CVE-2020-35170 - OpenCVE

Dell EMC Unisphere for PowerMax versions prior to 9.1.0.9, Dell EMC Unisphere for PowerMax versions prior to 9.0.2.16, and Dell EMC PowerMax OS 5978.221.221 and 5978.479.479 contain a Cross-Site Scripting (XSS) vulnerability. An authenticated malicious user may potentially exploit this vulnerability to inject javascript code and affect other authenticated users’ sessions.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:S/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Dell	Powermax Os Unisphere

Configuration 1 [-]

OR	cpe:2.3:a:dell:unisphere:::::::powermax:*
	cpe:2.3:a:dell:unisphere:::::::powermax:*
	cpe:2.3:o:dell:powermax_os:5978.221.221:::::::*
	cpe:2.3:o:dell:powermax_os:5978.479.479:::::::*

No data.

References

Link	Providers
https://www.dell.com/support/kbdoc/000181212

History

No history.

MITRE

Status: PUBLISHED

Assigner: dell

Published: 2021-01-05T21:40:26.349130Z

Updated: 2024-09-17T04:04:45.256Z

Reserved: 2020-12-11T00:00:00

Link: CVE-2020-35170

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-01-05T22:15:14.250

Modified: 2021-01-08T19:02:51.580

Link: CVE-2020-35170

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Unisphere for PowerMax", "vendor": "Dell", "versions": [{"lessThan": "9.1.0.24", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2020-12-17T00:00:00", "descriptions": [{"lang": "en", "value": "Dell EMC Unisphere for PowerMax versions prior to 9.1.0.9, Dell EMC Unisphere for PowerMax versions prior to 9.0.2.16, and Dell EMC PowerMax OS 5978.221.221 and 5978.479.479 contain a Cross-Site Scripting (XSS) vulnerability. An authenticated malicious user may potentially exploit this vulnerability to inject javascript code and affect other authenticated users\u2019 sessions."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-01-05T21:40:26", "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.dell.com/support/kbdoc/000181212"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@dell.com", "DATE_PUBLIC": "2020-12-17", "ID": "CVE-2020-35170", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Unisphere for PowerMax", "version": {"version_data": [{"version_affected": "<", "version_value": "9.1.0.24"}]}}]}, "vendor_name": "Dell"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Dell EMC Unisphere for PowerMax versions prior to 9.1.0.9, Dell EMC Unisphere for PowerMax versions prior to 9.0.2.16, and Dell EMC PowerMax OS 5978.221.221 and 5978.479.479 contain a Cross-Site Scripting (XSS) vulnerability. An authenticated malicious user may potentially exploit this vulnerability to inject javascript code and affect other authenticated users\u2019 sessions."}]}, "impact": {"cvss": {"baseScore": 6.3, "baseSeverity": "Medium", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}]}, "references": {"reference_data": [{"name": "https://www.dell.com/support/kbdoc/000181212", "refsource": "MISC", "url": "https://www.dell.com/support/kbdoc/000181212"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T17:02:06.700Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.dell.com/support/kbdoc/000181212"}]}]}, "cveMetadata": {"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "assignerShortName": "dell", "cveId": "CVE-2020-35170", "datePublished": "2021-01-05T21:40:26.349130Z", "dateReserved": "2020-12-11T00:00:00", "dateUpdated": "2024-09-17T04:04:45.256Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dell:unisphere:*:*:*:*:*:*:powermax:*", "matchCriteriaId": "1D61A241-DDF3-4403-84FB-B2D4AC67C6C9", "versionEndExcluding": "9.1.0.24", "vulnerable": true}, {"criteria": "cpe:2.3:a:dell:unisphere:*:*:*:*:*:*:powermax:*", "matchCriteriaId": "1E5A2F53-4220-4579-80BD-87D23BBEFE9D", "versionEndExcluding": "9.2.0.6", "versionStartIncluding": "9.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:dell:powermax_os:5978.221.221:*:*:*:*:*:*:*", "matchCriteriaId": "9FCC20DE-A924-48A9-AA24-B7D3CC5389DA", "vulnerable": true}, {"criteria": "cpe:2.3:o:dell:powermax_os:5978.479.479:*:*:*:*:*:*:*", "matchCriteriaId": "BE7FA9A5-6DB5-439A-AA28-B95AEEE9585C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Dell EMC Unisphere for PowerMax versions prior to 9.1.0.9, Dell EMC Unisphere for PowerMax versions prior to 9.0.2.16, and Dell EMC PowerMax OS 5978.221.221 and 5978.479.479 contain a Cross-Site Scripting (XSS) vulnerability. An authenticated malicious user may potentially exploit this vulnerability to inject javascript code and affect other authenticated users\u2019 sessions."}, {"lang": "es", "value": "Dell EMC Unisphere para PowerMax versiones anteriores a 9.1.0.9, Dell EMC Unisphere para PowerMax versiones anteriores a 9.0.2.16 y Dell EMC PowerMax OS versiones 5978.221.221 y 5978.479.479, contienen una vulnerabilidad de tipo Cross-Site Scripting (XSS). Un usuario malicioso autenticado puede potencialmente explotar esta vulnerabilidad para inyectar c\u00f3digo javascript y afectar las sesiones de otros usuarios autenticados"}], "id": "CVE-2020-35170", "lastModified": "2021-01-08T19:02:51.580", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "security_alert@emc.com", "type": "Secondary"}]}, "published": "2021-01-05T22:15:14.250", "references": [{"source": "security_alert@emc.com", "tags": ["Vendor Advisory"], "url": "https://www.dell.com/support/kbdoc/000181212"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "security_alert@emc.com", "type": "Secondary"}]}