CVE-2018-9081

EPSS 0.3%
Veröffentlicht 28.09.2018 20:29:01
Zuletzt bearbeitet 21.11.2024 04:14:56
Quelle psirt@lenovo.com
CVE-Watchlists
Login
Unerledigt
Login

Iomega and LenovoEMC NAS Web UI Vulnerabilities

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file name used for assets accessible through the Content Viewer application are vulnerable to self cross-site scripting self-XSS. As a result, adversaries can add files to shares accessible from the Content Viewer with a cross site scripting payload in its name, and wait for a user to try and rename the file for their payload to trigger.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 21 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Lenovo ≫ Storcenter Px12-450r Firmware Version4.1.402.34662

Lenovo ≫ Storcenter Px12-450r Version-

Lenovo ≫ Storcenter Px12-400r Firmware Version4.1.402.34662

Lenovo ≫ Storcenter Px12-400r Version-

Lenovo ≫ Storcenter Px4-300r Firmware Version4.1.402.34662

Lenovo ≫ Storcenter Px4-300r Version-

Lenovo ≫ Storcenter Px6-300d Firmware Version4.1.402.34662

Lenovo ≫ Storcenter Px6-300d Version-

Lenovo ≫ Storcenter Px4-300d Firmware Version4.1.402.34662

Lenovo ≫ Storcenter Px4-300d Version-

Lenovo ≫ Storcenter Px2-300d Firmware Version4.1.402.34662

Lenovo ≫ Storcenter Px2-300d Version-

Lenovo ≫ Storcenter Ix4-300d Firmware Version4.1.402.34662

Lenovo ≫ Storcenter Ix4-300d Version-

Lenovo ≫ Storcenter Ix2 Firmware Version4.1.402.34662

Lenovo ≫ Storcenter Ix2 Version-

Lenovo ≫ Storcenter Ix2-dl Firmware Version4.1.402.34662

Lenovo ≫ Storcenter Ix2-dl Version-

Lenovo ≫ Ez Media & Backup Center Firmware Version4.1.402.34662

Lenovo ≫ Ez Media & Backup Center Version-

Lenovo ≫ Px12-450r Firmware Version4.1.402.34662

Lenovo ≫ Px12-450r Version-

Lenovo ≫ Px12-400r Firmware Version4.1.402.34662

Lenovo ≫ Px12-400r Version-

Lenovo ≫ Px4-400r Firmware Version4.1.402.34662

Lenovo ≫ Px4-400r Version-

Lenovo ≫ Px4-300r Firmware Version4.1.402.34662

Lenovo ≫ Px4-300r Version-

Lenovo ≫ Px6-300d Firmware Version4.1.402.34662

Lenovo ≫ Px6-300d Version-

Lenovo ≫ Px4-400d Firmware Version4.1.402.34662

Lenovo ≫ Px4-400d Version-

Lenovo ≫ Px4-300d Firmware Version4.1.402.34662

Lenovo ≫ Px4-300d Version-

Lenovo ≫ Px2-300d Firmware Version4.1.402.34662

Lenovo ≫ Px2-300d Version-

Lenovo ≫ Ix4-300d Firmware Version4.1.402.34662

Lenovo ≫ Ix4-300d Version-

Lenovo ≫ Ix2 Firmware Version4.1.402.34662

Lenovo ≫ Ix2 Version-

Lenovo ≫ Ez Media & Backup Center Firmware Version4.1.402.34662

Lenovo ≫ Ez Media & Backup Center Version-

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.3%	0.503

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.7	1.6	2.7	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov	2.6	4.9	2.9	AV:N/AC:H/Au:N/C:N/I:P/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://support.lenovo.com/us/en/solutions/LEN-24224

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-9081

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-9081

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-9081

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2018-9081