CVE-2021-21514

MEDIUM

Dell EMC OpenManage Server Administrator < 9.5.0 - Authenticated Path Traversal via URL Request

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-21514. PoCs published by und3sc0n0c1d0.

AI-analyzed exploit summary This repository contains a functional Python script that exploits arbitrary file read vulnerabilities in Dell OpenManage Server Administrator (OMSA) by leveraging authentication bypass and path traversal techniques. The script tests for multiple CVEs (CVE-2016-4004, CVE-2020-5377, CVE-2021-21514) and retrieves file contents from the target system.

Description

Dell EMC OpenManage Server Administrator (OMSA) versions 9.5 and prior contain a path traversal vulnerability. A remote user with admin privileges could potentially exploit this vulnerability to view arbitrary files on the target system by sending a specially crafted URL request.

Exploits (1)

nomisec WORKING POC 2 stars
by und3sc0n0c1d0 · poc
https://github.com/und3sc0n0c1d0/AFR-in-OMSA

This repository contains a functional Python script that exploits arbitrary file read vulnerabilities in Dell OpenManage Server Administrator (OMSA) by leveraging authentication bypass and path traversal techniques. The script tests for multiple CVEs (CVE-2016-4004, CVE-2020-5377, CVE-2021-21514) and retrieves file contents from the target system.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Dell OpenManage Server Administrator (OMSA)
Auth required
Prerequisites: Network access to target OMSA instance · Valid credentials for authentication
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Scores

CVSS v3 4.9
EPSS 0.0536
EPSS Percentile 91.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-22
Status published
Products (1)
dell/openmanage_server_administrator < 9.5.0
Published Mar 02, 2021
Tracked Since Feb 18, 2026