First published: Fri Sep 27 2019(Updated: )
Dell EMC Integrated Data Protection Appliance versions prior to 2.3 contain a stored cross-site scripting vulnerability. A remote malicious ACM admin user may potentially exploit this vulnerability to store malicious HTML or JavaScript code in Cloud DR add-on specific field. When victim users access the page through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application.
Credit: security_alert@emc.com
Affected Software | Affected Version | How to fix |
---|---|---|
Dell Emc Integrated Data Protection Appliance Firmware | =2.0 | |
Dell Emc Integrated Data Protection Appliance Firmware | =2.1 | |
Dell Emc Integrated Data Protection Appliance Firmware | =2.2 | |
Dell Emc Idpa Dp4400 | ||
Dell Emc Idpa Dp5800 | ||
Dell Emc Idpa Dp8300 | ||
Dell Emc Idpa Dp8800 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2019-3747.
The severity level of CVE-2019-3747 is high.
The affected software for CVE-2019-3747 is Dell EMC Integrated Data Protection Appliance versions prior to 2.3.
CVE-2019-3747 is a stored cross-site scripting vulnerability in Dell EMC Integrated Data Protection Appliance versions prior to 2.3.
A remote malicious ACM admin user may potentially exploit CVE-2019-3747 to store malicious HTML or JavaScript code in Cloud DR add-on specific field.