CVE-2022-33935
https://notcve.org/view.php?id=CVE-2022-33935
Dell EMC Data Protection Advisor versions 19.6 and earlier, contains a Stored Cross Site Scripting, an attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. Dell EMC Data Protection Advisor versiones 19.6 y anteriores, contienen una vulnerabilidad de tipo Cross Site Scripting Almacenado, un atacante podría explotar esta vulnerabilidad, conllevando a un almacenamiento de códigos HTML o JavaScript maliciosos en un almacén de datos de aplicaciones confiables. Cuando un usuario víctima accede al almacén de datos mediante su navegador, el código malicioso es ejecutado por el navegador web en el contexto de la aplicación web vulnerable. • https://www.dell.com/support/kbdoc/en-us/000201824/dsa-2022-107-dell-emc-data-protection-advisor-dpa-security-update-for-stored-cross-site-scripting-vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-8211 – EMC Data Protection Advisor ImageServlet Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2016-8211
EMC Data Protection Advisor 6.1.x, EMC Data Protection Advisor 6.2, EMC Data Protection Advisor 6.2.1, EMC Data Protection Advisor 6.2.2, EMC Data Protection Advisor 6.2.3 prior to patch 446 has a path traversal vulnerability that may potentially be exploited by malicious users to compromise the affected system. EMC Data Protection Advisor 6.1.x, EMC Data Protection Advisor 6.2, EMC Data Protection Advisor 6.2.1, EMC Data Protection Advisor 6.2.2, EMC Data Protection Advisor 6.2.3 anterior al parche 446 tiene una vulnerabilidad de salto de ruta que puede ser potencialmente explotada por usuarios malintencionados para comprometer el sistema afectado. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of EMC Data Protection Advisor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ImageServlet servlet which listens on TCP ports 9002 and 9004. The issue lies in the failure to properly validate a user-supplied path prior to using it in file operations. • http://www.securityfocus.com/archive/1/540067/30/0/threaded http://www.securityfocus.com/bid/95833 http://www.securitytracker.com/id/1037729 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •