VYPR

iDRAC9

by Dell

CVEs (31)

  • CVE-2020-26198MedDec 16, 2020
    risk 0.40cvss 6.1epss 0.01

    Dell EMC iDRAC9 versions prior to 4.32.10.00 and 4.40.00.00 contain a reflected cross-site scripting vulnerability in the iDRAC9 web application. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript in a victim’s browser by…

  • CVE-2021-21540MedApr 30, 2021
    risk 0.38cvss 5.9epss 0.01

    Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a stack-based overflow vulnerability. A remote authenticated attacker could potentially exploit this vulnerability to overwrite configuration information by injecting arbitrarily large payload.

  • CVE-2021-21539MedApr 30, 2021
    risk 0.38cvss 5.9epss 0.01

    Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a Time-of-check Time-of-use (TOCTOU) race condition vulnerability. A remote authenticated attacker could potentially exploit this vulnerability to gain elevated privileges when a user with higher privileges is simultaneously…

  • CVE-2025-26482MedSep 25, 2025
    risk 0.32cvss 4.9epss 0.00

    Dell PowerEdge Server BIOS and Dell iDRAC9, all versions, contains an Information Disclosure vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information Disclosure.

  • CVE-2021-21543MedApr 30, 2021
    risk 0.31cvss 4.8epss 0.01

    Dell EMC iDRAC9 versions prior to 4.40.00.00 contain multiple stored cross-site scripting vulnerabilities. A remote authenticated malicious user with high privileges could potentially exploit these vulnerabilities to store malicious HTML or JavaScript code through multiple…

  • CVE-2021-21542MedApr 30, 2021
    risk 0.31cvss 4.8epss 0.00

    Dell EMC iDRAC9 versions prior to 4.40.10.00 contain multiple stored cross-site scripting vulnerabilities. A remote authenticated malicious user with high privileges could potentially exploit these vulnerabilities to store malicious HTML or JavaScript code through multiple…

  • CVE-2021-21580MedAug 3, 2021
    risk 0.28cvss 4.3epss 0.01

    Dell EMC iDRAC8 versions prior to 2.80.80.80 & Dell EMC iDRAC9 versions prior to 5.00.00.00 contain a Content spoofing / Text injection, where a malicious URL can inject text to present a customized message on the application that can phish users into believing that the message…

  • CVE-2019-3764MedNov 7, 2019
    risk 0.28cvss 4.3epss 0.01

    Dell EMC iDRAC7 versions prior to 2.65.65.65, iDRAC8 versions prior to 2.70.70.70 and iDRAC9 versions prior to 3.36.36.36 contain an improper authorization vulnerability. A remote authenticated malicious iDRAC user with low privileges may potentially exploit this vulnerability…

  • CVE-2018-15774LowDec 13, 2018
    risk 0.25cvss 3.8epss 0.01

    Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22, and 3.23.23.23 contain a privilege escalation vulnerability. An authenticated malicious iDRAC user with operator privileges could potentially exploit a…

  • CVE-2022-34435LowJan 18, 2023
    risk 0.18cvss 2.7epss 0.01

    Dell iDRAC9 version 6.00.02.00 and prior contain an improper input validation vulnerability in Racadm when the firmware lock-down configuration is set. A remote high privileged attacker could exploit this vulnerability to bypass the firmware lock-down configuration and perform…

  • CVE-2021-21544LowApr 30, 2021
    risk 0.18cvss 2.7epss 0.01

    Dell EMC iDRAC9 versions prior to 4.40.00.00 contain an improper authentication vulnerability. A remote authenticated malicious user with high privileges could potentially exploit this vulnerability to manipulate the username field under the comment section and set the value to…

Page 2 of 2