CVE-2019-3747

Published: Sep 27, 2019Modified: Nov 21, 2024

4.8

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Exploitability: 1.7 / Impact: 2.7

Source: NVD

Description

Dell EMC Integrated Data Protection Appliance versions prior to 2.3 contain a stored cross-site scripting vulnerability. A remote malicious ACM admin user may potentially exploit this vulnerability to store malicious HTML or JavaScript code in Cloud DR add-on specific field. When victim users access the page through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application.

Affected (3)

Products: Dell: Emc Integrated Data Protection Appliance Firmware

Dell

1 product

Emc Integrated Data Protection Appliance Firmware

Configuration A

3 vulnerable · 4 platform

Vulnerable Software	Affected Versions
Dell Emc Integrated Data Protection Appliance Firmware	Version 2.0
Dell Emc Integrated Data Protection Appliance Firmware	Version 2.1
Dell Emc Integrated Data Protection Appliance Firmware	Version 2.2

Running on/with	Platform Versions
Dell Emc Idpa Dp4400	All versions
Dell Emc Idpa Dp5800	All versions
Dell Emc Idpa Dp8300	All versions
Dell Emc Idpa Dp8800	All versions

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

https://www.dell.com/support/security/en-us/details/536363/DSA-2019-112-Dell-EMC-Integrated-Data-Protection-Appliance-Multiple-Vulnerabilities

Source: security_alert@emc.com

Vendor Advisory

https://www.dell.com/support/security/en-us/details/536363/DSA-2019-112-Dell-EMC-Integrated-Data-Protection-Appliance-Multiple-Vulnerabilities

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.