CVE-2021-21513

HIGH

Dell OpenManage Server Administrator < 9.4.0.3 - Unauthenticated Authentication Bypass via Distributed Web Server

Title source: llm

Description

Dell EMC OpenManage Server Administrator (OMSA) version 9.5 Microsoft Windows installations with Distributed Web Server (DWS) enabled configuration contains an authentication bypass vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain admin access on the affected system.

References (2)

Core 2

Core References

Exploit, Third Party Advisory x_refsource_misc

https://www.tenable.com/security/research/tra-2021-07

Vendor Advisory x_refsource_misc

https://www.dell.com/support/kbdoc/en-us/000183670/dsa-2021-040-dell-emc-openmanage-server-administrator-omsa-security-update-for-multiple-vulnerabilities

Scores

CVSS v3 8.6

EPSS 0.0069

EPSS Percentile 71.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

Details

CWE

CWE-287

Status published

Products (1)

dell/openmanage_server_administrator < 9.4.0.3

Published Mar 02, 2021

Tracked Since Feb 18, 2026