PT-2019-16694 · Dell Emc · Dell Emc Unityvsa+3
Published
2019-09-03
·
Updated
2019-10-09
·
CVE-2019-3754
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Dell EMC Unity Operating Environment versions prior to 5.0.0.0.5.116
Dell EMC UnityVSA versions prior to 5.0.0.0.5.116
Dell EMC VNXe3200 versions prior to 3.1.10.9946299
Description
The issue is related to a reflected cross-site scripting vulnerability on the "cas/logout" page. A remote unauthenticated attacker could exploit this by tricking a victim application user into supplying malicious HTML or JavaScript code to Unisphere, which is then reflected back to the victim and executed by the web browser.
Recommendations
For Dell EMC Unity Operating Environment versions prior to 5.0.0.0.5.116, update to version 5.0.0.0.5.116 or later.
For Dell EMC UnityVSA versions prior to 5.0.0.0.5.116, update to version 5.0.0.0.5.116 or later.
For Dell EMC VNXe3200 versions prior to 3.1.10.9946299, update to version 3.1.10.9946299 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dell Emc Unity Operating Environment
Dell Emc Unityvsa
Dell Emc Vnxe3200
Unisphere