RSS   Vulnerabilities for
'Emc integrated data protection appliance firmware'
   RSS

2019-09-27
 
CVE-2019-3747

CWE-79
 

 
Dell EMC Integrated Data Protection Appliance versions prior to 2.3 contain a stored cross-site scripting vulnerability. A remote malicious ACM admin user may potentially exploit this vulnerability to store malicious HTML or JavaScript code in Cloud DR add-on specific field. When victim users access the page through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application.

 
 
CVE-2019-3746

CWE-307
 

 
Dell EMC Integrated Data Protection Appliance versions prior to 2.3 do not limit the number of authentication attempts to the ACM API. An authenticated remote user may exploit this vulnerability to launch a brute-force authentication attack in order to gain access to the system.

 
 
CVE-2019-3736

CWE-522
 

 
Dell EMC Integrated Data Protection Appliance versions prior to 2.3 contain a password storage vulnerability in the ACM component. A remote authenticated malicious user with root privileges may potentially use a support tool to decrypt encrypted passwords stored locally on the system to use it to access other components using the privileges of the compromised user.

 

 >>> Vendor: DELL 148 Products
Openmanage
Truemobile 1300 wlan mini-pci card util trayapplet
Truemobile 2300 wireless broadband router
3000cn
3010cn
3100cn
3110cn
5100cn
5110cn
Openmanage cd
Remote access card
Dellsystemlite.scanner activex control
Kace k2000 systems deployment appliance
Powervault ml6000 firmware
Powervault ml6000
Powervault ml6010
Powervault ml6020
Powervault ml6030
Wyse device manager
Sonicwall scrutinizer
Sonicwall scrutinizer with flow analytics module
Crowbar
Sonicwall viewpoint
Openmanage server administrator
Powerconnect 6248p
Idrac6 bmc
Idrac6 firmware
Latitude d
Latitude e
Latitude xt2
Latitude z600
Precision m
Latitude d530
Latitude d531
Latitude d630
Latitude d631
Latitude d830
Latitude e4200
Latitude e4300
Latitude e5400
Latitude e5500
Latitude e6400
Latitude e6400 atg
Latitude e6400 atg xfr
Latitude e6500
Precision m2300
Precision m2400
Precision m4300
Precision m4400
Precision m6300
Precision m6400
Precision m6500
Idrac6 monolithic
Idrac7
Idrac7 firmware
Quest one password manager
Sonicwall analyzer
Sonicwall global management system
Sonicwall universal management appliance e5000 software
Sonicwall universal management appliance e5000
Powerconnect 3348
Powerconnect 3524p
Powerconnect 5324
Kace k1000 systems management appliance software
Kace k1000 systems management virtual appliance
Kace k1000 systems management appliance
Kace k1100s systems management appliance
Kace k1200s systems management appliance
Sonicwall network security appliance 2400
Sonicwall email security
Sonicwall umaem5000
Equallogic ps4000 firmware
Idrac6 modular
Asset manager
Sonicwall sonicos
Sonicwall secure remote access firmware
Sonicwall umaem5000 firmware
Netvault backup
BIOS
Sonicwall netextender firmware
Sonicwall totalsecure tz 100 firmware
Pre-boot authentication driver
Sonicwall uma em5000 firmware
Secureworks
Km714 firmware
Km632 firmware
Idrac8 firmware
Sonicwall secure remote access server
Integrated remote access controller firmware
Storage manager 2016
Emc supportassist enterprise
Emc vmax embedded management
Emc isilon
Emc isilon onefs
Emc networker
Emc avamar
Emc integrated data protection appliance
Emc vipr srm
Emc vmax enas
Emc vnx1 operating environment
See all Products for Vendor DELL


Copyright 2020, cxsecurity.com

 

Back to Top