CVE-2017-14383

6.1MEDIUM

Key Information:

Vendor: Dell
Status: Dell Emc Vnx2 Versions Prior To Operating Environment For File 8.1.9.217 And Dell Emc Vnx1 Versions Prior To Operating Environment For File 7.1.80.8
Vendor: CVE Published:; 4 January 2018

Summary

In Dell EMC VNX2 versions prior to Operating Environment for File 8.1.9.217 and VNX1 versions prior to Operating Environment for File 7.1.80.8, a web server error page in VNX Control Station is impacted by a reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary HTML code in the user's browser session in the context of the affected web application.

Affected Version(s)

Dell EMC VNX2 prior to Operating Environment for File 8.1.9.217 and Dell EMC VNX1 prior to Operating Environment for File 7.1.80.8 Dell EMC VNX2 versions prior to Operating Environment for File 8.1.9.217 and Dell EMC VNX1 versions prior to Operating Environment for File 7.1.80.8

References

http://seclists.org/fulldisclosure/2017/Dec/87

x_refsource_CONFIRM

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 4, 2018
Vulnerability Reserved
Sep 12, 2017