DSA-2022-138: Dell Unity, Dell UnityVSA, and Dell Unity XT Security Update for a Cross-Site Scripting Vulnerability
Summary: Dell Unity, Dell UnityVSA, and Dell Unity XT remediation is available for a Cross-Site Scripting Vulnerability that may be exploited by malicious users to compromise the affected system. ...
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Impact
Critical
Details
| Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-29091 | Dell Unity, Dell UnityVSA, and Dell UnityXT versions before 5.2.0.0.5.173 contain a Reflected Cross-Site Scripting Vulnerability in Unisphere UI. An Unauthenticated Remote Attacker may potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. | 6.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
| Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-29091 | Dell Unity, Dell UnityVSA, and Dell UnityXT versions before 5.2.0.0.5.173 contain a Reflected Cross-Site Scripting Vulnerability in Unisphere UI. An Unauthenticated Remote Attacker may potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. | 6.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
Affected Products & Remediation
| Products | Affected Versions | Updated Versions | Link to Update |
| Dell Unity Operating Environment (OE) | Before 5.2.0.0.5.173 | 5.2.0.0.5.173 | https://www.dell.com/support/home/product-support/product/unity-all-flash-family/drivers |
| Dell UnityVSA Operating Environment (OE) | Before 5.2.0.0.5.173 | 5.2.0.0.5.173 | |
| Dell Unity XT Operating Environment (OE) | Before 5.2.0.0.5.173 | 5.2.0.0.5.173 |
| Products | Affected Versions | Updated Versions | Link to Update |
| Dell Unity Operating Environment (OE) | Before 5.2.0.0.5.173 | 5.2.0.0.5.173 | https://www.dell.com/support/home/product-support/product/unity-all-flash-family/drivers |
| Dell UnityVSA Operating Environment (OE) | Before 5.2.0.0.5.173 | 5.2.0.0.5.173 | |
| Dell Unity XT Operating Environment (OE) | Before 5.2.0.0.5.173 | 5.2.0.0.5.173 |
Revision History
| Revision | Date | More Information |
| 1.0 | 2022-05-11 | Initial Release |
Acknowledgements
CVE-2022-29091: Dell Technologies would like to thank codedunited for reporting this issue.
Related Information
Legal Disclaimer
Affected Products
Dell EMC Unity, Dell Unity 300, Dell EMC Unity 300F, Dell EMC Unity 350F, Dell EMC Unity 400, Dell EMC Unity 400F, Dell EMC Unity 450F, Dell EMC Unity 500, Dell EMC Unity 500F, Dell EMC Unity 550FProducts
Product Security Information, Dell EMC Unity XT 380, Dell EMC Unity XT 380F, Dell EMC Unity XT 480, Dell EMC Unity XT 480F, Dell EMC Unity 600, Dell EMC Unity 600F, Dell EMC Unity 650F, Dell EMC Unity XT 680, Dell EMC Unity XT 680F
, Dell EMC Unity XT 880, Dell EMC Unity XT 880F, Dell EMC Unity Family
...
Article Properties
Article Number: 000199446
Article Type: Dell Security Advisory
Last Modified: 11 May 2022
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.