CVE-2019-18588

EPSS 0.53%
Veröffentlicht 10.01.2020 19:15:11
Zuletzt bearbeitet 21.11.2024 04:33:20
Quelle security_alert@emc.com
Teams Watchlist Login
Unerledigt Login

Dell EMC Unisphere for PowerMax versions prior to 9.1.0.9, Dell EMC Unisphere for PowerMax versions prior to 9.0.2.16, and Dell EMC PowerMax OS 5978.221.221 and 5978.479.479 contain a Cross-Site Scripting (XSS) vulnerability. An authenticated malicious user may potentially exploit this vulnerability to inject javascript code and affect other authenticated users' sessions.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Dell ≫ Emc Powermax Version5978.221.221

Dell ≫ Emc Powermax Version5978.479.479

Dell ≫ Emc Unisphere For Powermax Version < 9.0.2.16

Dell ≫ Emc Unisphere For Powermax Version >= 9.1.0.0 < 9.1.0.9

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.53%	0.657

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.4	2.3	2.7	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov	3.5	6.8	2.9	AV:N/AC:M/Au:S/C:N/I:P/A:N
security_alert@emc.com	9	2.3	6	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://www.dell.com/support/security/en-us/details/539808/DSA-2019-193-Dell-EMC-Unisphere-for-PowerMax-and-Dell-EMC-PowerMax-Embedded-Management-Cross-Site

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-18588

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-18588

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-18588

EUVD