Cross-Site WebSocket Hijacking Vulnerability in Dell EMC PowerFlex Presentation Server/WebUI

Cross-Site WebSocket Hijacking Vulnerability in Dell EMC PowerFlex Presentation Server/WebUI

CVE-2021-21588 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Dell EMC PowerFlex, v3.5.x contain a Cross-Site WebSocket Hijacking Vulnerability in the Presentation Server/WebUI. An unauthenticated attacker could potentially exploit this vulnerability by tricking the user into performing unwanted actions on the Presentation Server and perform which may lead to configuration changes.

Learn more about our Web App Pen Testing.