CVE-2019-3754 MEDIUM

CVE-2019-3754

Vendor Dell Emc

Product Unity Operating Environment

Weakness CWE-79 · XSS

Published September 3, 2019

Last update September 17, 2024

View on NVD All CVEs

CVSS base score

4.7/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality Low

Integrity None

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N

What the vulnerability does

01Description

Dell EMC Unity Operating Environment versions prior to 5.0.0.0.5.116, Dell EMC UnityVSA versions prior to 5.0.0.0.5.116 and Dell EMC VNXe3200 versions prior to 3.1.10.9946299 contain a reflected cross-site scripting vulnerability on the cas/logout page. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or Java Script code to Unisphere, which is then reflected back to the victim and executed by the web browser.

Key dates

02Disclosure timeline

September 3, 2019 CVE published

September 17, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2019-3754 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

Identifiers

CVE CVE-2019-3754

CWE CWE-79

CVSS 4.7 / MEDIUM

Affected versions

Vendor Dell Emc

Product Unity Operating Environment

Affected ≥ unspecified and < 5.0.0.0.5.116

Vendor Dell Emc

Product UnityVSA Operating Environment

Affected ≥ unspecified and < 5.0.0.0.5.116

Vendor Dell Emc

Product VNXe3200 Operating Environment

Affected ≥ unspecified and < 3.1.10.9946299

CVE-2019-3754

01Description

02Disclosure timeline

03References

04Related CVE