CVE-2019-19632

Name of the Vulnerable Software and Affected Versions Big Switch Big Monitoring Fabric versions 6.2 through 6.2.4 Big Switch Big Monitoring Fabric versions 6.3 through 6.3.9 Big Switch Big Monitoring Fabric versions 7.0 through 7.0.3 Big Switch Big Monitoring Fabric versions 7.1 through 7.1.3 Big Cloud Fabric versions 4.5 through 4.5.5 Big Cloud Fabric versions 4.7 through 4.7.7 Big Cloud Fabric versions 5.0 through 5.0.1 Big Cloud Fabric versions 5.1 through 5.1.4 Multi-Cloud Director versions through 1.1.0

Description An issue allows an unauthenticated attacker to inject stored arbitrary JavaScript, which can be executed in the content viewed by authenticated administrators, resulting in a cross-site scripting (XSS) attack.

Recommendations For Big Switch Big Monitoring Fabric versions 6.2 through 6.2.4, update to a version outside of this range to mitigate the risk. For Big Switch Big Monitoring Fabric versions 6.3 through 6.3.9, update to a version outside of this range to mitigate the risk. For Big Switch Big Monitoring Fabric versions 7.0 through 7.0.3, update to a version outside of this range to mitigate the risk. For Big Switch Big Monitoring Fabric versions 7.1 through 7.1.3, update to a version outside of this range to mitigate the risk. For Big Cloud Fabric versions 4.5 through 4.5.5, update to a version outside of this range to mitigate the risk. For Big Cloud Fabric versions 4.7 through 4.7.7, update to a version outside of this range to mitigate the risk. For Big Cloud Fabric versions 5.0 through 5.0.1, update to a version outside of this range to mitigate the risk. For Big Cloud Fabric versions 5.1 through 5.1.4, update to a version outside of this range to mitigate the risk. For Multi-Cloud Director versions through 1.1.0, update to a version outside of this range to mitigate the risk.