PT-2019-16655 · Dell · Isilonsd Management Server
Jarrod Farncomb
·
Publicado
2019-04-17
·
Atualizado
2019-10-09
·
CVE-2019-3708
CVSS v3.1
9.6
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
IsilonSD Management Server version 1.1.0
Description
The issue is related to a cross-site scripting vulnerability that occurs when uploading an OVA file. A remote attacker can exploit this to execute malicious HTML or JavaScript code in the context of an admin user by tricking the admin into performing certain actions.
Recommendations
For IsilonSD Management Server version 1.1.0, consider restricting access to the OVA file upload functionality until a fix is available. As a temporary workaround, avoid uploading OVA files from untrusted sources to minimize the risk of exploitation.
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Isilonsd Management Server