PT-2020-9973 · Dell Emc · Dell Emc Unisphere For Powermax+1
Published
2020-01-10
·
Updated
2020-01-22
·
CVE-2019-18588
CVSS v3.1
9.0
Critical
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Dell EMC Unisphere for PowerMax versions prior to 9.1.0.9
Dell EMC Unisphere for PowerMax versions prior to 9.0.2.16
Dell EMC PowerMax OS versions 5978.221.221 and 5978.479.479
Description:
The issue allows an authenticated malicious user to potentially inject javascript code and affect other authenticated users' sessions due to a Cross-Site Scripting (XSS) vulnerability.
Recommendations:
For Dell EMC Unisphere for PowerMax versions prior to 9.1.0.9, update to version 9.1.0.9 or later.
For Dell EMC Unisphere for PowerMax versions prior to 9.0.2.16, update to version 9.0.2.16 or later.
For Dell EMC PowerMax OS versions 5978.221.221 and 5978.479.479, update to a version that contains the fix for this issue.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dell Emc Powermax Os
Dell Emc Unisphere For Powermax