DSA-2022-138: Dell Unity, Dell UnityVSA, and Dell Unity XT Security Update for a Cross-Site Scripting Vulnerability
요약: Dell Unity, Dell UnityVSA, and Dell Unity XT remediation is available for a Cross-Site Scripting Vulnerability that may be exploited by malicious users to compromise the affected system. ...
이 문서는 다음에 적용됩니다.
이 문서는 다음에 적용되지 않습니다.
이 문서는 특정 제품과 관련이 없습니다.
모든 제품 버전이 이 문서에 나와 있는 것은 아닙니다.
영향
Critical
세부 정보
| Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-29091 | Dell Unity, Dell UnityVSA, and Dell UnityXT versions before 5.2.0.0.5.173 contain a Reflected Cross-Site Scripting Vulnerability in Unisphere UI. An Unauthenticated Remote Attacker may potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. | 6.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
| Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-29091 | Dell Unity, Dell UnityVSA, and Dell UnityXT versions before 5.2.0.0.5.173 contain a Reflected Cross-Site Scripting Vulnerability in Unisphere UI. An Unauthenticated Remote Attacker may potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. | 6.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
영향을 받는 제품 및 문제 해결
| Products | Affected Versions | Updated Versions | Link to Update |
| Dell Unity Operating Environment (OE) | Before 5.2.0.0.5.173 | 5.2.0.0.5.173 | https://www.dell.com/support/home/product-support/product/unity-all-flash-family/drivers |
| Dell UnityVSA Operating Environment (OE) | Before 5.2.0.0.5.173 | 5.2.0.0.5.173 | |
| Dell Unity XT Operating Environment (OE) | Before 5.2.0.0.5.173 | 5.2.0.0.5.173 |
| Products | Affected Versions | Updated Versions | Link to Update |
| Dell Unity Operating Environment (OE) | Before 5.2.0.0.5.173 | 5.2.0.0.5.173 | https://www.dell.com/support/home/product-support/product/unity-all-flash-family/drivers |
| Dell UnityVSA Operating Environment (OE) | Before 5.2.0.0.5.173 | 5.2.0.0.5.173 | |
| Dell Unity XT Operating Environment (OE) | Before 5.2.0.0.5.173 | 5.2.0.0.5.173 |
개정 내역
| Revision | Date | More Information |
| 1.0 | 2022-05-11 | Initial Release |
감사의 말
CVE-2022-29091: Dell Technologies would like to thank codedunited for reporting this issue.
관련 정보
법적 고지 사항
해당 제품
Dell EMC Unity, Dell Unity 300, Dell EMC Unity 300F, Dell EMC Unity 350F, Dell EMC Unity 400, Dell EMC Unity 400F, Dell EMC Unity 450F, Dell EMC Unity 500, Dell EMC Unity 500F, Dell EMC Unity 550F제품
Product Security Information, Dell EMC Unity XT 380, Dell EMC Unity XT 380F, Dell EMC Unity XT 480, Dell EMC Unity XT 480F, Dell EMC Unity 600, Dell EMC Unity 600F, Dell EMC Unity 650F, Dell EMC Unity XT 680, Dell EMC Unity XT 680F
, Dell EMC Unity XT 880, Dell EMC Unity XT 880F, Dell EMC Unity Family
...
문서 속성
문서 번호: 000199446
문서 유형: Dell Security Advisory
마지막 수정 시간: 11 5월 2022
다른 Dell 사용자에게 질문에 대한 답변 찾기
지원 서비스
디바이스에 지원 서비스가 적용되는지 확인하십시오.