CVE-2021-36318 (GCVE-0-2021-36318)

Vulnerability from cvelistv5 – Published: 2021-12-21 17:05 – Updated: 2024-09-17 02:10

Summary

Severity ?

6.7 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-532 - Information Exposure Through Log Files

Assigner

dell

References

URL

	Vendor	Product	Version
	Dell	Avamar	Affected: unspecified , < 18.2 19.1 19.2 19.3 19.4 (custom)

GSD-2021-36318

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2021-36318

Aliases

CVE-2021-36318

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-36318",
    "description": "Dell EMC Avamar versions 18.2,19.1,19.2,19.3,19.4 contain a plain-text password storage vulnerability. A high privileged user could potentially exploit this vulnerability, leading to a complete outage.",
    "id": "GSD-2021-36318"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-36318"
      ],
      "details": "Dell EMC Avamar versions 18.2,19.1,19.2,19.3,19.4 contain a plain-text password storage vulnerability. A high privileged user could potentially exploit this vulnerability, leading to a complete outage.",
      "id": "GSD-2021-36318",
      "modified": "2023-12-13T01:23:16.849980Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@dell.com",
        "DATE_PUBLIC": "2021-11-09",
        "ID": "CVE-2021-36318",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Avamar",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "18.2 19.1 19.2 19.3 19.4"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Dell"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Dell EMC Avamar versions 18.2,19.1,19.2,19.3,19.4 contain a plain-text password storage vulnerability. A high privileged user could potentially exploit this vulnerability, leading to a complete outage."
          }
        ]
      },
      "impact": {
        "cvss": {
          "baseScore": 6.7,
          "baseSeverity": "Medium",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-532: Information Exposure Through Log Files"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.dell.com/support/kbdoc/000193369",
            "refsource": "MISC",
            "url": "https://www.dell.com/support/kbdoc/000193369"
          },
          {
            "name": "GLSA-202210-09",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/202210-09"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:dell:emc_avamar_server:18.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dell:emc_avamar_server:19.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dell:emc_avamar_server:19.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dell:emc_avamar_server:19.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dell:emc_avamar_server:19.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@dell.com",
          "ID": "CVE-2021-36318"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Dell EMC Avamar versions 18.2,19.1,19.2,19.3,19.4 contain a plain-text password storage vulnerability. A high privileged user could potentially exploit this vulnerability, leading to a complete outage."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-522"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "N/A",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://www.dell.com/support/kbdoc/000193369"
            },
            {
              "name": "GLSA-202210-09",
              "refsource": "GENTOO",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202210-09"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 0.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2022-11-07T18:58Z",
      "publishedDate": "2021-12-21T17:15Z"
    }
  }
}

VAR-202111-1839

Vulnerability from variot - Updated: 2024-08-14 12:51

Dell EMC Avamar versions 18.2,19.1,19.2,19.3,19.4 contain a plain-text password storage vulnerability. A high privileged user could potentially exploit this vulnerability, leading to a complete outage. Dell EMC Avamar There are vulnerabilities in inadequate protection of credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202210-09

                                       https://security.gentoo.org/

Severity: Normal Title: Rust: Multiple Vulnerabilities Date: October 16, 2022 Bugs: #870166, #831638, #821157, #807052, #782367 ID: 202210-09

Synopsis

Multiple vulnerabilities have been discovered in Rust, the worst of which could result in denial of service.

Background

A systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 dev-lang/rust < 1.63.0-r1 >= 1.63.0-r1 2 dev-lang/rust-bin < 1.64.0 >= 1.64.0

Description

Multiple vulnerabilities have been discovered in Rust. Please review the CVE identifiers referenced below for details.

Impact

Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.

