CVE-2019-14415

Опубликовано: 29 июл. 2019

Источник: nvd

CVSS3: 5.9

CVSS3: 4.8

CVSS2: 3.5

EPSS Низкий

Описание

An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. A persistent cross-site scripting (XSS) vulnerability allows a malicious VRP user to inject malicious script into another user's browser, related to resiliency plans functionality. A victim must open a resiliency plan that an attacker has access to.

Ссылки

http://packetstormsecurity.com/files/153842/Veritas-Resiliency-Platform-VRP-Traversal-Command-Execution.html
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2019/Jul/39
Broken Link
Mailing List
Third Party Advisory
https://www.veritas.com/content/support/en_US/security/VTS19-002.html#Issue4
Vendor Advisory
http://packetstormsecurity.com/files/153842/Veritas-Resiliency-Platform-VRP-Traversal-Command-Execution.html
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2019/Jul/39
Broken Link
Mailing List
Third Party Advisory
https://www.veritas.com/content/support/en_US/security/VTS19-002.html#Issue4
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:veritas:resiliency_platform:*:*:*:*:*:*:*:*

Версия до 3.3.2 (исключая)

cpe:2.3:a:veritas:resiliency_platform:3.3.2:-:*:*:*:*:*:*

EPSS

Процентиль: 58%

0.00369

Низкий

5.9 Medium

CVSS3

4.8 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-7f23-3wc5-hhr9

CVSS3: 4.8

github

больше 3 лет назад

EPSS

Процентиль: 58%

0.00369

Низкий

5.9 Medium

CVSS3

4.8 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79