MEDIUM✓ PATCH🇵🇱 Wersja polska

CVE-2019-1975

CVSS 6.1v3.1pub. 2019-09-18upd. 2024-11-21

A vulnerability in the web-based interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to execute a cross-frame scripting (XFS) attack on an affected device. This vulnerability is due to insufficient HTML iframe protection. An attacker could exploit this vulnerability by directing a user to an attacker-controlled web page that contains a malicious HTML iframe. A successful exploit could allow the attacker to conduct clickjacking or other clientside browser attacks.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
  • Cisco Hyperflex Hx220c Af M5

    HW
    Cisco
    wszystkie wersje
  • Cisco Hyperflex Hx220c Af M5 Firmware

    OS
    Cisco
    4.0\(1a\)≤ 3.5.2f
  • Cisco Hyperflex Hx220c Edge M5

    HW
    Cisco
    wszystkie wersje
  • Cisco Hyperflex Hx220c Edge M5 Firmware

    OS
    Cisco
    4.0\(1a\)≤ 3.5.2f
  • Cisco Hyperflex Hx220c M5

    HW
    Cisco
    wszystkie wersje
  • Cisco Hyperflex Hx220c M5 Firmware

    OS
    Cisco
    4.0\(1a\)≤ 3.5.2f
  • Cisco Hyperflex Hx240c Af M5

    HW
    Cisco
    wszystkie wersje
  • Cisco Hyperflex Hx240c Af M5 Firmware

    OS
    Cisco
    4.0\(1a\)≤ 3.5.2f
  • Cisco Hyperflex Hx240c M5

    HW
    Cisco
    wszystkie wersje
  • Cisco Hyperflex Hx240c M5 Firmware

    OS
    Cisco
    4.0\(1a\)≤ 3.5.2f
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2021-1497CRITICAL9.8⚠ KEVten sam produkt

Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenti...

CVE-2021-1498CRITICAL9.8⚠ KEVten sam produkt

Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenti...

CVE-2019-12621HIGH7.4ten sam produkt

A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote attacker to perform a man-i...

CVE-2021-1499MEDIUM5.3ten sam produkt

A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unaut...

CVE-2019-12620MEDIUM5.3ten sam produkt

A vulnerability in the statistics collection service of Cisco HyperFlex Software could allow an unauthenticate...