DSA-2022-138: Dell Unity, Dell UnityVSA, and Dell Unity XT Security Update for a Cross-Site Scripting Vulnerability
Resumo: Dell Unity, Dell UnityVSA, and Dell Unity XT remediation is available for a Cross-Site Scripting Vulnerability that may be exploited by malicious users to compromise the affected system. ...
Este artigo aplica-se a
Este artigo não se aplica a
Este artigo não está vinculado a nenhum produto específico.
Nem todas as versões do produto estão identificadas neste artigo.
Impacto
Critical
Dados
| Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-29091 | Dell Unity, Dell UnityVSA, and Dell UnityXT versions before 5.2.0.0.5.173 contain a Reflected Cross-Site Scripting Vulnerability in Unisphere UI. An Unauthenticated Remote Attacker may potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. | 6.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
| Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-29091 | Dell Unity, Dell UnityVSA, and Dell UnityXT versions before 5.2.0.0.5.173 contain a Reflected Cross-Site Scripting Vulnerability in Unisphere UI. An Unauthenticated Remote Attacker may potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. | 6.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
Produtos afetados e soluções
| Products | Affected Versions | Updated Versions | Link to Update |
| Dell Unity Operating Environment (OE) | Before 5.2.0.0.5.173 | 5.2.0.0.5.173 | https://www.dell.com/support/home/product-support/product/unity-all-flash-family/drivers |
| Dell UnityVSA Operating Environment (OE) | Before 5.2.0.0.5.173 | 5.2.0.0.5.173 | |
| Dell Unity XT Operating Environment (OE) | Before 5.2.0.0.5.173 | 5.2.0.0.5.173 |
| Products | Affected Versions | Updated Versions | Link to Update |
| Dell Unity Operating Environment (OE) | Before 5.2.0.0.5.173 | 5.2.0.0.5.173 | https://www.dell.com/support/home/product-support/product/unity-all-flash-family/drivers |
| Dell UnityVSA Operating Environment (OE) | Before 5.2.0.0.5.173 | 5.2.0.0.5.173 | |
| Dell Unity XT Operating Environment (OE) | Before 5.2.0.0.5.173 | 5.2.0.0.5.173 |
Histórico de revisão
| Revision | Date | More Information |
| 1.0 | 2022-05-11 | Initial Release |
Agradecimentos
CVE-2022-29091: Dell Technologies would like to thank codedunited for reporting this issue.
Informações relacionadas
Aviso de isenção legal
Produtos afetados
Dell EMC Unity, Dell Unity 300, Dell EMC Unity 300F, Dell EMC Unity 350F, Dell EMC Unity 400, Dell EMC Unity 400F, Dell EMC Unity 450F, Dell EMC Unity 500, Dell EMC Unity 500F, Dell EMC Unity 550FProdutos
Product Security Information, Dell EMC Unity XT 380, Dell EMC Unity XT 380F, Dell EMC Unity XT 480, Dell EMC Unity XT 480F, Dell EMC Unity 600, Dell EMC Unity 600F, Dell EMC Unity 650F, Dell EMC Unity XT 680, Dell EMC Unity XT 680F
, Dell EMC Unity XT 880, Dell EMC Unity XT 880F, Dell EMC Unity Family
...
Propriedades do artigo
Número do artigo: 000199446
Tipo de artigo: Dell Security Advisory
Último modificado: 11 mai. 2022
Encontre as respostas de outros usuários da Dell para suas perguntas.
Serviços de suporte
Verifique se o dispositivo está coberto pelos serviços de suporte.