nvd.nist.gov

dell emc

streaming data platform

ssrf

vulnerability

port scanning

http requests

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.002

Percentile

51.2%

JSON

Dell EMC Streaming Data Platform versions before 1.3 contain a Server Side Request Forgery Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to perform port scanning of internal networks and make HTTP requests to an arbitrary domain of the attacker’s choice.

Affected configurations

Nvd

Node

dellemc_streaming_data_platformRange<1.3

VendorProductVersionCPE
dellemc_streaming_data_platform*cpe:2.3:a:dell:emc_streaming_data_platform:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dell	emc_streaming_data_platform	*	cpe:2.3:a:dell:emc_streaming_data_platform::::::::

References

www.dell.com/support/kbdoc/en-in/000193697/dsa-2021-205-dell-emc-streaming-data-platform-security-update-for-third-party-vulnerabilities

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.002

Percentile

51.2%

JSON

Related for NVD:CVE-2021-36327

cnvd1 cvelist1 cve1 prion1