Web application abuses : Multiple Vendor Products Security Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.103462

Categoría: Web application abuses

Título: Multiple Vendor Products Security Vulnerabilities

Resumen: Quantum Scalar i500, Dell ML6000, and IBM TS3310 are prone to following vulnerabilities:;; 1. An information disclosure vulnerability;; 2. A cross-site scripting vulnerability;; 3. A cross-site request-forgery vulnerability;; 4. A security bypass vulnerability

Descripción: Summary:
Quantum Scalar i500, Dell ML6000, and IBM TS3310 are prone to following vulnerabilities:

1. An information disclosure vulnerability

2. A cross-site scripting vulnerability

3. A cross-site request-forgery vulnerability

4. A security bypass vulnerability

Vulnerability Impact:
An attacker may leverage these issues to execute arbitrary script
code in the browser of an unsuspecting user in the context of the
affected site. This may let the attacker steal cookie-based
authentication credentials and launch other attacks. The information-
disclosure vulnerability can allow the attacker to obtain sensitive
information that may aid in launching further attacks.

Exploiting the cross-site request-forgery may allow a remote attacker
to perform certain administrative actions and gain unauthorized access
to the affected application. Other attacks are also possible.

Attackers can exploit a password weakness issue to bypass security
restrictions to obtain sensitive information or perform unauthorized
actions, this may aid in launching further attacks.

Solution:
Updates are available. Check the references.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2012-1841
CERT/CC vulnerability note: VU#913483
http://www.kb.cert.org/vuls/id/913483
http://www.kb.cert.org/vuls/id/MAPG-8NNKN8
http://www.kb.cert.org/vuls/id/MAPG-8NVRPY
http://osvdb.org/80226
http://secunia.com/advisories/48403
http://secunia.com/advisories/48453
Common Vulnerability Exposure (CVE) ID: CVE-2012-1842
http://osvdb.org/80225
http://osvdb.org/80239
Common Vulnerability Exposure (CVE) ID: CVE-2012-1844
http://www.kb.cert.org/vuls/id/MORO-8QNJLE
http://osvdb.org/80372
XForce ISS Database: scalar-default-account(74322)
https://exchange.xforce.ibmcloud.com/vulnerabilities/74322

Copyright Copyright (C) 2012 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.103462
Categoría:	Web application abuses
Título:	Multiple Vendor Products Security Vulnerabilities
Resumen:	Quantum Scalar i500, Dell ML6000, and IBM TS3310 are prone to following vulnerabilities:;; 1. An information disclosure vulnerability;; 2. A cross-site scripting vulnerability;; 3. A cross-site request-forgery vulnerability;; 4. A security bypass vulnerability
Descripción:	Summary: Quantum Scalar i500, Dell ML6000, and IBM TS3310 are prone to following vulnerabilities: 1. An information disclosure vulnerability 2. A cross-site scripting vulnerability 3. A cross-site request-forgery vulnerability 4. A security bypass vulnerability Vulnerability Impact: An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks. The information- disclosure vulnerability can allow the attacker to obtain sensitive information that may aid in launching further attacks. Exploiting the cross-site request-forgery may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application. Other attacks are also possible. Attackers can exploit a password weakness issue to bypass security restrictions to obtain sensitive information or perform unauthorized actions, this may aid in launching further attacks. Solution: Updates are available. Check the references. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-1841 CERT/CC vulnerability note: VU#913483 http://www.kb.cert.org/vuls/id/913483 http://www.kb.cert.org/vuls/id/MAPG-8NNKN8 http://www.kb.cert.org/vuls/id/MAPG-8NVRPY http://osvdb.org/80226 http://secunia.com/advisories/48403 http://secunia.com/advisories/48453 Common Vulnerability Exposure (CVE) ID: CVE-2012-1842 http://osvdb.org/80225 http://osvdb.org/80239 Common Vulnerability Exposure (CVE) ID: CVE-2012-1844 http://www.kb.cert.org/vuls/id/MORO-8QNJLE http://osvdb.org/80372 XForce ISS Database: scalar-default-account(74322) https://exchange.xforce.ibmcloud.com/vulnerabilities/74322
Copyright	Copyright (C) 2012 Greenbone AG