Details of VAR-202003-0889

ID

VAR-202003-0889

CVE

CVE-2019-18578

TITLE

Dell EMC XtremIO XMS Cross-site scripting vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2019-014963

DESCRIPTION

Dell EMC XtremIO XMS versions prior to 6.3.0 contain a stored cross-site scripting vulnerability. A low-privileged malicious remote user of XtremIO may exploit this vulnerability to store malicious HTML or JavaScript code in application fields. When victim users access the injected page through their browsers, the malicious code may be executed by the web browser in the context of the vulnerable web application. (DoS) It may be put into a state. Dell EMC XtremIO XMS is a set of XtremIO (enterprise storage platform) management software of Dell (Dell)

Trust: 1.71

sources: NVD: CVE-2019-18578 // JVNDB: JVNDB-2019-014963 // VULHUB: VHN-150938

AFFECTED PRODUCTS

vendor:	dell	model:	xtremio management server	scope:	lt	version:	6.3.0	Trust: 1.0
vendor:	dell	model:	emc xtremio	scope:	eq	version:	6.3.0	Trust: 0.8

sources: JVNDB: JVNDB-2019-014963 // NVD: CVE-2019-18578

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-18578
value:	CRITICAL
Trust: 1.0
security_alert@emc.com:	CVE-2019-18578
value:	CRITICAL
Trust: 1.0
NVD:	JVNDB-2019-014963
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202003-873
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-150938
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-18578
severity:	MEDIUM
baseScore:	6.0
vectorString:	AV:N/AC:M/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.8
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2019-014963
severity:	MEDIUM
baseScore:	6.0
vectorString:	AV:N/AC:M/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-150938
severity:	MEDIUM
baseScore:	6.0
vectorString:	AV:N/AC:M/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.8
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-18578
baseSeverity:	CRITICAL
baseScore:	9.0
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.3
impactScore:	6.0
version:	3.1
Trust: 1.0
security_alert@emc.com:	CVE-2019-18578
baseSeverity:	CRITICAL
baseScore:	9.0
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.3
impactScore:	6.0
version:	3.0
Trust: 1.0
NVD:	JVNDB-2019-014963
baseSeverity:	CRITICAL
baseScore:	9.0
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-150938 // JVNDB: JVNDB-2019-014963 // CNNVD: CNNVD-202003-873 // NVD: CVE-2019-18578 // NVD: CVE-2019-18578

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-150938 // JVNDB: JVNDB-2019-014963 // NVD: CVE-2019-18578

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202003-873

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202003-873

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-014963

PATCH

title:	DSA-2019-172	url:	https://www.dell.com/support/security/en-us/details/539703/DSA-2019-172-Dell-EMC-XtremIO-Security-Update-for-Multiple-Vulnerabilities	Trust: 0.8
title:	Dell EMC XtremIO XMS Fixes for cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112348	Trust: 0.6

sources: JVNDB: JVNDB-2019-014963 // CNNVD: CNNVD-202003-873

EXTERNAL IDS

db:	NVD	id:	CVE-2019-18578	Trust: 2.5
db:	JVNDB	id:	JVNDB-2019-014963	Trust: 0.8
db:	CNNVD	id:	CNNVD-202003-873	Trust: 0.7
db:	CNVD	id:	CNVD-2020-17483	Trust: 0.1
db:	VULHUB	id:	VHN-150938	Trust: 0.1

sources: VULHUB: VHN-150938 // JVNDB: JVNDB-2019-014963 // CNNVD: CNNVD-202003-873 // NVD: CVE-2019-18578

REFERENCES

url:	https://www.dell.com/support/security/en-us/details/539703/dsa-2019-172-dell-emc-xtremio-security-update-for-multiple-vulnerabilities	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-18578	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18578	Trust: 0.8

sources: VULHUB: VHN-150938 // JVNDB: JVNDB-2019-014963 // CNNVD: CNNVD-202003-873 // NVD: CVE-2019-18578

SOURCES

db:	VULHUB	id:	VHN-150938
db:	JVNDB	id:	JVNDB-2019-014963
db:	CNNVD	id:	CNNVD-202003-873
db:	NVD	id:	CVE-2019-18578

LAST UPDATE DATE

2024-11-23T23:08:04.542000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-150938	date:	2020-03-18T00:00:00
db:	JVNDB	id:	JVNDB-2019-014963	date:	2020-03-31T00:00:00
db:	CNNVD	id:	CNNVD-202003-873	date:	2020-04-02T00:00:00
db:	NVD	id:	CVE-2019-18578	date:	2024-11-21T04:33:20

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-150938	date:	2020-03-13T00:00:00
db:	JVNDB	id:	JVNDB-2019-014963	date:	2020-03-31T00:00:00
db:	CNNVD	id:	CNNVD-202003-873	date:	2020-03-13T00:00:00
db:	NVD	id:	CVE-2019-18578	date:	2020-03-13T21:15:11.737