Sign-up

ID

VAR-202207-1833


CVE

CVE-2022-33935


TITLE

Dell's  Dell EMC Data Protection Advisor  Cross-site scripting vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-016142

DESCRIPTION

Dell EMC Data Protection Advisor versions 19.6 and earlier, contains a Stored Cross Site Scripting, an attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. Dell's Dell EMC Data Protection Advisor Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with

Trust: 1.8

sources: NVD: CVE-2022-33935 // JVNDB: JVNDB-2022-016142 // VULHUB: VHN-426127 // VULMON: CVE-2022-33935

AFFECTED PRODUCTS

vendor:dellmodel:emc data protection advisorscope:lteversion:19.6

Trust: 1.0

vendor:デルmodel:dell emc data protection advisorscope: - version: -

Trust: 0.8

vendor:デルmodel:dell emc data protection advisorscope:eqversion: -

Trust: 0.8

vendor:デルmodel:dell emc data protection advisorscope:lteversion:19.6 and earlier

Trust: 0.8

sources: JVNDB: JVNDB-2022-016142 // NVD: CVE-2022-33935

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-33935
value: MEDIUM

Trust: 1.0

security_alert@emc.com: CVE-2022-33935
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-33935
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202207-2417
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2022-33935
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.3
impactScore: 2.7
version: 3.1

Trust: 2.0

NVD: CVE-2022-33935
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-016142 // CNNVD: CNNVD-202207-2417 // NVD: CVE-2022-33935 // NVD: CVE-2022-33935

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.1

problemtype:Cross-site scripting (CWE-79) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-426127 // JVNDB: JVNDB-2022-016142 // NVD: CVE-2022-33935

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202207-2417

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202207-2417

PATCH

title:Dell EMC Data Protection Advisor Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=201433

Trust: 0.6

sources: CNNVD: CNNVD-202207-2417

EXTERNAL IDS

db:NVDid:CVE-2022-33935

Trust: 3.4

db:JVNDBid:JVNDB-2022-016142

Trust: 0.8

db:CS-HELPid:SB2022072620

Trust: 0.6

db:CNNVDid:CNNVD-202207-2417

Trust: 0.6

db:VULHUBid:VHN-426127

Trust: 0.1

db:VULMONid:CVE-2022-33935

Trust: 0.1

sources: VULHUB: VHN-426127 // VULMON: CVE-2022-33935 // JVNDB: JVNDB-2022-016142 // CNNVD: CNNVD-202207-2417 // NVD: CVE-2022-33935

REFERENCES

url:https://www.dell.com/support/kbdoc/en-us/000201824/dsa-2022-107-dell-emc-data-protection-advisor-dpa-security-update-for-stored-cross-site-scripting-vulnerability

Trust: 2.6

url:https://nvd.nist.gov/vuln/detail/cve-2022-33935

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2022072620

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-33935/

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-426127 // VULMON: CVE-2022-33935 // JVNDB: JVNDB-2022-016142 // CNNVD: CNNVD-202207-2417 // NVD: CVE-2022-33935

SOURCES

db:VULHUBid:VHN-426127
db:VULMONid:CVE-2022-33935
db:JVNDBid:JVNDB-2022-016142
db:CNNVDid:CNNVD-202207-2417
db:NVDid:CVE-2022-33935

LAST UPDATE DATE

2024-08-14T14:43:49.772000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-426127date:2022-09-07T00:00:00
db:VULMONid:CVE-2022-33935date:2022-08-30T00:00:00
db:JVNDBid:JVNDB-2022-016142date:2023-10-02T08:10:00
db:CNNVDid:CNNVD-202207-2417date:2022-09-08T00:00:00
db:NVDid:CVE-2022-33935date:2022-09-07T19:55:01.220

SOURCES RELEASE DATE

db:VULHUBid:VHN-426127date:2022-08-30T00:00:00
db:VULMONid:CVE-2022-33935date:2022-08-30T00:00:00
db:JVNDBid:JVNDB-2022-016142date:2023-10-02T00:00:00
db:CNNVDid:CNNVD-202207-2417date:2022-07-26T00:00:00
db:NVDid:CVE-2022-33935date:2022-08-30T21:15:08.707