The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to reflected cross site scripting
CVE-2019-9509

6.3MEDIUM

Key Information:

Vendor: Vertiv
Status: Avocent Umg-4000
Vendor: CVE Published:; 30 March 2020

What is CVE-2019-9509?

The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to reflected XSS in an HTTP POST parameter. The web application does not neutralize user-controllable input before displaying to users in a web page, which could allow a remote attacker authenticated with a user account to execute arbitrary code.

Affected Version(s)

Avocent UMG-4000 4.2.1.19

References

https://www.vertiv.com/en-us/support/software-download/it...

x_refsource_MISC

https://www.vertiv.com/en-us/support/software-download/so...

x_refsource_MISC

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 30, 2020
Vulnerability Reserved
Mar 1, 2019

JSON