What is CVE-2021-36349?

CVE-2021-36349 is a medium-severity vulnerability in Dell Data Protection Central, classified under Server-Side Request Forgery (SSRF). CVSS score: 4.3/10. Published 2022-01-24.

How severe is CVE-2021-36349?

Medium severity. CVSS v3 base score is 4.3 out of 10.

SSRF in Dell Data Protection Central

CVE-2021-36349

Dell EMC Data Protection Central versions 19.5 and prior contain a Server Side Request Forgery vulnerability in the DPC DNS client processing. A remote malicious user could potentially exploit this vulnerability, allowing port scanning of…

Vulnerability class: SSRF (Server-Side Request Forgery)

EPSS: 0.001 (32.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N.

Affected products

Dell Data Protection Central — versions unspecified

Weakness classification (CWE)

CWE-918 — Server-Side Request Forgery (SSRF)

References

www.dell.com/support/kbdoc/000195103 (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-36349?: CVE-2021-36349 is a medium-severity vulnerability in Dell Data Protection Central, classified under Server-Side Request Forgery (SSRF). CVSS score: 4.3/10. Published 2022-01-24.
How severe is CVE-2021-36349?: Medium severity. CVSS v3 base score is 4.3 out of 10.