Total
5 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-36330 | 1 Dell | 1 Emc Streaming Data Platform | 2021-12-02 | 7.5 HIGH | 9.8 CRITICAL |
Dell EMC Streaming Data Platform versions before 1.3 contain an Insufficient Session Expiration Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to reuse old session artifacts to impersonate a legitimate user. | |||||
CVE-2021-36329 | 1 Dell | 1 Emc Streaming Data Platform | 2021-12-02 | 4.0 MEDIUM | 6.5 MEDIUM |
Dell EMC Streaming Data Platform versions before 1.3 contain an Indirect Object Reference Vulnerability. A remote malicious user may potentially exploit this vulnerability to gain sensitive information. | |||||
CVE-2021-36328 | 1 Dell | 1 Emc Streaming Data Platform | 2021-12-01 | 6.5 MEDIUM | 8.8 HIGH |
Dell EMC Streaming Data Platform versions before 1.3 contain a SQL Injection Vulnerability. A remote malicious user may potentially exploit this vulnerability to execute SQL commands to perform unauthorized actions and retrieve sensitive information from the database. | |||||
CVE-2021-36327 | 1 Dell | 1 Emc Streaming Data Platform | 2021-12-01 | 5.0 MEDIUM | 5.3 MEDIUM |
Dell EMC Streaming Data Platform versions before 1.3 contain a Server Side Request Forgery Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to perform port scanning of internal networks and make HTTP requests to an arbitrary domain of the attacker's choice. | |||||
CVE-2021-36326 | 1 Dell | 1 Emc Streaming Data Platform | 2021-12-01 | 4.3 MEDIUM | 6.5 MEDIUM |
Dell EMC Streaming Data Platform, versions prior to 1.3 contain an SSL Strip Vulnerability in the User Interface (UI). A remote unauthenticated attacker could potentially exploit this vulnerability, leading to a downgrade in the communications between the client and server into an unencrypted format. |