Sign-up

ID

VAR-201909-0092


CVE

CVE-2019-3747


TITLE

Dell EMC Integrated Data Protection Appliance Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2019-009956

DESCRIPTION

Dell EMC Integrated Data Protection Appliance versions prior to 2.3 contain a stored cross-site scripting vulnerability. A remote malicious ACM admin user may potentially exploit this vulnerability to store malicious HTML or JavaScript code in Cloud DR add-on specific field. When victim users access the page through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code

Trust: 1.71

sources: NVD: CVE-2019-3747 // JVNDB: JVNDB-2019-009956 // VULHUB: VHN-155182

AFFECTED PRODUCTS

vendor:dellmodel:emc integrated data protection appliancescope:eqversion:2.2

Trust: 1.6

vendor:dellmodel:emc integrated data protection appliancescope:eqversion:2.0

Trust: 1.6

vendor:dellmodel:emc integrated data protection appliancescope:eqversion:2.1

Trust: 1.6

vendor:dell emc old emcmodel:integrated data protection appliancescope:ltversion:2.3

Trust: 0.8

vendor:dellmodel:emc idpa dp8800scope:eqversion: -

Trust: 0.6

vendor:dellmodel:emc idpa dp4400scope:eqversion: -

Trust: 0.6

vendor:dellmodel:emc idpa dp5800scope:eqversion: -

Trust: 0.6

vendor:dellmodel:emc idpa dp8300scope:eqversion: -

Trust: 0.6

sources: JVNDB: JVNDB-2019-009956 // CNNVD: CNNVD-201909-1310 // NVD: CVE-2019-3747

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-3747
value: MEDIUM

Trust: 1.0

security_alert@emc.com: CVE-2019-3747
value: HIGH

Trust: 1.0

NVD: CVE-2019-3747
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201909-1310
value: MEDIUM

Trust: 0.6

VULHUB: VHN-155182
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2019-3747
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-155182
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-3747
baseSeverity: MEDIUM
baseScore: 4.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 1.7
impactScore: 2.7
version: 3.1

Trust: 1.0

security_alert@emc.com: CVE-2019-3747
baseSeverity: HIGH
baseScore: 8.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.7
impactScore: 6.0
version: 3.0

Trust: 1.0

NVD: CVE-2019-3747
baseSeverity: MEDIUM
baseScore: 4.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-155182 // JVNDB: JVNDB-2019-009956 // CNNVD: CNNVD-201909-1310 // NVD: CVE-2019-3747 // NVD: CVE-2019-3747

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-155182 // JVNDB: JVNDB-2019-009956 // NVD: CVE-2019-3747

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201909-1310

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201909-1310

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-009956

PATCH
title:DSA-2019-112: Dell EMC Integrated Data Protection Appliance Multiple Vulnerabilitiesurl:https://www.dell.com/support/security/ja-jp/details/536363/DSA-2019-112-Dell-EMC-Integrated-Data-Protection-Appliance-Multiple-Vulnerabilities
Trust: 0.8
title:Dell EMC Integrated Data Protection Appliance Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98702
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-009956 // 
            
            
            
            CNNVD: CNNVD-201909-1310

EXTERNAL IDS
db:NVDid:CVE-2019-3747
Trust: 2.5
db:JVNDBid:JVNDB-2019-009956
Trust: 0.8
db:CNNVDid:CNNVD-201909-1310
Trust: 0.7
db:VULHUBid:VHN-155182
Trust: 0.1
sources:
            
            
            VULHUB: VHN-155182 // 
            
            
            
            JVNDB: JVNDB-2019-009956 // 
            
            
            
            CNNVD: CNNVD-201909-1310 // 
            
            
            
            NVD: CVE-2019-3747

REFERENCES
url:https://www.dell.com/support/security/en-us/details/536363/dsa-2019-112-dell-emc-integrated-data-protection-appliance-multiple-vulnerabilities
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-3747
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3747
Trust: 0.8
sources:
            
            
            VULHUB: VHN-155182 // 
            
            
            
            JVNDB: JVNDB-2019-009956 // 
            
            
            
            CNNVD: CNNVD-201909-1310 // 
            
            
            
            NVD: CVE-2019-3747

SOURCES
db:VULHUBid:VHN-155182
db:JVNDBid:JVNDB-2019-009956
db:CNNVDid:CNNVD-201909-1310
db:NVDid:CVE-2019-3747

LAST UPDATE DATE
2024-11-23T23:01:42.001000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-155182date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2019-009956date:2019-10-02T00:00:00
db:CNNVDid:CNNVD-201909-1310date:2019-10-17T00:00:00
db:NVDid:CVE-2019-3747date:2024-11-21T04:42:27.437

SOURCES RELEASE DATE
db:VULHUBid:VHN-155182date:2019-09-27T00:00:00
db:JVNDBid:JVNDB-2019-009956date:2019-10-02T00:00:00
db:CNNVDid:CNNVD-201909-1310date:2019-09-27T00:00:00
db:NVDid:CVE-2019-3747date:2019-09-27T21:15:10.207