Remote Cross-Site Scripting Vulnerability in HPE 3PAR StoreServ Management Software
CVE-2019-5403

4.8MEDIUM

Key Information:

Vendor: HP
Status: HP 3par Storeserv Management And Core Software Media
Vendor: CVE Published:; 9 August 2019

Summary

A remote multiple cross-site scripting vulnerability has been identified in the HPE 3PAR StoreServ Management and Core Software. This flaw affects versions prior to 3.5.0.1, allowing attackers to inject malicious scripts into the application, potentially compromising user data and session integrity. The vulnerability poses a risk to users interacting with the affected software, and it is vital for users to apply necessary updates to mitigate this security issue.

Affected Version(s)

HPE 3PAR StoreServ Management and Core Software Media prior to 3.5.0.1

References

https://support.hpe.com/hpsc/doc/public/display?docLocale...

x_refsource_CONFIRM

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Aug 9, 2019
Vulnerability Reserved
Jan 4, 2019