Details of VAR-202101-0555

ID

VAR-202101-0555

CVE

CVE-2020-35170

TITLE

plural Dell EMC Cross-site scripting vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2020-015141

DESCRIPTION

Dell EMC Unisphere for PowerMax versions prior to 9.1.0.9, Dell EMC Unisphere for PowerMax versions prior to 9.0.2.16, and Dell EMC PowerMax OS 5978.221.221 and 5978.479.479 contain a Cross-Site Scripting (XSS) vulnerability. An authenticated malicious user may potentially exploit this vulnerability to inject javascript code and affect other authenticated users’ sessions. DELL Dell EMC Unisphere for PowerMax is a set of graphical management tools for PowerMax storage arrays developed by Dell (DELL)

Trust: 1.71

sources: NVD: CVE-2020-35170 // JVNDB: JVNDB-2020-015141 // VULHUB: VHN-377261

AFFECTED PRODUCTS

vendor:	dell	model:	powermax os	scope:	eq	version:	5978.221.221	Trust: 1.0
vendor:	dell	model:	unisphere	scope:	lt	version:	9.1.0.24	Trust: 1.0
vendor:	dell	model:	unisphere	scope:	lt	version:	9.2.0.6	Trust: 1.0
vendor:	dell	model:	powermax os	scope:	eq	version:	5978.479.479	Trust: 1.0
vendor:	dell	model:	unisphere	scope:	gte	version:	9.2	Trust: 1.0
vendor:	デル	model:	dell emc powermax os	scope:	-	version:	-	Trust: 0.8
vendor:	デル	model:	dell emc unisphere	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-015141 // NVD: CVE-2020-35170

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-35170
value:	MEDIUM
Trust: 1.0
security_alert@emc.com:	CVE-2020-35170
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-35170
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202012-1446
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-377261
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2020-35170
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-377261
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-35170
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.3
impactScore:	2.7
version:	3.1
Trust: 1.0
security_alert@emc.com:	CVE-2020-35170
baseSeverity:	MEDIUM
baseScore:	6.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	2.8
impactScore:	3.4
version:	3.1
Trust: 1.0
NVD:	CVE-2020-35170
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-377261 // JVNDB: JVNDB-2020-015141 // CNNVD: CNNVD-202012-1446 // NVD: CVE-2020-35170 // NVD: CVE-2020-35170

PROBLEMTYPE DATA

problemtype:	CWE-79	Trust: 1.1
problemtype:	Cross-site scripting (CWE-79) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-377261 // JVNDB: JVNDB-2020-015141 // NVD: CVE-2020-35170

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202012-1446

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202012-1446

PATCH

title:	DSA-2020-277	url:	https://www.dell.com/support/kbdoc/ja-jp/000181212/dsa-2020-277-dell-emc-unisphere-powermax-cross-site-scripting-xss-vulnerability	Trust: 0.8
title:	DELL Dell EMC Unisphere for PowerMax Fixes for cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=137639	Trust: 0.6

sources: JVNDB: JVNDB-2020-015141 // CNNVD: CNNVD-202012-1446

EXTERNAL IDS

db:	NVD	id:	CVE-2020-35170	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-015141	Trust: 0.8
db:	CNNVD	id:	CNNVD-202012-1446	Trust: 0.7
db:	VULHUB	id:	VHN-377261	Trust: 0.1

sources: VULHUB: VHN-377261 // JVNDB: JVNDB-2020-015141 // CNNVD: CNNVD-202012-1446 // NVD: CVE-2020-35170

REFERENCES

url:	https://www.dell.com/support/kbdoc/000181212	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-35170	Trust: 1.4
url:	https://vigilance.fr/vulnerability/dell-emc-unisphere-powermax-cross-site-scripting-34181	Trust: 0.6

sources: VULHUB: VHN-377261 // JVNDB: JVNDB-2020-015141 // CNNVD: CNNVD-202012-1446 // NVD: CVE-2020-35170

SOURCES

db:	VULHUB	id:	VHN-377261
db:	JVNDB	id:	JVNDB-2020-015141
db:	CNNVD	id:	CNNVD-202012-1446
db:	NVD	id:	CVE-2020-35170

LAST UPDATE DATE

2024-11-23T23:04:07.576000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-377261	date:	2021-01-08T00:00:00
db:	JVNDB	id:	JVNDB-2020-015141	date:	2021-09-10T08:55:00
db:	CNNVD	id:	CNNVD-202012-1446	date:	2021-01-12T00:00:00
db:	NVD	id:	CVE-2020-35170	date:	2024-11-21T05:26:53.820

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-377261	date:	2021-01-05T00:00:00
db:	JVNDB	id:	JVNDB-2020-015141	date:	2021-09-10T00:00:00
db:	CNNVD	id:	CNNVD-202012-1446	date:	2020-12-21T00:00:00
db:	NVD	id:	CVE-2020-35170	date:	2021-01-05T22:15:14.250