9.1
CVE-2019-18582
- EPSS 2.39%
- Veröffentlicht 18.03.2020 19:15:16
- Zuletzt bearbeitet 21.11.2024 04:33:20
- Quelle security_alert@emc.com
- Teams Watchlist Login
- Unerledigt Login
Dell EMC Data Protection Advisor versions 6.3, 6.4, 6.5, 18.2 versions prior to patch 83, and 19.1 versions prior to patch 71 contain a server-side template injection vulnerability in the REST API. A remote authenticated malicious user with administrative privileges may potentially exploit this vulnerability to inject malicious report generation scripts in the server. This may lead to OS command execution as the regular user runs the DPA service on the affected system.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Dell ≫ Emc Data Protection Advisor Version6.3
Dell ≫ Emc Data Protection Advisor Version6.4
Dell ≫ Emc Data Protection Advisor Version6.5
Dell ≫ Emc Data Protection Advisor Version18.1
Dell ≫ Emc Data Protection Advisor Version18.2 Update-
Dell ≫ Emc Data Protection Advisor Version19.1 Update-
Dell ≫ Emc Integrated Data Protection Appliance Firmware Version2.0
Dell ≫ Emc Idpa Dp4400 Version-
Dell ≫ Emc Idpa Dp5800 Version-
Dell ≫ Emc Idpa Dp8300 Version-
Dell ≫ Emc Idpa Dp8800 Version-
Dell ≫ Emc Idpa Dp5800 Version-
Dell ≫ Emc Idpa Dp8300 Version-
Dell ≫ Emc Idpa Dp8800 Version-
Dell ≫ Emc Integrated Data Protection Appliance Firmware Version2.1
Dell ≫ Emc Idpa Dp4400 Version-
Dell ≫ Emc Idpa Dp5800 Version-
Dell ≫ Emc Idpa Dp8300 Version-
Dell ≫ Emc Idpa Dp8800 Version-
Dell ≫ Emc Idpa Dp5800 Version-
Dell ≫ Emc Idpa Dp8300 Version-
Dell ≫ Emc Idpa Dp8800 Version-
Dell ≫ Emc Integrated Data Protection Appliance Firmware Version2.2
Dell ≫ Emc Idpa Dp4400 Version-
Dell ≫ Emc Idpa Dp5800 Version-
Dell ≫ Emc Idpa Dp8300 Version-
Dell ≫ Emc Idpa Dp8800 Version-
Dell ≫ Emc Idpa Dp5800 Version-
Dell ≫ Emc Idpa Dp8300 Version-
Dell ≫ Emc Idpa Dp8800 Version-
Dell ≫ Emc Integrated Data Protection Appliance Firmware Version2.3
Dell ≫ Emc Idpa Dp4400 Version-
Dell ≫ Emc Idpa Dp5800 Version-
Dell ≫ Emc Idpa Dp8300 Version-
Dell ≫ Emc Idpa Dp8800 Version-
Dell ≫ Emc Idpa Dp5800 Version-
Dell ≫ Emc Idpa Dp8300 Version-
Dell ≫ Emc Idpa Dp8800 Version-
Dell ≫ Emc Integrated Data Protection Appliance Firmware Version2.4
Dell ≫ Emc Idpa Dp4400 Version-
Dell ≫ Emc Idpa Dp5800 Version-
Dell ≫ Emc Idpa Dp8300 Version-
Dell ≫ Emc Idpa Dp8800 Version-
Dell ≫ Emc Idpa Dp5800 Version-
Dell ≫ Emc Idpa Dp8300 Version-
Dell ≫ Emc Idpa Dp8800 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.39% | 0.844 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 9 | 8 | 10 |
AV:N/AC:L/Au:S/C:C/I:C/A:C
|
| security_alert@emc.com | 9.1 | 2.3 | 6 |
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
|
CWE-94 Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.