CVE-2018-1189

Name of the Vulnerable Software and Affected Versions Dell EMC Isilon versions 7.1.1.11 Dell EMC Isilon versions 7.2.1.x Dell EMC Isilon versions 8.0.0.0 through 8.0.0.6 Dell EMC Isilon versions 8.0.1.0 through 8.0.1.2 Dell EMC Isilon versions 8.1.0.0 through 8.1.0.1

Description The issue is a cross-site scripting vulnerability in the Antivirus Page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website.

Recommendations For version 7.1.1.11, update to a version that is not affected by this issue. For versions 7.2.1.x, update to a version that is not affected by this issue. For versions 8.0.0.0 through 8.0.0.6, update to a version that is not affected by this issue. For versions 8.0.1.0 through 8.0.1.2, update to a version that is not affected by this issue. For versions 8.1.0.0 through 8.1.0.1, update to a version that is not affected by this issue. As a temporary workaround, consider restricting access to the Antivirus Page within the OneFS web administration interface until a patch is available.