CVE-2017-14383

Опубликовано: 04 янв. 2018

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

In Dell EMC VNX2 versions prior to Operating Environment for File 8.1.9.217 and VNX1 versions prior to Operating Environment for File 7.1.80.8, a web server error page in VNX Control Station is impacted by a reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary HTML code in the user's browser session in the context of the affected web application.

Ссылки

http://seclists.org/fulldisclosure/2017/Dec/87
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2017/Dec/87
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:dell:emc_vnx2_firmware:*:*:*:*:*:*:*:*

Версия до 8.1.9.217 (исключая)

cpe:2.3:h:dell:emc_vnx2:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:dell:emc_vnx1_firmware:*:*:*:*:*:*:*:*

Версия до 7.1.80.8 (исключая)

cpe:2.3:h:dell:emc_vnx1:-:*:*:*:*:*:*:*

EPSS

Процентиль: 40%

0.00177

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-fgjc-cm3r-fp83