CVE-2019-3754

Name of the Vulnerable Software and Affected Versions Dell EMC Unity Operating Environment versions prior to 5.0.0.0.5.116 Dell EMC UnityVSA versions prior to 5.0.0.0.5.116 Dell EMC VNXe3200 versions prior to 3.1.10.9946299

Description The issue is related to a reflected cross-site scripting vulnerability on the "cas/logout" page. A remote unauthenticated attacker could exploit this by tricking a victim application user into supplying malicious HTML or JavaScript code to Unisphere, which is then reflected back to the victim and executed by the web browser.

Recommendations For Dell EMC Unity Operating Environment versions prior to 5.0.0.0.5.116, update to version 5.0.0.0.5.116 or later. For Dell EMC UnityVSA versions prior to 5.0.0.0.5.116, update to version 5.0.0.0.5.116 or later. For Dell EMC VNXe3200 versions prior to 3.1.10.9946299, update to version 3.1.10.9946299 or later.