Lucene search

[email protected]CVE-2009-1798

HistoryOct 03, 2022 - 4:23 p.m.

CVE-2009-1798

2022-10-0316:23:59

CWE-79

[email protected]

web.nvd.nist.gov

cve

2009

1798

xss

vulnerabilities

apc

switched rack pdu

nmc

network management card

web script

html

remote attackers

6 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

75.1%

JSON

Multiple cross-site scripting (XSS) vulnerabilities on the Network Management Card (NMC) on American Power Conversion (APC) Switched Rack PDU (aka Rack Mount Power Distribution) devices and other devices allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the login_username vector for Forms/login1 is already covered by CVE-2009-4406.

Affected configurations

NVD

Node

apcnetwork_management_card

AND

apcswitched_rack_pdu

CPENameOperatorVersion
apc:network_management_cardapc network management cardeq*
apc:switched_rack_pduapc switched rack pdueq*

CPE	Name	Operator	Version
apc:network_management_card	apc network management card	eq	*
apc:switched_rack_pdu	apc switched rack pdu	eq	*

References

holisticinfosec.org/content/view/111/45/

nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=10887

secunia.com/advisories/37744

www.kb.cert.org/vuls/id/166739

6 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

75.1%

JSON

Related for CVE-2009-1798

cvelist2 prion2 nvd2 cert1 cve1