CVE-2021-36299

HIGH

Dell iDRAC9 <4.40.29.00-5.00.00.00 - SQL Injection

Title source: llm
STIX 2.1

Description

Dell iDRAC9 versions 4.40.00.00 and later, but prior to 4.40.29.00 and 5.00.00.00 contain an SQL injection vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to cause information disclosure or denial of service by supplying specially crafted input data to the affected application.

References (1)

Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://support.emc.com/kb/000191229

Scores

CVSS v3 7.1
EPSS 0.2963
EPSS Percentile 98.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L

Details

CWE
CWE-89
Status published
Products (2)
dell/emc_idrac9_firmware 5.00.00.00
dell/emc_idrac9_firmware 4.40.00.00 - 4.40.29.00
Published Nov 23, 2021
Tracked Since Feb 18, 2026