CVE-2019-0130

Published: Jun 13, 2019Modified: Nov 21, 2024

7.4

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 4.0

Source: NVD

Description

Reflected XSS in web interface for Intel(R) Accelerated Storage Manager in Intel(R) RSTe before version 5.5.0.2015 may allow an unauthenticated user to potentially enable denial of service via network access.

Affected (5)

Products: Intel: Rapid Storage Technology Enterprise · Lenovo: Thinkstation P520 Firmware, Thinkstation P520c Firmware, Thinkstation P720 Firmware, Thinkstation P920 Firmware

Intel

1 product

Rapid Storage Technology Enterprise

Lenovo

4 products

Thinkstation P520 Firmware

Thinkstation P520c Firmware

Thinkstation P720 Firmware

Thinkstation P920 Firmware

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Intel Rapid Storage Technology Enterprise	Before 5.5.0.2015

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkstation P520 Firmware	All versions

Running on/with	Platform Versions
Lenovo Thinkstation P520	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkstation P520c Firmware	All versions

Running on/with	Platform Versions
Lenovo Thinkstation P520c	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkstation P720 Firmware	All versions

Running on/with	Platform Versions
Lenovo Thinkstation P720	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkstation P920 Firmware	All versions

Running on/with	Platform Versions
Lenovo Thinkstation P920	All versions

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (6)

http://www.securityfocus.com/bid/108775

Source: secure@intel.com

Broken LinkThird Party AdvisoryVDB Entry

https://support.lenovo.com/us/en/product_security/LEN-27843

Source: secure@intel.com

Third Party Advisory

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00226.html

Source: secure@intel.com

PatchVendor Advisory

http://www.securityfocus.com/bid/108775

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party AdvisoryVDB Entry

https://support.lenovo.com/us/en/product_security/LEN-27843

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00226.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.