Ga naar hoofdinhoud
  • Snel en eenvoudig bestellen
  • Bestellingen en de verzendstatus bekijken
  • Een lijst met producten maken en openen
  • Beheer uw Dell EMC locaties, producten en contactpersonen op productniveau met Company Administration.

Artikelnummer: 000181212


DSA-2020-277: Dell EMC Unisphere PowerMax Cross-Site Scripting (XSS) Vulnerability

Samenvatting: Dell EMC Unisphere PowerMax contains remediation for a Cross-Site Scripting (XSS) Vulnerability that could be exploited by malicious users to compromise the affected system.

Article content


Impact

Medium

Gegevens

Proprietary Code CVE(s) Description CVSSBase Score CVSS Vector String
CVE-2020-35170
 
Dell EMC Unisphere for PowerMax versions prior to 9.1.0.24 contain a Stored Cross-Site Scripting vulnerability. A remote, authenticated attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Proprietary Code CVE(s) Description CVSSBase Score CVSS Vector String
CVE-2020-35170
 
Dell EMC Unisphere for PowerMax versions prior to 9.1.0.24 contain a Stored Cross-Site Scripting vulnerability. A remote, authenticated attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Dell Technologies raadt aan dat alle klanten rekening houden met zowel de basisscore van CVSS als alle relevante tijdelijke en omgevingsscores die gevolgen kunnen hebben voor de mogelijke ernst van de specifieke beveiligingsproblemen.

Getroffen producten en herstel

Product Affected Version(s) Updated Version(s) Link to Update
Unisphere for PowerMax Versions prior to 9.1.0.24 9.1.0.24

EEM: 9.1.0.853
https://www.dell.com/support/home/en-us/product-support/product/unisphere-powermax/drivers
Unisphere for PowerMax Versions prior to 9.2.0.6 9.2.0.6

EEM: 9.2.0.1018
https://www.dell.com/support/home/en-us/product-support/product/unisphere-powermax/drivers
PowerMax OS 5978 5978 Request OPT 577141

Request OPT 576388
Product Affected Version(s) Updated Version(s) Link to Update
Unisphere for PowerMax Versions prior to 9.1.0.24 9.1.0.24

EEM: 9.1.0.853
https://www.dell.com/support/home/en-us/product-support/product/unisphere-powermax/drivers
Unisphere for PowerMax Versions prior to 9.2.0.6 9.2.0.6

EEM: 9.2.0.1018
https://www.dell.com/support/home/en-us/product-support/product/unisphere-powermax/drivers
PowerMax OS 5978 5978 Request OPT 577141

Request OPT 576388

Tijdelijke oplossingen en beperkingen

Any chart or dashboard with stored cross-site scripting needs to be deleted to remove the stored XSS.

Bevestigingen

Dell would like to thank Tomasz Stachowicz and Przemek Nowakowski for reporting this issue.

Revisiegeschiedenis

RevisionDateDescription
1.02020-12-14Initial Release

Verwante informatie

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide


Artikeleigenschappen


Getroffen product

PowerMaxOS 5978, Unisphere for PowerMax

Datum laatst gepubliceerd

17 dec 2020

Versie

1

Artikeltype

Dell Security Advisory