DSA-2020-277: Dell EMC Unisphere PowerMax Cross-Site Scripting (XSS) Vulnerability
Riepilogo: Dell EMC Unisphere PowerMax contains remediation for a Cross-Site Scripting (XSS) Vulnerability that could be exploited by malicious users to compromise the affected system.
Questo articolo si applica a
Questo articolo non si applica a
Questo articolo non è legato a un prodotto specifico.
Non tutte le versioni del prodotto sono identificate in questo articolo.
Impatto
Medium
Dettagli
| Proprietary Code CVE(s) | Description | CVSSBase Score | CVSS Vector String |
| CVE-2020-35170 |
Dell EMC Unisphere for PowerMax versions prior to 9.1.0.24 contain a Stored Cross-Site Scripting vulnerability. A remote, authenticated attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery | 6.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
| Proprietary Code CVE(s) | Description | CVSSBase Score | CVSS Vector String |
| CVE-2020-35170 |
Dell EMC Unisphere for PowerMax versions prior to 9.1.0.24 contain a Stored Cross-Site Scripting vulnerability. A remote, authenticated attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery | 6.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
Prodotti interessati e correzione
| Product | Affected Version(s) | Updated Version(s) | Link to Update |
| Unisphere for PowerMax | Versions prior to 9.1.0.24 | 9.1.0.24 EEM: 9.1.0.853 |
https://www.dell.com/support/home/en-us/product-support/product/unisphere-powermax/drivers |
| Unisphere for PowerMax | Versions prior to 9.2.0.6 | 9.2.0.6 EEM: 9.2.0.1018 |
https://www.dell.com/support/home/en-us/product-support/product/unisphere-powermax/drivers |
| PowerMax OS | 5978 | 5978 | Request OPT 577141 Request OPT 576388 |
| Product | Affected Version(s) | Updated Version(s) | Link to Update |
| Unisphere for PowerMax | Versions prior to 9.1.0.24 | 9.1.0.24 EEM: 9.1.0.853 |
https://www.dell.com/support/home/en-us/product-support/product/unisphere-powermax/drivers |
| Unisphere for PowerMax | Versions prior to 9.2.0.6 | 9.2.0.6 EEM: 9.2.0.1018 |
https://www.dell.com/support/home/en-us/product-support/product/unisphere-powermax/drivers |
| PowerMax OS | 5978 | 5978 | Request OPT 577141 Request OPT 576388 |
Soluzioni alternative e mitigazioni
Any chart or dashboard with stored cross-site scripting needs to be deleted to remove the stored XSS.
Cronologia delle revisioni
| Revision | Date | Description |
| 1.0 | 2020-12-14 | Initial Release |
Ringraziamenti
Dell would like to thank Tomasz Stachowicz and Przemek Nowakowski for reporting this issue.
Informazioni correlate
Dichiarazione di non responsabilità
Prodotti interessati
PowerMaxOS 5978, Unisphere for PowerMaxProprietà dell'articolo
Numero articolo: 000181212
Tipo di articolo: Dell Security Advisory
Ultima modifica: 17 dic 2020
Trova risposta alle tue domande dagli altri utenti Dell
Support Services
Verifica che il dispositivo sia coperto dai Servizi di supporto.