Lucene search

DellCVE-2019-18588

HistoryJan 10, 2020 - 7:15 p.m.

CVE-2019-18588

2020-01-1019:15:11

CWE-79

dell

web.nvd.nist.gov

102

dell emc

unisphere

powermax

xss

vulnerability

authenticated user

javascript code

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

22.7%

JSON

Dell EMC Unisphere for PowerMax versions prior to 9.1.0.9, Dell EMC Unisphere for PowerMax versions prior to 9.0.2.16, and Dell EMC PowerMax OS 5978.221.221 and 5978.479.479 contain a Cross-Site Scripting (XSS) vulnerability. An authenticated malicious user may potentially exploit this vulnerability to inject javascript code and affect other authenticated users’ sessions.

Affected configurations

Nvd

Vulners

Node

dellemc_powermaxMatch5978.221.221

dellemc_powermaxMatch5978.479.479

dellemc_unisphere_for_powermaxRange<9.0.2.16

dellemc_unisphere_for_powermaxRange9.1.0.0–9.1.0.9

VendorProductVersionCPE
dellemc_powermax5978.221.221cpe:2.3:a:dell:emc_powermax:5978.221.221:*:*:*:*:*:*:*
dellemc_powermax5978.479.479cpe:2.3:a:dell:emc_powermax:5978.479.479:*:*:*:*:*:*:*
dellemc_unisphere_for_powermax*cpe:2.3:a:dell:emc_unisphere_for_powermax:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dell	emc_powermax	5978.221.221	cpe:2.3:a:dell:emc_powermax:5978.221.221:::::::*
dell	emc_powermax	5978.479.479	cpe:2.3:a:dell:emc_powermax:5978.479.479:::::::*
dell	emc_unisphere_for_powermax	*	cpe:2.3:a:dell:emc_unisphere_for_powermax::::::::

CNA Affected

[
  {
    "product": "Unisphere for PowerMax",
    "vendor": "Dell",
    "versions": [
      {
        "lessThan": "9.1.0.9 and 9.0.2.16",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.dell.com/support/security/en-us/details/539808/DSA-2019-193-Dell-EMC-Unisphere-for-PowerMax-and-Dell-EMC-PowerMax-Embedded-Management-Cross-Site

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

22.7%

JSON

Related for CVE-2019-18588