Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Dell EMC PowerFlex, v3.5.x contain a Cross-Site WebSocket Hijacking Vulnerability in the Presentation Server/WebUI. An unauthenticated attacker could potentially exploit this vulnerability by tricking the user into performing unwanted actions on the Presentation Server and perform which may lead to configuration changes.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Vulnerability Type
对数据真实性的验证不充分
Vulnerability Title
Dell EMC PowerFlex数据伪造问题漏洞
Vulnerability Description
DELL Dell EMC PowerFlex是美国戴尔(DELL)公司的一个应用软件。提供极高的灵活性和可扩展性,以及企业级性能和弹性,同时简化基础设施的管理和操作。 Dell EMC PowerFlex 中存在数据伪造问题漏洞,该漏洞源于产品的 websocket 中的 Presentation Server/WebUI 未对用户身份做有效验证,攻击者可通过该漏洞劫持Websocket欺骗用户执行不必要的操作,并可能导致配置文件更改。以下产品及版本受到影响:Dell EMC PowerFlex v3.
CVSS Information
N/A
Vulnerability Type
N/A