Resolution

All Rust users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">\xdev-lang/rust-1.63.0-r1"

All Rust binary users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">\xdev-lang/rust-bin-1.64.0"

In addition, users using Portage 3.0.38 or later should ensure that packages with Rust binaries have no vulnerable code statically linked into their binaries by rebuilding the @rust-rebuild set:

# emerge --ask --oneshot --verbose @rust-rebuild

References

[ 1 ] CVE-2021-28875 https://nvd.nist.gov/vuln/detail/CVE-2021-28875 [ 2 ] CVE-2021-28876 https://nvd.nist.gov/vuln/detail/CVE-2021-28876 [ 3 ] CVE-2021-28877 https://nvd.nist.gov/vuln/detail/CVE-2021-28877 [ 4 ] CVE-2021-28878 https://nvd.nist.gov/vuln/detail/CVE-2021-28878 [ 5 ] CVE-2021-28879 https://nvd.nist.gov/vuln/detail/CVE-2021-28879 [ 6 ] CVE-2021-29922 https://nvd.nist.gov/vuln/detail/CVE-2021-29922 [ 7 ] CVE-2021-31162 https://nvd.nist.gov/vuln/detail/CVE-2021-31162 [ 8 ] CVE-2021-36317 https://nvd.nist.gov/vuln/detail/CVE-2021-36317 [ 9 ] CVE-2021-36318 https://nvd.nist.gov/vuln/detail/CVE-2021-36318 [ 10 ] CVE-2021-42574 https://nvd.nist.gov/vuln/detail/CVE-2021-42574 [ 11 ] CVE-2021-42694 https://nvd.nist.gov/vuln/detail/CVE-2021-42694 [ 12 ] CVE-2022-21658 https://nvd.nist.gov/vuln/detail/CVE-2022-21658 [ 13 ] CVE-2022-36113 https://nvd.nist.gov/vuln/detail/CVE-2022-36113 [ 14 ] CVE-2022-36114 https://nvd.nist.gov/vuln/detail/CVE-2022-36114

