Article Number: 000199446
Critical
Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
CVE-2022-29091 | Dell Unity, Dell UnityVSA, and Dell UnityXT versions before 5.2.0.0.5.173 contain a Reflected Cross-Site Scripting Vulnerability in Unisphere UI. An Unauthenticated Remote Attacker may potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. | 6.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
CVE-2022-29091 | Dell Unity, Dell UnityVSA, and Dell UnityXT versions before 5.2.0.0.5.173 contain a Reflected Cross-Site Scripting Vulnerability in Unisphere UI. An Unauthenticated Remote Attacker may potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. | 6.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
Products | Affected Versions | Updated Versions | Link to Update |
Dell Unity Operating Environment (OE) | Before 5.2.0.0.5.173 | 5.2.0.0.5.173 | https://www.dell.com/support/home/product-support/product/unity-all-flash-family/drivers |
Dell UnityVSA Operating Environment (OE) | Before 5.2.0.0.5.173 | 5.2.0.0.5.173 | |
Dell Unity XT Operating Environment (OE) | Before 5.2.0.0.5.173 | 5.2.0.0.5.173 |
Products | Affected Versions | Updated Versions | Link to Update |
Dell Unity Operating Environment (OE) | Before 5.2.0.0.5.173 | 5.2.0.0.5.173 | https://www.dell.com/support/home/product-support/product/unity-all-flash-family/drivers |
Dell UnityVSA Operating Environment (OE) | Before 5.2.0.0.5.173 | 5.2.0.0.5.173 | |
Dell Unity XT Operating Environment (OE) | Before 5.2.0.0.5.173 | 5.2.0.0.5.173 |
CVE-2022-29091: Dell Technologies would like to thank codedunited for reporting this issue.
Revision | Date | More Information |
1.0 | 2022-05-11 | Initial Release |
Dell EMC Unity, Dell Unity 300, Dell EMC Unity 300F, Dell EMC Unity 350F, Dell EMC Unity 400, Dell EMC Unity 400F, Dell EMC Unity 450F, Dell EMC Unity 500, Dell EMC Unity 500F, Dell EMC Unity 550F
11 May 2022
1
Dell Security Advisory