DSA-2020-277: Dell EMC Unisphere PowerMax Cross-Site Scripting (XSS) Vulnerability
摘要: Dell EMC Unisphere PowerMax contains remediation for a Cross-Site Scripting (XSS) Vulnerability that could be exploited by malicious users to compromise the affected system.
本文章適用於
本文章不適用於
本文無關於任何特定產品。
本文未識別所有產品版本。
影響
Medium
詳細資料
| Proprietary Code CVE(s) | Description | CVSSBase Score | CVSS Vector String |
| CVE-2020-35170 |
Dell EMC Unisphere for PowerMax versions prior to 9.1.0.24 contain a Stored Cross-Site Scripting vulnerability. A remote, authenticated attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery | 6.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
| Proprietary Code CVE(s) | Description | CVSSBase Score | CVSS Vector String |
| CVE-2020-35170 |
Dell EMC Unisphere for PowerMax versions prior to 9.1.0.24 contain a Stored Cross-Site Scripting vulnerability. A remote, authenticated attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery | 6.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
受影響的產品與補救措施
| Product | Affected Version(s) | Updated Version(s) | Link to Update |
| Unisphere for PowerMax | Versions prior to 9.1.0.24 | 9.1.0.24 EEM: 9.1.0.853 |
https://www.dell.com/support/home/en-us/product-support/product/unisphere-powermax/drivers |
| Unisphere for PowerMax | Versions prior to 9.2.0.6 | 9.2.0.6 EEM: 9.2.0.1018 |
https://www.dell.com/support/home/en-us/product-support/product/unisphere-powermax/drivers |
| PowerMax OS | 5978 | 5978 | Request OPT 577141 Request OPT 576388 |
| Product | Affected Version(s) | Updated Version(s) | Link to Update |
| Unisphere for PowerMax | Versions prior to 9.1.0.24 | 9.1.0.24 EEM: 9.1.0.853 |
https://www.dell.com/support/home/en-us/product-support/product/unisphere-powermax/drivers |
| Unisphere for PowerMax | Versions prior to 9.2.0.6 | 9.2.0.6 EEM: 9.2.0.1018 |
https://www.dell.com/support/home/en-us/product-support/product/unisphere-powermax/drivers |
| PowerMax OS | 5978 | 5978 | Request OPT 577141 Request OPT 576388 |
因應措施與緩解措施
Any chart or dashboard with stored cross-site scripting needs to be deleted to remove the stored XSS.
修訂歷史記錄
| Revision | Date | Description |
| 1.0 | 2020-12-14 | Initial Release |
感謝
Dell would like to thank Tomasz Stachowicz and Przemek Nowakowski for reporting this issue.
相關資訊
法律免責聲明
受影響的產品
PowerMaxOS 5978, Unisphere for PowerMax文章屬性
文章編號: 000181212
文章類型: Dell Security Advisory
上次修改時間: 17 12月 2020
向其他 Dell 使用者尋求您問題的答案
支援服務
檢查您的裝置是否在支援服務的涵蓋範圍內。