17 results (0.002 seconds)

CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0

Dell iDRAC9 version 6.00.02.00 and prior contain an improper input validation vulnerability in Racadm when the firmware lock-down configuration is set. A remote high privileged attacker could exploit this vulnerability to bypass the firmware lock-down configuration and perform a firmware update. Dell iDRAC9 6.00.02.00 y anteriores contienen una vulnerabilidad de validación de entrada incorrecta en Racadm cuando se establece la configuración de bloqueo del firmware. Un atacante remoto con privilegios elevados podría aprovechar esta vulnerabilidad para evitar la configuración de bloqueo del firmware y realizar una actualización del firmware. • https://www.dell.com/support/kbdoc/000205346 • CWE-20: Improper Input Validation •

CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain an improper authentication vulnerability. A remote authenticated malicious user with high privileges could potentially exploit this vulnerability to manipulate the username field under the comment section and set the value to any user. Dell EMC iDRAC9 versiones anteriores a 4.40.00.00, contiene una vulnerabilidad de autenticación inapropiada. Un usuario malicioso autenticado remoto con privilegios elevados podría explotar potencialmente esta vulnerabilidad para manipular el campo username en la sección comment y establecer el valor para cualquier usuario. • https://www.dell.com/support/kbdoc/000185293 • CWE-287: Improper Authentication CWE-602: Client-Side Enforcement of Server-Side Security •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain multiple stored cross-site scripting vulnerabilities. A remote authenticated malicious user with high privileges could potentially exploit these vulnerabilities to store malicious HTML or JavaScript code through multiple affected parameters. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. Dell EMC iDRAC9 versiones anteriores a 4.40.00.00, contienen múltiples vulnerabilidades de tipo cross-site scripting almacenado. Un usuario malicioso autenticado remoto con privilegios elevados podría explotar estas vulnerabilidades para almacenar código HTML o JavaScript malicioso por medio de múltiples parámetros afectados. • https://www.dell.com/support/kbdoc/000185293 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0

Dell EMC iDRAC9 versions prior to 4.40.10.00 contain multiple stored cross-site scripting vulnerabilities. A remote authenticated malicious user with high privileges could potentially exploit these vulnerabilities to store malicious HTML or JavaScript code through multiple affected while generating a certificate. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. Dell EMC iDRAC9 versiones anteriores a 4.40.10.00, contienen múltiples vulnerabilidades de tipo cross-site scripting almacenado. Un usuario malicioso autenticado remoto con altos privilegios podría explotar estas vulnerabilidades para almacenar código HTML o JavaScript malicioso por medio de múltiples afectaciones mientras genera un certificado. • https://www.dell.com/support/kbdoc/000185293 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a DOM-based cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to DOM environment in the browser. The malicious code is then executed by the web browser in the context of the vulnerable web application. Dell EMC iDRAC9 versiones anteriores a 4.40.00.00, contiene una vulnerabilidad de tipo cross-site scripting basada en DOM. Un atacante remoto no autenticado podría explotar potencialmente esta vulnerabilidad engañando al usuario de la aplicación víctima para que suministre un código HTML o JavaScript malicioso al entorno DOM en el navegador. • https://www.dell.com/support/kbdoc/000185293 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •