Vulnerability Note VU#558132
Dell OpenManage Server Administrator contains a cross-site scripting vulnerability
Overview
Dell OpenManage Server Administrator version 7.1 and earlier contains a cross-site scripting vulnerability.
Description
Dell OpenManage Server Administrator version 7.1 and earlier contains a cross-site scripting vulnerability (CWE-79). |
Impact
A remote attacker may be able to execute arbitrary script in the context of the end-user's browser session. |
Solution
Apply an Update Users should download the appropriate patch for the version of OpenManage they have installed. |
Restrict Access |
Vendor Information (Learn More)
| Vendor | Status | Date Notified | Date Updated |
|---|---|---|---|
| Dell Computer Corporation, Inc. | Affected | - | 14 Nov 2012 |
CVSS Metrics (Learn More)
| Group | Score | Vector |
|---|---|---|
| Base | 5.0 | AV:N/AC:L/Au:N/C:N/I:P/A:N |
| Temporal | 3.9 | E:POC/RL:OF/RC:C |
| Environmental | 2.9 | CDP:ND/TD:M/CR:ND/IR:ND/AR:ND |
References
- http://cwe.mitre.org/data/definitions/79.html
- http://www.dell.com/support/drivers/us/en/19/DriverDetails/Product/poweredge-r710?driverId=5JDN0&osCode=WNET&fileId=3082293694
- http://www.dell.com/support/drivers/us/en/19/DriverDetails/Product/poweredge-r710?driverId=PCXMR&osCode=WNET&fileId=3082295344
- http://www.dell.com/support/drivers/us/en/19/DriverDetails/Product/poweredge-r710?driverId=JJMWP&osCode=WNET&fileId=3082295338
Credit
Thanks to David Ferrest and Dell for reporting this vulnerability.
This document was written by Jared Allar.
Other Information
- CVE IDs: CVE-2012-4955
- Date Public: 31 Oct 2012
- Date First Published: 14 Nov 2012
- Date Last Updated: 14 Nov 2012
- Document Revision: 10
Feedback
If you have feedback, comments, or additional information about this vulnerability, please send us email.
View Notes By
Report a Vulnerability
Please use the Vulnerability Reporting Form to report a vulnerability. Alternatively, you can send us email. Be sure to read our vulnerability disclosure policy.