Описание
Dell EMC PowerFlex, v3.5.x contain a Cross-Site WebSocket Hijacking Vulnerability in the Presentation Server/WebUI. An unauthenticated attacker could potentially exploit this vulnerability by tricking the user into performing unwanted actions on the Presentation Server and perform which may lead to configuration changes.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 3.5 (включая) до 3.6 (исключая)
cpe:2.3:a:dell:powerflex_presentation_server:*:*:*:*:*:*:*:*
EPSS
Процентиль: 34%
0.00138
Низкий
6.5 Medium
CVSS3
4.3 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-345
CWE-345
Связанные уязвимости
github
больше 3 лет назад
Dell EMC PowerFlex, v3.5.x contain a Cross-Site WebSocket Hijacking Vulnerability in the Presentation Server/WebUI. An unauthenticated attacker could potentially exploit this vulnerability by tricking the user into performing unwanted actions on the Presentation Server and perform which may lead to configuration changes.
EPSS
Процентиль: 34%
0.00138
Низкий
6.5 Medium
CVSS3
4.3 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-345
CWE-345