Vertiv Avocent UMG-4000 version 4.2.1.19 web interface is vulnerable to stored cross site scripting
CVE-2019-9508

6.3MEDIUM

Key Information:

Vendor: Vertiv
Status: Avocent Umg-4000
Vendor: CVE Published:; 30 March 2020

What is CVE-2019-9508?

The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to stored XSS. A remote attacker authenticated with an administrator account could store a maliciously named file within the web application that would execute each time a user browsed to the page.

Affected Version(s)

Avocent UMG-4000 4.2.1.19

References

https://www.vertiv.com/en-us/support/software-download/it...

x_refsource_MISC

https://www.vertiv.com/en-us/support/software-download/so...

x_refsource_MISC

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 30, 2020
Vulnerability Reserved
Mar 1, 2019

JSON