Описание
Dell EMC iDRAC8 versions prior to 2.80.80.80 & Dell EMC iDRAC9 versions prior to 5.00.00.00 contain a Content spoofing / Text injection, where a malicious URL can inject text to present a customized message on the application that can phish users into believing that the message is legitimate.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.80.80.80 (исключая)Версия до 5.00.00.00 (исключая)
Одно из
cpe:2.3:o:dell:emc_idrac8_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dell:emc_idrac9_firmware:*:*:*:*:*:*:*:*
EPSS
Процентиль: 65%
0.00484
Низкий
4.3 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-74
CWE-74
Связанные уязвимости
github
больше 3 лет назад
Dell EMC iDRAC8 versions prior to 2.80.80.80 & Dell EMC iDRAC9 versions prior to 5.00.00.00 contain a Content spoofing / Text injection, where a malicious URL can inject text to present a customized message on the application that can phish users into believing that the message is legitimate.
EPSS
Процентиль: 65%
0.00484
Низкий
4.3 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-74
CWE-74