Cross-Site Scripting Flaw in Fujitsu ServerView Suite iRMC
CVE-2020-17457

5.4MEDIUM

Key Information:

Vendor

Fujitsu

Status
Serverview Remote Management
Vendor
CVE Published:
17 March 2021

What is CVE-2020-17457?

The Fujitsu ServerView Suite iRMC is susceptible to a Cross-Site Scripting (XSS) vulnerability that enables authenticated attackers to inject malicious JavaScript code. The vulnerability occurs when an attacker stores an XSS payload in the PSCU_FILE_INIT field of a Save Configuration XML document. This payload is executed when users encounter HTTP error response pages, potentially leading to unauthorized access and exploitation of sensitive data.

References

https://www.gruppotim.it/redteam
x_refsource_MISC
https://support.ts.fujitsu.com/IndexDownload.asp?Software...
x_refsource_CONFIRM

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2020-17457 : Cross-Site Scripting Flaw in Fujitsu ServerView Suite iRMC