8.4

CVE-2019-3747

Dell EMC Integrated Data Protection Appliance versions prior to 2.3 contain a stored cross-site scripting vulnerability. A remote malicious ACM admin user may potentially exploit this vulnerability to store malicious HTML or JavaScript code in Cloud DR add-on specific field. When victim users access the page through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application.

Data is provided by the National Vulnerability Database (NVD)
DellEmc Integrated Data Protection Appliance Firmware Version2.0
   DellEmc Idpa Dp4400 Version-
   DellEmc Idpa Dp5800 Version-
   DellEmc Idpa Dp8300 Version-
   DellEmc Idpa Dp8800 Version-
DellEmc Integrated Data Protection Appliance Firmware Version2.1
   DellEmc Idpa Dp4400 Version-
   DellEmc Idpa Dp5800 Version-
   DellEmc Idpa Dp8300 Version-
   DellEmc Idpa Dp8800 Version-
DellEmc Integrated Data Protection Appliance Firmware Version2.2
   DellEmc Idpa Dp4400 Version-
   DellEmc Idpa Dp5800 Version-
   DellEmc Idpa Dp8300 Version-
   DellEmc Idpa Dp8800 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.45% 0.608
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 4.8 1.7 2.7
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov 3.5 6.8 2.9
AV:N/AC:M/Au:S/C:N/I:P/A:N
security_alert@emc.com 8.4 1.7 6
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.