CVE-2019-3747
Severity Score
4.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Dell EMC Integrated Data Protection Appliance versions prior to 2.3 contain a stored cross-site scripting vulnerability. A remote malicious ACM admin user may potentially exploit this vulnerability to store malicious HTML or JavaScript code in Cloud DR add-on specific field. When victim users access the page through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application.
Dell EMC Integrated Data Protection Appliance versiones anteriores a 2.3, contienen una vulnerabilidad de tipo cross-site scripting almacenado. Un usuario administrador de ACM malicioso remoto puede explotar esta vulnerabilidad para almacenar código HTML o JavaScript malicioso en el campo específico del add-on Cloud DR. Cuando los usuarios víctimas acceden a la página por medio de sus navegadores, el código malicioso es ejecutado por el navegador en el contexto de la aplicación web vulnerable.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2019-01-03 CVE Reserved
- 2019-09-27 CVE Published
- 2023-03-08 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Dell Search vendor "Dell" | Emc Integrated Data Protection Appliance Firmware Search vendor "Dell" for product "Emc Integrated Data Protection Appliance Firmware" | 2.0 Search vendor "Dell" for product "Emc Integrated Data Protection Appliance Firmware" and version "2.0" | - |
Affected
| in | Dell Search vendor "Dell" | Emc Idpa Dp4400 Search vendor "Dell" for product "Emc Idpa Dp4400" | - | - |
Safe
|
| Dell Search vendor "Dell" | Emc Integrated Data Protection Appliance Firmware Search vendor "Dell" for product "Emc Integrated Data Protection Appliance Firmware" | 2.0 Search vendor "Dell" for product "Emc Integrated Data Protection Appliance Firmware" and version "2.0" | - |
Affected
| in | Dell Search vendor "Dell" | Emc Idpa Dp5800 Search vendor "Dell" for product "Emc Idpa Dp5800" | - | - |
Safe
|
| Dell Search vendor "Dell" | Emc Integrated Data Protection Appliance Firmware Search vendor "Dell" for product "Emc Integrated Data Protection Appliance Firmware" | 2.0 Search vendor "Dell" for product "Emc Integrated Data Protection Appliance Firmware" and version "2.0" | - |
Affected
| in | Dell Search vendor "Dell" | Emc Idpa Dp8300 Search vendor "Dell" for product "Emc Idpa Dp8300" | - | - |
Safe
|
| Dell Search vendor "Dell" | Emc Integrated Data Protection Appliance Firmware Search vendor "Dell" for product "Emc Integrated Data Protection Appliance Firmware" | 2.0 Search vendor "Dell" for product "Emc Integrated Data Protection Appliance Firmware" and version "2.0" | - |
Affected
| in | Dell Search vendor "Dell" | Emc Idpa Dp8800 Search vendor "Dell" for product "Emc Idpa Dp8800" | - | - |
Safe
|
| Dell Search vendor "Dell" | Emc Integrated Data Protection Appliance Firmware Search vendor "Dell" for product "Emc Integrated Data Protection Appliance Firmware" | 2.1 Search vendor "Dell" for product "Emc Integrated Data Protection Appliance Firmware" and version "2.1" | - |
Affected
| in | Dell Search vendor "Dell" | Emc Idpa Dp4400 Search vendor "Dell" for product "Emc Idpa Dp4400" | - | - |
Safe
|
| Dell Search vendor "Dell" | Emc Integrated Data Protection Appliance Firmware Search vendor "Dell" for product "Emc Integrated Data Protection Appliance Firmware" | 2.1 Search vendor "Dell" for product "Emc Integrated Data Protection Appliance Firmware" and version "2.1" | - |
Affected
| in | Dell Search vendor "Dell" | Emc Idpa Dp5800 Search vendor "Dell" for product "Emc Idpa Dp5800" | - | - |
Safe
|
| Dell Search vendor "Dell" | Emc Integrated Data Protection Appliance Firmware Search vendor "Dell" for product "Emc Integrated Data Protection Appliance Firmware" | 2.1 Search vendor "Dell" for product "Emc Integrated Data Protection Appliance Firmware" and version "2.1" | - |
Affected
| in | Dell Search vendor "Dell" | Emc Idpa Dp8300 Search vendor "Dell" for product "Emc Idpa Dp8300" | - | - |
Safe
|
| Dell Search vendor "Dell" | Emc Integrated Data Protection Appliance Firmware Search vendor "Dell" for product "Emc Integrated Data Protection Appliance Firmware" | 2.1 Search vendor "Dell" for product "Emc Integrated Data Protection Appliance Firmware" and version "2.1" | - |
Affected
| in | Dell Search vendor "Dell" | Emc Idpa Dp8800 Search vendor "Dell" for product "Emc Idpa Dp8800" | - | - |
Safe
|
| Dell Search vendor "Dell" | Emc Integrated Data Protection Appliance Firmware Search vendor "Dell" for product "Emc Integrated Data Protection Appliance Firmware" | 2.2 Search vendor "Dell" for product "Emc Integrated Data Protection Appliance Firmware" and version "2.2" | - |
Affected
| in | Dell Search vendor "Dell" | Emc Idpa Dp4400 Search vendor "Dell" for product "Emc Idpa Dp4400" | - | - |
Safe
|
| Dell Search vendor "Dell" | Emc Integrated Data Protection Appliance Firmware Search vendor "Dell" for product "Emc Integrated Data Protection Appliance Firmware" | 2.2 Search vendor "Dell" for product "Emc Integrated Data Protection Appliance Firmware" and version "2.2" | - |
Affected
| in | Dell Search vendor "Dell" | Emc Idpa Dp5800 Search vendor "Dell" for product "Emc Idpa Dp5800" | - | - |
Safe
|
| Dell Search vendor "Dell" | Emc Integrated Data Protection Appliance Firmware Search vendor "Dell" for product "Emc Integrated Data Protection Appliance Firmware" | 2.2 Search vendor "Dell" for product "Emc Integrated Data Protection Appliance Firmware" and version "2.2" | - |
Affected
| in | Dell Search vendor "Dell" | Emc Idpa Dp8300 Search vendor "Dell" for product "Emc Idpa Dp8300" | - | - |
Safe
|
| Dell Search vendor "Dell" | Emc Integrated Data Protection Appliance Firmware Search vendor "Dell" for product "Emc Integrated Data Protection Appliance Firmware" | 2.2 Search vendor "Dell" for product "Emc Integrated Data Protection Appliance Firmware" and version "2.2" | - |
Affected
| in | Dell Search vendor "Dell" | Emc Idpa Dp8800 Search vendor "Dell" for product "Emc Idpa Dp8800" | - | - |
Safe
|