CVE-2019-18588

Severity Score

5.4

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Dell EMC Unisphere for PowerMax versions prior to 9.1.0.9, Dell EMC Unisphere for PowerMax versions prior to 9.0.2.16, and Dell EMC PowerMax OS 5978.221.221 and 5978.479.479 contain a Cross-Site Scripting (XSS) vulnerability. An authenticated malicious user may potentially exploit this vulnerability to inject javascript code and affect other authenticated users' sessions.

Dell EMC Unisphere para PowerMax versiones anteriores a la versión 9.1.0.9, Dell EMC Unisphere para PowerMax versiones anteriores a la versión 9.0.2.16 y Dell EMC PowerMax OS versiones 5978.221.221 y 5978.479.479, contienen una vulnerabilidad de tipo Cross-Site Scripting (XSS). Un usuario malicioso autenticado puede explotar potencialmente esta vulnerabilidad para inyectar código JavaScript y afectar otras sesiones de usuarios autenticados.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Medium

Authentication

Single

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2019-10-29 CVE Reserved
2020-01-10 CVE Published
2023-03-08 EPSS Updated
2024-09-17 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://www.dell.com/support/security/en-us/details/539808/DSA-2019-193-Dell-EMC-Unisphere-for-PowerMax-and-Dell-EMC-PowerMax-Embedded-Management-Cross-Site	2020-01-22

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Dell Search vendor "Dell"		Emc Powermax Search vendor "Dell" for product "Emc Powermax"				5978.221.221 Search vendor "Dell" for product "Emc Powermax" and version "5978.221.221"		-		Affected
Dell Search vendor "Dell"		Emc Powermax Search vendor "Dell" for product "Emc Powermax"				5978.479.479 Search vendor "Dell" for product "Emc Powermax" and version "5978.479.479"		-		Affected
Dell Search vendor "Dell"		Emc Unisphere For Powermax Search vendor "Dell" for product "Emc Unisphere For Powermax"				< 9.0.2.16 Search vendor "Dell" for product "Emc Unisphere For Powermax" and version " < 9.0.2.16"		-		Affected
Dell Search vendor "Dell"		Emc Unisphere For Powermax Search vendor "Dell" for product "Emc Unisphere For Powermax"				>= 9.1.0.0 < 9.1.0.9 Search vendor "Dell" for product "Emc Unisphere For Powermax" and version " >= 9.1.0.0 < 9.1.0.9"		-		Affected