CVE-2019-9509

Name of the Vulnerable Software and Affected Versions Vertiv Avocent UMG-4000 version 4.2.1.19

Description The web interface is vulnerable to reflected XSS in an HTTP POST parameter. The web application does not neutralize user-controllable input before displaying it to users in a web page, which could allow a remote attacker authenticated with a user account to execute arbitrary code.

Recommendations For Vertiv Avocent UMG-4000 version 4.2.1.19, consider disabling the HTTP POST parameter that is vulnerable to reflected XSS as a temporary workaround until a patch is available. Restrict access to the web interface to minimize the risk of exploitation. Avoid using user-controllable input in the web application until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.