Description
Dell iDRAC9 versions 4.40.00.00 and later, but prior to 4.40.29.00 and 5.00.00.00 contain an SQL injection vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to cause information disclosure or denial of service by supplying specially crafted input data to the affected application.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://support.emc.com/kb/000191229
Scores
CVSS v3
7.1
EPSS
0.0192
EPSS Percentile
83.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
Details
CWE
CWE-89
Status
published
Products (2)
dell/emc_idrac9_firmware
5.00.00.00
dell/emc_idrac9_firmware
4.40.00.00 - 4.40.29.00
Published
Nov 23, 2021
Tracked Since
Feb 18, 2026