CVE-2023-44301

2023-12-0409:15:36

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023-44301

dell

dm5500

reflected xss

vulnerability

security

nvd

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.0005 Low

EPSS

Percentile

18.4%

JSON

Dell DM5500 5.14.0.0 and prior contain a Reflected Cross-Site Scripting Vulnerability. A network attacker with low privileges could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user’s web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.

Affected configurations

NVD

Node

dellpowerprotect_data_manager_dm5500_firmwareRange≤5.14.0.0

AND

dellpowerprotect_data_manager_dm5500Match-

CPENameOperatorVersion
dell:powerprotect_data_manager_dm5500_firmwaredell powerprotect data manager dm5500 firmwarele5.14.0.0

CPE	Name	Operator	Version
dell:powerprotect_data_manager_dm5500_firmware	dell powerprotect data manager dm5500 firmware	le	5.14.0.0

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Dell PowerProtect Data Manager DM5500 Appliance",
    "vendor": "Dell",
    "versions": [
      {
        "status": "affected",
        "version": "DM5500 5.14 and below"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000220107/dsa-2023-425-security-update-for-dell-powerprotect-data-manager-dm5500-appliance-for-multiple-vulnerabilities