CVE-2021-21544

LOW

Dell EMC iDRAC9 < 4.40.00.00 - Authenticated Username Manipulation via Comment Section

Title source: llm
STIX 2.1

Description

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain an improper authentication vulnerability. A remote authenticated malicious user with high privileges could potentially exploit this vulnerability to manipulate the username field under the comment section and set the value to any user.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.dell.com/support/kbdoc/000185293

Scores

CVSS v3 2.7
EPSS 0.0092
EPSS Percentile 55.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

Details

CWE
CWE-287 CWE-602
Status published
Products (1)
dell/idrac9_firmware < 4.40.00.00
Published Apr 30, 2021
Tracked Since Feb 18, 2026