Dell EMC XtremIO XMS Security Vulnerability

Dell EMC XtremIO XMS is a suite of XtremIO Enterprise Storage Platform management software from Dell USA. A security vulnerability exists in Dell EMC XtremIO XMS versions prior to 6-4-1.11. A remote, read-only user may be able to exploit this vulnerability to enforce the add or remove QoS Quality...

CVE-2019-18577

Dell EMC XtremIO XMS versions prior to 6.3.0 contain an incorrect permission assignment vulnerability. A malicious local user with XtremIO xinstall privileges may exploit this vulnerability to gain root access...

CVE-2019-18576

Dell EMC XtremIO XMS versions prior to 6.3.0 contain an information disclosure vulnerability where OS users’ passwords are logged in local files. Malicious local users with access to the log files may use the exposed passwords to gain access to XtremIO with the privileges of the compromised user...

CVE-2019-18577

Dell EMC XtremIO XMS versions prior to 6.3.0 contain an incorrect permission assignment vulnerability. A malicious local user with XtremIO xinstall privileges may exploit this vulnerability to gain root access...

Cross site scripting

Dell EMC XtremIO XMS versions prior to 6.3.0 contain a stored cross-site scripting vulnerability. A low-privileged malicious remote user of XtremIO may exploit this vulnerability to store malicious HTML or JavaScript code in application fields. When victim users access the injected page through...

CVE-2019-18577

Dell EMC XtremIO XMS versions prior to 6.3.0 contain an incorrect permission assignment vulnerability. A malicious local user with XtremIO xinstall privileges may exploit this vulnerability to gain root access...

CVE-2019-18578

Dell EMC XtremIO XMS versions prior to 6.3.0 contain a stored cross-site scripting vulnerability. A low-privileged malicious remote user of XtremIO may exploit this vulnerability to store malicious HTML or JavaScript code in application fields. When victim users access the injected page through...