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/202210-09

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202111-1839",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "emc avamar server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "dell",
        "version": "18.2"
      },
      {
        "model": "emc avamar server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "dell",
        "version": "19.1"
      },
      {
        "model": "emc avamar server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "dell",
        "version": "19.4"
      },
      {
        "model": "emc avamar server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "dell",
        "version": "19.2"
      },
      {
        "model": "emc avamar server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "dell",
        "version": "19.3"
      },
      {
        "model": "dell emc avamar server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30c7\u30eb",
        "version": null
      },
      {
        "model": "dell emc avamar server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30c7\u30eb",
        "version": "18.2"
      },
      {
        "model": "dell emc avamar server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30c7\u30eb",
        "version": "19.2"
      },
      {
        "model": "dell emc avamar server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30c7\u30eb",
        "version": "19.1"
      },
      {
        "model": "dell emc avamar server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30c7\u30eb",
        "version": "19.3"
      },
      {
        "model": "dell emc avamar server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30c7\u30eb",
        "version": "19.4"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-017061"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-36318"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Gentoo",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "168756"
      }
    ],
    "trust": 0.1
  },
  "cve": "CVE-2021-36318",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "CVE-2021-36318",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.9,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "VHN-398202",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 0.8,
            "id": "CVE-2021-36318",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "trust": 2.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "OTHER",
            "availabilityImpact": "High",
            "baseScore": 6.7,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2021-017061",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "High",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2021-36318",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "security_alert@emc.com",
            "id": "CVE-2021-36318",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2021-36318",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202111-976",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-398202",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2021-36318",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-398202"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-36318"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-017061"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202111-976"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-36318"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-36318"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Dell EMC Avamar versions 18.2,19.1,19.2,19.3,19.4 contain a plain-text password storage vulnerability. A high privileged user could potentially exploit this vulnerability, leading to a complete outage. Dell EMC Avamar There are vulnerabilities in inadequate protection of credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 202210-09\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: Rust: Multiple Vulnerabilities\n     Date: October 16, 2022\n     Bugs: #870166, #831638, #821157, #807052, #782367\n       ID: 202210-09\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Rust, the worst of\nwhich could result in denial of service. \n\nBackground\n=========\nA systems programming language that runs blazingly fast, prevents\nsegfaults, and guarantees thread safety. \n\nAffected packages\n================\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  dev-lang/rust              \u003c 1.63.0-r1              \u003e= 1.63.0-r1\n  2  dev-lang/rust-bin          \u003c 1.64.0                    \u003e= 1.64.0\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Rust. Please review the\nCVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Rust users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e\\xdev-lang/rust-1.63.0-r1\"\n\nAll Rust binary users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e\\xdev-lang/rust-bin-1.64.0\"\n\nIn addition, users using Portage 3.0.38 or later should ensure that\npackages with Rust binaries have no vulnerable code statically linked\ninto their binaries by rebuilding the @rust-rebuild set:\n\n  # emerge --ask --oneshot --verbose @rust-rebuild\n\nReferences\n=========\n[ 1 ] CVE-2021-28875\n      https://nvd.nist.gov/vuln/detail/CVE-2021-28875\n[ 2 ] CVE-2021-28876\n      https://nvd.nist.gov/vuln/detail/CVE-2021-28876\n[ 3 ] CVE-2021-28877\n      https://nvd.nist.gov/vuln/detail/CVE-2021-28877\n[ 4 ] CVE-2021-28878\n      https://nvd.nist.gov/vuln/detail/CVE-2021-28878\n[ 5 ] CVE-2021-28879\n      https://nvd.nist.gov/vuln/detail/CVE-2021-28879\n[ 6 ] CVE-2021-29922\n      https://nvd.nist.gov/vuln/detail/CVE-2021-29922\n[ 7 ] CVE-2021-31162\n      https://nvd.nist.gov/vuln/detail/CVE-2021-31162\n[ 8 ] CVE-2021-36317\n      https://nvd.nist.gov/vuln/detail/CVE-2021-36317\n[ 9 ] CVE-2021-36318\n      https://nvd.nist.gov/vuln/detail/CVE-2021-36318\n[ 10 ] CVE-2021-42574\n      https://nvd.nist.gov/vuln/detail/CVE-2021-42574\n[ 11 ] CVE-2021-42694\n      https://nvd.nist.gov/vuln/detail/CVE-2021-42694\n[ 12 ] CVE-2022-21658\n      https://nvd.nist.gov/vuln/detail/CVE-2022-21658\n[ 13 ] CVE-2022-36113\n      https://nvd.nist.gov/vuln/detail/CVE-2022-36113\n[ 14 ] CVE-2022-36114\n      https://nvd.nist.gov/vuln/detail/CVE-2022-36114\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202210-09\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-36318"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-017061"
      },
      {
        "db": "VULHUB",
        "id": "VHN-398202"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-36318"
      },
      {
        "db": "PACKETSTORM",
        "id": "168756"
      }
    ],
    "trust": 1.89
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-36318",
        "trust": 3.5
      },
      {
        "db": "PACKETSTORM",
        "id": "168756",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-017061",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202111-976",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-398202",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-36318",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-398202"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-36318"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-017061"
      },
      {
        "db": "PACKETSTORM",
        "id": "168756"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202111-976"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-36318"
      }
    ]
  },
  "id": "VAR-202111-1839",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-398202"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-08-14T12:51:08.210000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "DSA-2021-204",
        "trust": 0.8,
        "url": "https://www.dell.com/support/kbdoc/000193369"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-017061"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-522",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-532",
        "trust": 1.1
      },
      {
        "problemtype": "Inadequate protection of credentials (CWE-522) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-398202"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-017061"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-36318"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "https://security.gentoo.org/glsa/202210-09"
      },
      {
        "trust": 1.8,
        "url": "https://www.dell.com/support/kbdoc/000193369"
      },
      {
        "trust": 1.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-36318"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/168756/gentoo-linux-security-advisory-202210-09.html"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/dell-emc-avamar-three-vulnerabilities-36846"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/522.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21658"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-29922"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-28877"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-28876"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-36317"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-36113"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-28878"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-28875"
      },
      {
        "trust": 0.1,
        "url": "https://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-28879"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-42574"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-42694"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-36114"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-31162"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-398202"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-36318"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-017061"
      },
      {
        "db": "PACKETSTORM",
        "id": "168756"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202111-976"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-36318"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-398202"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-36318"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-017061"
      },
      {
        "db": "PACKETSTORM",
        "id": "168756"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202111-976"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-36318"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-12-21T00:00:00",
        "db": "VULHUB",
        "id": "VHN-398202"
      },
      {
        "date": "2021-12-21T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-36318"
      },
      {
        "date": "2022-12-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-017061"
      },
      {
        "date": "2022-10-17T15:13:47",
        "db": "PACKETSTORM",
        "id": "168756"
      },
      {
        "date": "2021-11-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202111-976"
      },
      {
        "date": "2021-12-21T17:15:08.100000",
        "db": "NVD",
        "id": "CVE-2021-36318"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-11-07T00:00:00",
        "db": "VULHUB",
        "id": "VHN-398202"
      },
      {
        "date": "2022-01-05T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-36318"
      },
      {
        "date": "2022-12-28T05:46:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-017061"
      },
      {
        "date": "2022-10-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202111-976"
      },
      {
        "date": "2022-11-07T18:58:49.097000",
        "db": "NVD",
        "id": "CVE-2021-36318"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202111-976"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Dell\u00a0EMC\u00a0Avamar\u00a0 Vulnerability regarding insufficient protection of authentication information in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-017061"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "log information leak",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202111-976"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2021-36318

