CVE-2019-18588

9CRITICAL

Key Information:

Vendor: Dell
Status: Unisphere For Powermax
Vendor: CVE Published:; 10 January 2020

Summary

Dell EMC Unisphere for PowerMax versions prior to 9.1.0.9, Dell EMC Unisphere for PowerMax versions prior to 9.0.2.16, and Dell EMC PowerMax OS 5978.221.221 and 5978.479.479 contain a Cross-Site Scripting (XSS) vulnerability. An authenticated malicious user may potentially exploit this vulnerability to inject javascript code and affect other authenticated users' sessions.

Affected Version(s)

Unisphere for PowerMax < 9.1.0.9 and 9.0.2.16

References

https://www.dell.com/support/security/en-us/details/53980...

x_refsource_MISC

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 10, 2020
Vulnerability Reserved
Oct 29, 2019