A vulnerability in the web-based management interface of Cisco UCS Director could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management interface does not properly validate input. An attacker could exploit this vulnerability by inserting malicious data into a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, an attacker would need administrative credentials on the affected device.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Wed, 13 Nov 2024 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published:

Updated: 2024-11-13T18:15:57.514Z

Reserved: 2019-12-12T00:00:00

Link: CVE-2020-3464

cve-icon Vulnrichment

Updated: 2024-08-04T07:37:54.315Z

cve-icon NVD

Status : Modified

Published: 2020-08-17T18:15:13.680

Modified: 2024-11-21T05:31:07.440

Link: CVE-2020-3464

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.