DSA-2020-277: Dell EMC Unisphere PowerMax Cross-Site Scripting (XSS) Vulnerability
Résumé: Dell EMC Unisphere PowerMax contains remediation for a Cross-Site Scripting (XSS) Vulnerability that could be exploited by malicious users to compromise the affected system.
Cet article concerne
Cet article ne concerne pas
Cet article n’est associé à aucun produit spécifique.
Toutes les versions du produit ne sont pas identifiées dans cet article.
Impact
Medium
Détails
| Proprietary Code CVE(s) | Description | CVSSBase Score | CVSS Vector String |
| CVE-2020-35170 |
Dell EMC Unisphere for PowerMax versions prior to 9.1.0.24 contain a Stored Cross-Site Scripting vulnerability. A remote, authenticated attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery | 6.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
| Proprietary Code CVE(s) | Description | CVSSBase Score | CVSS Vector String |
| CVE-2020-35170 |
Dell EMC Unisphere for PowerMax versions prior to 9.1.0.24 contain a Stored Cross-Site Scripting vulnerability. A remote, authenticated attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery | 6.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
Produits concernés et mesure corrective
| Product | Affected Version(s) | Updated Version(s) | Link to Update |
| Unisphere for PowerMax | Versions prior to 9.1.0.24 | 9.1.0.24 EEM: 9.1.0.853 |
https://www.dell.com/support/home/en-us/product-support/product/unisphere-powermax/drivers |
| Unisphere for PowerMax | Versions prior to 9.2.0.6 | 9.2.0.6 EEM: 9.2.0.1018 |
https://www.dell.com/support/home/en-us/product-support/product/unisphere-powermax/drivers |
| PowerMax OS | 5978 | 5978 | Request OPT 577141 Request OPT 576388 |
| Product | Affected Version(s) | Updated Version(s) | Link to Update |
| Unisphere for PowerMax | Versions prior to 9.1.0.24 | 9.1.0.24 EEM: 9.1.0.853 |
https://www.dell.com/support/home/en-us/product-support/product/unisphere-powermax/drivers |
| Unisphere for PowerMax | Versions prior to 9.2.0.6 | 9.2.0.6 EEM: 9.2.0.1018 |
https://www.dell.com/support/home/en-us/product-support/product/unisphere-powermax/drivers |
| PowerMax OS | 5978 | 5978 | Request OPT 577141 Request OPT 576388 |
Solutions de contournement et mesures d’atténuation
Any chart or dashboard with stored cross-site scripting needs to be deleted to remove the stored XSS.
Historique des révisions
| Revision | Date | Description |
| 1.0 | 2020-12-14 | Initial Release |
Remerciements
Dell would like to thank Tomasz Stachowicz and Przemek Nowakowski for reporting this issue.
Informations connexes
Mention légale
Produits concernés
PowerMaxOS 5978, Unisphere for PowerMaxPropriétés de l’article
Numéro d’article: 000181212
Type d’article: Dell Security Advisory
Dernière modification: 17 Dec 2020
Trouvez des réponses à vos questions auprès d’autres utilisateurs Dell
Services de support
Vérifiez si votre appareil est couvert par les services de support.