CVE-2021-21508
Possible ATT&CK Techniques 3AI
T1078 · Valid Accounts T1528 · Steal Application Access Token T1552 · Unsecured CredentialsGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2021-21508
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Dell VxRail versions before 7.0.200 contain a Plain-text Password Storage Vulnerability in VxRail Manager. A sys-admin user may exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
通过日志文件的信息暴露
Source: NVD (National Vulnerability Database)
Vulnerability Title
Dell VxRail 日志信息泄露漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Dell VxRail是美国戴尔(Dell)公司的适用于每个 VMware 工作负载和用例(包括 VDI、计算密集型应用程序)以及在真正的混合云基础架构上托管传统和现代应用程序的单一 HCI 平台。 Dell VxRail 7.0.200之前版本存在日志信息泄露漏洞,该漏洞源于VxRail Manager中存在明文密码存储,可能导致系统管理员用户利用此漏洞泄露某些用户凭据,攻击者可能使用泄露的凭据以受损账户的权限访问易受攻击的应用程序。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2021-21508
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2021-21508
请登录查看更多情报信息。
Vendor Pages for CVE-2021-21508 (1)
- 🔗 myaccess.dell.com - Sign Invendor-advisory
Same Patch Batch · Dell · 2026-05-22 · 10 CVEs total
| CVE-2022-34363 | 6.5 MEDIUM | Dell Unisphere for PowerMax vApp 授权问题漏洞 |
| CVE-2025-26483 | 6.1 MEDIUM | Dell PowerFlex Manager 输入验证错误漏洞 |
| CVE-2022-31231 | 5.9 MEDIUM | Dell ECS 访问控制错误漏洞 |
| CVE-2025-32751 | 5.5 MEDIUM | Dell PowerFlex Manager 安全漏洞 |
| CVE-2025-32747 | 5.3 MEDIUM | Dell PowerFlex Manager 安全漏洞 |
| CVE-2025-32749 | 5.3 MEDIUM | Dell PowerFlex Manager 安全漏洞 |
| CVE-2025-32745 | 4.2 MEDIUM | Dell PowerFlex Manager 信任管理问题漏洞 |
| CVE-2025-32746 | 4.0 MEDIUM | Dell PowerFlex Manager 安全漏洞 |
| CVE-2025-46371 | 3.6 LOW | Dell PowerFlex Manager 加密问题漏洞 |
IV. Related Vulnerabilities
Same product: VxRail
Same weakness: CWE-532
- CVE-2026-40619
Security Center部分版本本地权限提升漏洞 - CVE-2026-49200
Acer Wave 7 router: Broken Access Control - CVE-2026-6720
Calicoctl leaks cluster credentials to stderr when verbose l - CVE-2026-41185
ServiceAccount token disclosure via Azure IPAM CNI plugin lo - CVE-2026-41184
ServiceAccount token disclosure via install-cni container lo
V. Comments for CVE-2021-21508
No comments yet