Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: SANS Internet Storm Center VEX Vulnerability Details


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
VEXID-138282
Published 2021-11-30 21:15:00
Last Modified 2021-12-01 14:08:00
AKA CVE-2021-36327
Summary Dell EMC Streaming Data Platform versions before 1.3 contain a Server Side Request Forgery Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to perform port scanning of internal networks and make HTTP requests to an arbitrary domain of the attacker's choice.
CVSS Score 5
CVSS
Access Vector Local Adjacent Network
Access Complexity Low Medium High
Authentication None Single Multiple
Confidentiality None Partial Complete
Integrity None Partial Complete
Availability None Partial Complete