Lucene search

[email protected]CVE-2015-0513

HistoryJan 21, 2015 - 3:17 p.m.

CVE-2015-0513

2015-01-2115:17:11

CWE-79

[email protected]

web.nvd.nist.gov

cve-2015-0513

cross-site scripting

xss

emc m&r

vipr srm

security vulnerability

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

34.7%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the administrative user interface in EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging privileged access to set crafted values of unspecified fields.

Affected configurations

NVD

Node

emcwatch4netRange≤6.5

Node

emcvipr_srmRange≤3.6.0

VendorProductVersionCPE
emcwatch4netcpe:/a:emc:watch4net::::

Vendor	Product	Version	CPE
emc	watch4net		cpe:/a:emc:watch4net::::

References

archives.neohapsis.com/archives/bugtraq/2015-01/0092.html

www.securityfocus.com/bid/72259

www.securitytracker.com/id/1031567

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

34.7%

JSON

Related for CVE-2015-0513

prion1 zdt3 packetstorm3 securityvulns5 nvd1 cvelist1 openvas1