DSA-2025-047: Security Update for Dell Update Manager Plugin Vulnerability
Zhrnutie: Dell Update Manager Plugin (UMP) remediation is available for a security vulnerability that could be exploited by malicious users to compromise the affected system.
Dosah
Low
Podrobnosti
|
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
|
CVE-2025-22402 |
Dell Update Manager Plugin, version(s) 1.5.0 through 1.6.0, contain(s) an Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure. |
2.6 |
|
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
|
CVE-2025-22402 |
Dell Update Manager Plugin, version(s) 1.5.0 through 1.6.0, contain(s) an Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure. |
2.6 |
Dotknuté produkty a riešenie problému
|
Product |
Affected Versions |
Remediated Versions |
Link |
|
Dell Update Manager Plugin |
Versions 1.5.0 through 1.6.0 |
Version 1.7.0 |
Dell OpenManage Enterprise Update Managerv1.7 | Driver Details | Dell US |
|
Product |
Affected Versions |
Remediated Versions |
Link |
|
Dell Update Manager Plugin |
Versions 1.5.0 through 1.6.0 |
Version 1.7.0 |
Dell OpenManage Enterprise Update Managerv1.7 | Driver Details | Dell US |
No action required from the customer if UMP version 1.7.0 is already installed by the customer. However, we recommend following the workaround mentioned above.
Alternatívne riešenia a zmiernenia
|
CVE ID |
Workaround and Mitigation |
|
CVE-2025-22402 |
Sanitization done with user input |
História revízií
|
Revision |
Date |
Description |
|
1.0 |
2025-02-06 |
Initial Release |