CVE-2021-36299
CVE-2021-36299
In short
Dell iDRAC9 has a SQL injection flaw that allows low-privilege users who are already logged in to manipulate database queries by sending specially crafted input, potentially exposing sensitive information or crashing the system.
Technical detail
SQL injection vulnerability (CWE-89) in Dell iDRAC9 4.40.00.00 through 4.40.28.xx and versions before 5.00.00.00 allows authenticated remote attackers with low privileges to inject malicious SQL commands through application input fields, resulting in unauthorized information disclosure or denial of service via database manipulation.
Summary generated and translated by AI from the official description.
Dell iDRAC9 versions 4.40.00.00 and later, but prior to 4.40.29.00 and 5.00.00.00 contain an SQL injection vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to cause information disclosure or denial of service by supplying specially crafted input data to the affected application.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
Affected products
Dell · Integrated Dell Remote Access Controller (iDRAC)Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://support.emc.com/kb/000191229