PT-2019-12674 · Emerson Network Power · Emerson Network Power Liebert Challenger

Kubilay Onur Gungor

Publicado

2019-05-22

Atualizado

2019-05-27

CVE-2019-12167

CVSS v3.1

6.1

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Emerson Network Power Liebert Challenger version 5.1E0.5

Description The issue concerns a problem with the httpGetSet/httpGet.htm page on Emerson Network Power Liebert Challenger devices, where an XSS attack can be performed via the statusstr parameter.

Recommendations For Emerson Network Power Liebert Challenger version 5.1E0.5, avoid using the statusstr parameter in the httpGetSet/httpGet.htm page until the issue is resolved. As a temporary workaround, consider restricting access to the httpGetSet/httpGet.htm page to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2019-12167

Produtos afetados

Emerson Network Power Liebert Challenger

PT-2019-12674 · Emerson Network Power · Emerson Network Power Liebert Challenger

CVE-2019-12167

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5