Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.
Sign In Create an Account Dell Financial Services Premier Sign In Partner Program Sign In
Contact Us

Your Dell.com Carts

Article Number: 000001761

DSA-2019-125: Dell EMC Unity and VNXe3200 Family Reflected Cross-Site Scripting Vulnerability

Article Content

Impact

Medium

Details

Summary: 
Dell EMC Unity and VNXe3200 contain fixes for a Reflected Cross-site Scripting Vulnerability that could potentially be exploited by malicious users to compromise the affected system.

  • Reflected Cross-Site Scripting Vulnerability
CVE-2019-3754

Dell EMC Unity Operating Environment versions prior to 5.0.0.0.5.116, Dell EMC UnityVSA versions prior to 5.0.0.0.5.116 and Dell EMC VNXe3200 versions prior to 3.1.10.9946299 contain a reflected cross-site scripting vulnerability on the cas/logout page. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or Java Script code to Unisphere, which is then reflected back to the victim and executed by the web browser.

CVSS v3.0 Base Score: 4.7 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N)
  • Reflected Cross-Site Scripting Vulnerability
CVE-2019-3754

Dell EMC Unity Operating Environment versions prior to 5.0.0.0.5.116, Dell EMC UnityVSA versions prior to 5.0.0.0.5.116 and Dell EMC VNXe3200 versions prior to 3.1.10.9946299 contain a reflected cross-site scripting vulnerability on the cas/logout page. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or Java Script code to Unisphere, which is then reflected back to the victim and executed by the web browser.

CVSS v3.0 Base Score: 4.7 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N)
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

Affected Products: 
Dell EMC Unity Operating Environment (OE) versions prior to 5.0.0.0.5.116
Dell EMC UnityVSA Operating Environment (OE) versions prior to 5.0.0.0.5.116
Dell EMC VNXe3200 Operating Environment (OE) versions prior to 3.1.10.9946299


Remediation:
The following Dell EMC Unity and VNXe3200 releases contain resolutions to this vulnerability:
  • Dell EMC Unity Operating Environment (OE) version 5.0.0.0.5.116
  • Dell EMC UnityVSA Operating Environment (OE) versions 5.0.0.0.5.116
  • Dell EMC VNXe3200 Operating Environment (OE) versions 3.1.10.9946299

To take advantage of the latest security fixes and enhancements, Dell EMC recommends upgrading to the latest OE code, found here: https://support.emc.com/docu39695_Target_Revisions_and_Adoption_Rates.pdf?language=en_US&language=en_US

Registered Dell EMC Support customers can download Unity software from the EMC Online Support site:
https://support.emc.com/downloads/39949_Dell-EMC-Unity-Family
https://support.emc.com/downloads/30951_VNXe3200
 

Affected Products: 
Dell EMC Unity Operating Environment (OE) versions prior to 5.0.0.0.5.116
Dell EMC UnityVSA Operating Environment (OE) versions prior to 5.0.0.0.5.116
Dell EMC VNXe3200 Operating Environment (OE) versions prior to 3.1.10.9946299


Remediation:
The following Dell EMC Unity and VNXe3200 releases contain resolutions to this vulnerability:
  • Dell EMC Unity Operating Environment (OE) version 5.0.0.0.5.116
  • Dell EMC UnityVSA Operating Environment (OE) versions 5.0.0.0.5.116
  • Dell EMC VNXe3200 Operating Environment (OE) versions 3.1.10.9946299

To take advantage of the latest security fixes and enhancements, Dell EMC recommends upgrading to the latest OE code, found here: https://support.emc.com/docu39695_Target_Revisions_and_Adoption_Rates.pdf?language=en_US&language=en_US

Registered Dell EMC Support customers can download Unity software from the EMC Online Support site:
https://support.emc.com/downloads/39949_Dell-EMC-Unity-Family
https://support.emc.com/downloads/30951_VNXe3200
 

Acknowledgements

Dell would like to thank Konstantinos Alexiou and Nikolaos Aliferopoulos for reporting this vulnerability.

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Information

Article Properties

Affected Product

Dell EMC Unity Family

Product
Product Security Information, Dell Unity 300, Dell EMC Unity 300F, Dell EMC Unity 350F, Dell EMC Unity XT 380, Dell EMC Unity XT 380F, Dell EMC Unity 400, Dell EMC Unity 400F, Dell EMC Unity 450F, Dell EMC Unity XT 480F, Dell EMC Unity 500 , Dell EMC Unity 500F, Dell EMC Unity 550F, Dell EMC Unity 600, Dell EMC Unity 600F, Dell EMC Unity 650F, Dell EMC Unity XT 680, Dell EMC Unity XT 680F, Dell EMC Unity XT 880, Dell EMC Unity XT 880F, Dell EMC Unity Family |Dell EMC Unity All Flash, Dell EMC Unity Family, Dell EMC Unity Hybrid, VNXe2 Series, VNXe3200 ...
Last Published Date

22 May 2021

Version

4

Article Type

Dell Security Advisory

Back to Top