Vulnerability from fkie_nvd - Published: 2021-12-21 17:15 - Updated: 2024-11-21 06:13

Severity ?

6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
security_alert@emc.com	https://security.gentoo.org/glsa/202210-09	Third Party Advisory
security_alert@emc.com	https://www.dell.com/support/kbdoc/000193369	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202210-09	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.dell.com/support/kbdoc/000193369	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
dell	emc_avamar_server	18.2
dell	emc_avamar_server	19.1
dell	emc_avamar_server	19.2
dell	emc_avamar_server	19.3
dell	emc_avamar_server	19.4

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:dell:emc_avamar_server:18.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "52BE822E-6FD6-4FC8-9DFC-A4073D31B58C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dell:emc_avamar_server:19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D055384E-1362-43FC-BD4C-9FAED912FE1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dell:emc_avamar_server:19.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB61C3E2-E97A-48FA-BECE-3593B77C1386",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dell:emc_avamar_server:19.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7FEBC8A-A479-4684-A870-19E5046EA3B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dell:emc_avamar_server:19.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC33D28B-F305-47AB-84DE-40A2DCB956AE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Dell EMC Avamar versions 18.2,19.1,19.2,19.3,19.4 contain a plain-text password storage vulnerability. A high privileged user could potentially exploit this vulnerability, leading to a complete outage."
    },
    {
      "lang": "es",
      "value": "Dell EMC Avamar versiones 18.2,19.1,19.2,19.3,19.4, contienen una vulnerabilidad de almacenamiento de contrase\u00f1as en texto plano. Un usuario con muchos privilegios podr\u00eda explotar esta vulnerabilidad, conllevando a una interrupci\u00f3n completa"
    }
  ],
  "id": "CVE-2021-36318",
  "lastModified": "2024-11-21T06:13:29.317",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 5.9,
        "source": "security_alert@emc.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-12-21T17:15:08.100",
  "references": [
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202210-09"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.dell.com/support/kbdoc/000193369"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202210-09"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.dell.com/support/kbdoc/000193369"
    }
  ],
  "sourceIdentifier": "security_alert@emc.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-532"
        }
      ],
      "source": "security_alert@emc.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-522"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-R96M-RQ4F-96V2

Vulnerability from github – Published: 2021-12-22 00:00 – Updated: 2022-10-16 19:00

Details

Severity ?

6.7 (Medium)


                  
                    CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-36318"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-522",
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-12-21T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Dell EMC Avamar versions 18.2,19.1,19.2,19.3,19.4 contain a plain-text password storage vulnerability. A high privileged user could potentially exploit this vulnerability, leading to a complete outage.",
  "id": "GHSA-r96m-rq4f-96v2",
  "modified": "2022-10-16T19:00:30Z",
  "published": "2021-12-22T00:00:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36318"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202210-09"
    },
    {
      "type": "WEB",
      "url": "https://www.dell.com/support/kbdoc/000193369"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-36318 (GCVE-0-2021-36318)

GSD-2021-36318

VAR-202111-1839

Synopsis

Background

Affected packages

Description

Impact

Workaround

Resolution

References

Availability

Concerns?

License

FKIE_CVE-2021-36318

GHSA-R96M-RQ4F-96V2

Tags

Sightings

Nomenclature