CVE-2018-9079

EPSS 0.54%
Published 28.09.2018 20:29:01
Last modified 21.11.2024 04:14:55
Source psirt@lenovo.com
Teams watchlist Login
Open Login

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, adversaries can craft URLs to modify the Document Object Model (DOM) of the page. In addition, adversaries can inject HTML script tags and HTML tags with JavaScript handlers to execute arbitrary JavaScript with the origin of the device.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Lenovo ≫ Storcenter Px12-450r Firmware Version4.1.402.34662

Lenovo ≫ Storcenter Px12-450r Version-

Lenovo ≫ Storcenter Px12-400r Firmware Version4.1.402.34662

Lenovo ≫ Storcenter Px12-400r Version-

Lenovo ≫ Storcenter Px4-300r Firmware Version4.1.402.34662

Lenovo ≫ Storcenter Px4-300r Version-

Lenovo ≫ Storcenter Px6-300d Firmware Version4.1.402.34662

Lenovo ≫ Storcenter Px6-300d Version-

Lenovo ≫ Storcenter Px4-300d Firmware Version4.1.402.34662

Lenovo ≫ Storcenter Px4-300d Version-

Lenovo ≫ Storcenter Px2-300d Firmware Version4.1.402.34662

Lenovo ≫ Storcenter Px2-300d Version-

Lenovo ≫ Storcenter Ix4-300d Firmware Version4.1.402.34662

Lenovo ≫ Storcenter Ix4-300d Version-

Lenovo ≫ Storcenter Ix2 Firmware Version4.1.402.34662

Lenovo ≫ Storcenter Ix2 Version-

Lenovo ≫ Storcenter Ix2-dl Firmware Version4.1.402.34662

Lenovo ≫ Storcenter Ix2-dl Version-

Lenovo ≫ Ez Media & Backup Center Firmware Version4.1.402.34662

Lenovo ≫ Ez Media & Backup Center Version-

Lenovo ≫ Px12-450r Firmware Version4.1.402.34662

Lenovo ≫ Px12-450r Version-

Lenovo ≫ Px12-400r Firmware Version4.1.402.34662

Lenovo ≫ Px12-400r Version-

Lenovo ≫ Px4-400r Firmware Version4.1.402.34662

Lenovo ≫ Px4-400r Version-

Lenovo ≫ Px4-300r Firmware Version4.1.402.34662

Lenovo ≫ Px4-300r Version-

Lenovo ≫ Px6-300d Firmware Version4.1.402.34662

Lenovo ≫ Px6-300d Version-

Lenovo ≫ Px4-400d Firmware Version4.1.402.34662

Lenovo ≫ Px4-400d Version-

Lenovo ≫ Px4-300d Firmware Version4.1.402.34662

Lenovo ≫ Px4-300d Version-

Lenovo ≫ Px2-300d Firmware Version4.1.402.34662

Lenovo ≫ Px2-300d Version-

Lenovo ≫ Ix4-300d Firmware Version4.1.402.34662

Lenovo ≫ Ix4-300d Version-

Lenovo ≫ Ix2 Firmware Version4.1.402.34662

Lenovo ≫ Ix2 Version-

Lenovo ≫ Ez Media & Backup Center Firmware Version4.1.402.34662

Lenovo ≫ Ez Media & Backup Center Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.54%	0.65

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://support.lenovo.com/us/en/solutions/LEN-24224

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-9079

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-9079

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-9079

EUVD