PT-2021-11719 · Dell Emc · Dell Emc Unisphere For Powermax+1
Published
2021-01-05
·
Updated
2021-01-08
·
CVE-2020-35170
CVSS v3.1
6.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions:
Dell EMC Unisphere for PowerMax versions prior to 9.1.0.9
Dell EMC Unisphere for PowerMax versions prior to 9.0.2.16
Dell EMC PowerMax OS 5978.221.221
Dell EMC PowerMax OS 5978.479.479
Description:
The issue is a Cross-Site Scripting (XSS) vulnerability that can be exploited by an authenticated malicious user to inject javascript code, potentially affecting other authenticated users' sessions.
Recommendations:
For Dell EMC Unisphere for PowerMax versions prior to 9.1.0.9, update to version 9.1.0.9 or later.
For Dell EMC Unisphere for PowerMax versions prior to 9.0.2.16, update to version 9.0.2.16 or later.
For Dell EMC PowerMax OS 5978.221.221 and 5978.479.479, consider disabling any functionality that may be used to inject javascript code until a patch is available.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dell Emc Powermax Os
Dell Emc Unisphere For Powermax