Lucene search

[email protected]CVE-2022-33935

HistoryAug 30, 2022 - 9:15 p.m.

CVE-2022-33935

2022-08-3021:15:08

CWE-79

[email protected]

web.nvd.nist.gov

dell emc

data protection advisor

cve-2022-33935

stored cross site scripting

information disclosure

session theft

client-side request forgery

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

5.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.8%

JSON

Dell EMC Data Protection Advisor versions 19.6 and earlier, contains a Stored Cross Site Scripting, an attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.

Affected configurations

NVD

Node

dellemc_data_protection_advisorRange≤19.6

CPENameOperatorVersion
dell:emc_data_protection_advisordell emc data protection advisorle19.6

CPE	Name	Operator	Version
dell:emc_data_protection_advisor	dell emc data protection advisor	le	19.6

CNA Affected

[
  {
    "product": "Data Protection Advisor",
    "vendor": "Dell",
    "versions": [
      {
        "lessThan": "19.5",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000201824/dsa-2022-107-dell-emc-data-protection-advisor-dpa-security-update-for-stored-cross-site-scripting-vulnerability

Social References