DSA-2019-125: Dell EMC Unity and VNXe3200 Family Reflected Cross-Site Scripting Vulnerability
Article Content
Impact
Medium
Details
Summary: Dell EMC Unity and VNXe3200 contain fixes for a Reflected Cross-site Scripting Vulnerability that could potentially be exploited by malicious users to compromise the affected system.
Reflected Cross-Site Scripting Vulnerability
CVE-2019-3754
Dell EMC Unity Operating Environment versions prior to 5.0.0.0.5.116, Dell EMC UnityVSA versions prior to 5.0.0.0.5.116 and Dell EMC VNXe3200 versions prior to 3.1.10.9946299 contain a reflected cross-site scripting vulnerability on the cas/logout page. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or Java Script code to Unisphere, which is then reflected back to the victim and executed by the web browser.
CVSS v3.0 Base Score: 4.7 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N)
Reflected Cross-Site Scripting Vulnerability
CVE-2019-3754
Dell EMC Unity Operating Environment versions prior to 5.0.0.0.5.116, Dell EMC UnityVSA versions prior to 5.0.0.0.5.116 and Dell EMC VNXe3200 versions prior to 3.1.10.9946299 contain a reflected cross-site scripting vulnerability on the cas/logout page. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or Java Script code to Unisphere, which is then reflected back to the victim and executed by the web browser.
CVSS v3.0 Base Score: 4.7 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N)
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.