N/A

Dell Unity, versions prior to 5.4, contain a vulnerability whereby log messages can be spoofed by an authenticated attacker. An attacker could exploit this vulnerability to forge log entries, create false alarms, and inject malicious content into logs that compromise logs integrity. A malicious attacker could also prevent the product from logging information while malicious actions are performed or implicate an arbitrary user for malicious activities.

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

日志输出的转义处理不恰当

Dell Unity 安全漏洞

Dell Unity是美国戴尔（Dell）公司的一套虚拟Unity存储环境。 Dell Unity 5.4之前版本存在安全漏洞，该漏洞源于日志消息可能会被经过身份验证的攻击者欺骗，攻击者可以利用此漏洞伪造日志条目、创建虚假警报以及将恶意内容注入到日志中，从而损害日志完整性。

N/A

N/A