Article Number: 000153805
Critical
Summary:
Dell EMC Unisphere for PowerMax and PowerMax OS releases remediate an XSS vulnerability that may be exploited by malicious users to compromise the affected system.
Dell EMC Unisphere for PowerMax versions prior to 9.1.0.9, Dell EMC Unisphere for PowerMax versions prior to 9.0.2.16, and Dell EMC PowerMax OS 5978.221.221 and 5978.479.479 contain a Cross-Site Scripting (XSS) vulnerability. An authenticated malicious user may potentially exploit this vulnerability to inject javascript code and affect other authenticated users sessions.
CVSS v3.0 Base Score: 9.0 (AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H)
Dell EMC Unisphere for PowerMax versions prior to 9.1.0.9, Dell EMC Unisphere for PowerMax versions prior to 9.0.2.16, and Dell EMC PowerMax OS 5978.221.221 and 5978.479.479 contain a Cross-Site Scripting (XSS) vulnerability. An authenticated malicious user may potentially exploit this vulnerability to inject javascript code and affect other authenticated users sessions.
CVSS v3.0 Base Score: 9.0 (AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H)
Affected products:
Remediation:
The following Dell EMC Unisphere for PowerMax releases address this vulnerability:
Dell EMC recommends all customers upgrade at the earliest opportunity.
Affected products:
Remediation:
The following Dell EMC Unisphere for PowerMax releases address this vulnerability:
Dell EMC recommends all customers upgrade at the earliest opportunity.
Dell would like to thank Tomasz Stachowicz for reporting this vulnerability.
Unisphere for PowerMax
PowerMax 2000, PowerMax 8000, PowerMaxOS 5978, Product Security Information, Unisphere for PowerMax, VMAX, VMAX 250F, VMAX 450F, VMAX 850F, VMAX 950F
20 Nov 2020
Dell Security Advisory