[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
ESA-2016-127: EMC ViPR SRM Stored Cross-Site Scripting Vulnerability
- To: "'bugtraq@xxxxxxxxxxxxxxxxx'" <bugtraq@xxxxxxxxxxxxxxxxx>, "DM@xxxxxxxxxxxxxxxxx" <DM@xxxxxxxxxxxxxxxxx>
- Subject: ESA-2016-127: EMC ViPR SRM Stored Cross-Site Scripting Vulnerability
- From: EMC Product Security Response Center <Security_Alert@xxxxxxx>
- Date: Tue, 27 Sep 2016 14:33:25 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
EMC Identifier: ESA-2016-127
CVE Identifier: CVE-2016-6647
Severity Rating: CVSS v3 Base Score: 7.6 (AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N)
Affected products:
EMC ViPR SRM versions prior to 4.0.1
Summary:
EMC ViPR SRM 4.0.1 contains a fix for a stored cross-site scripting
vulnerability that could potentially be exploited by malicious users to
compromise the affected system.
Details:
EMC ViPR SRM is affected by a stored cross-site scripting vulnerability.
Attackers could potentially exploit this vulnerability to execute arbitrary
HTML or JavaScript code in the user?s browser session in the context of the
affected ViPR SRM application.
Resolution:
The following EMC ViPR SRM release contains a fix for this vulnerability:
? EMC ViPR SRM version 4.0.1
EMC recommends all customers upgrade at the earliest opportunity.
Link to remedies:
Registered EMC ViPR SRM customers can download upgraded software from
support.emc.com at https://support.emc.com/downloads/34247_ViPR-SRM.
Credit:
EMC would like to thank Eric Flokstra of Outpost24 for reporting this
vulnerability
[The following is standard text included in all security advisories. Please do
not change or delete.]
Read and use the information in this EMC Security Advisory to assist in
avoiding any situation that might arise from the problems described herein. If
you have any questions regarding this product alert, contact EMC Software
Technical Support at 1-877-534-2867.
For an explanation of Severity Ratings, refer to EMC Knowledgebase solution
emc218831. EMC recommends all customers take into account both the base score
and any relevant temporal and environmental scores which may impact the
potential severity associated with particular security vulnerability.
EMC recommends that all users determine the applicability of this information
to their individual situations and take appropriate action. The information set
forth herein is provided "as is" without warranty of any kind. EMC disclaims
all warranties, either express or implied, including the warranties of
merchantability, fitness for a particular purpose, title and non-infringement.
In no event, shall EMC or its suppliers, be liable for any damages whatsoever
including direct, indirect, incidental, consequential, loss of business profits
or special damages, even if EMC or its suppliers have been advised of the
possibility of such damages. Some states do not allow the exclusion or
limitation of liability for consequential or incidental damages, so the
foregoing limitation may not apply.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJX6oKlAAoJEHbcu+fsE81ZRWEH/RogpENHhw8fZk5R1qlzGNdt
vMCVuELVgbIxHgWaM97s3r8KiGCpBL2H9S7vGpE5A1cZfEziOpoQEoDPFeJrmGhn
s/9SVEXT8lRrCO8YvDm1159UuQZJ4GCyuPlqEstxNZ0pJUzZTiQDPlxKDJv2tFKo
ZWm+JpBUFldPEdgJSF6BhxljRhEicCMiQPZYwhbv+v+92Jt/ORcGIqsp9V7OJB2q
YaDsnWLClEe0e7Y3Sz1rWEDJYAHulnnipR5HGEjOIhYVOA2DAP+BfefiFtbmeBg0
WD2U9/fpDbO5Tj++SSMaaTSG3WUf2VKKYArt/BAPdcIDOVY0/JfgMtT7J8JbLEE=
=74yL
-----END PGP SIGNATURE-----