Christy_Mathew
1 Copper

Is Clariion affected by CVE-2014-0094 ??

Hi, Is Clariion affected by CVE-2014-0094 ?? I  have researched, but couldnt find anything relevant for this CVE .. please help me

Labels (1)
Tags (3)
0 Kudos
2 Replies
8 Krypton

Re: Is Clariion affected by CVE-2014-0094 ??

So far EMC hasn't released any information about this vulnerability. Refer to EMC Security Advisories All EMC Products - Current Year

Monitoring and Reporting and Watch4net embeds a version of Apache Struts that has known security vulnerabilities. But it had been fixed by an updated version (Watch4Net 6.2u4 and Monitoring and Reporting 1.1u1).

https://support.emc.com/kb/172469

0 Kudos
Christy_Mathew
1 Copper

Re: Is Clariion affected by CVE-2014-0094 ??

well.. that helped.. however customer  was looking whether SMARTS 9.2.2 is affected by CVE-2014-0094

i have got below info reg SMARTS


AS per CVE-2013-0936

Cross-site scripting (XSS) vulnerability in EMC Smarts IP Manager, Smarts Service Assurance Manager, Smarts Server Manager, Smarts VoIP Availability Manager, Smarts Network Protocol Manager, and Smarts MPLS Manager before 9.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

Affected products:

EMC Smarts Product versions prior to 9.2

  • EMC Smarts IP Manager

  • EMC Smarts Service Assurance Manager

  • EMC Smarts Server Manager all versions

  • EMC Smarts VoIP Availability Manager

  • EMC Smarts Network Protocol Manager

  • EMC Smarts MPLS Manager

Summary:

EMC Smarts Product versions prior to the 9.2 version contain a so-called Cross-site scripting vulnerability that could potentially be exploited by malicious users.

Details:

The Cross-site scripting vulnerability referenced above could be potentially exploited by a malicious attacker for conducting scripting attacks in EMC Smarts Products. The vulnerability could be exploited by getting an authenticated user to click on specially-crafted links that a malicious attacker can embed within an email, web page or other source. This may lead to execution of malicious html requests or scripts in the context of the authenticated user.

Resolution:

EMC Smarts version 9.2 products contain the resolution to this issue. EMC strongly recommends all customers upgrade at the earliest opportunity.

---------------------------------------------------------------------------------------

0 Kudos