CVE-2019-9509 - Vulnerability Details

Vendors	Products
Vertiv	Avocent Umg-4000 Avocent Umg-4000 Firmware

Link	Providers
https://www.vertiv.com/en-us/support/software-download/it-management/avocent-universal-management-gateway-appliance--software-downloads/
https://www.vertiv.com/en-us/support/software-download/software/trellis-enterprise-and-quick-start-solutions-software-downloads/

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "Avocent UMG-4000", "vendor": "Vertiv", "versions": [{"status": "affected", "version": "4.2.1.19"}]}], "datePublic": "2019-04-12T00:00:00", "descriptions": [{"lang": "en", "value": "The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to reflected XSS in an HTTP POST parameter. The web application does not neutralize user-controllable input before displaying to users in a web page, which could allow a remote attacker authenticated with a user account to execute arbitrary code."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Cross-site Scripting (XSS)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-03-30T20:50:26", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.vertiv.com/en-us/support/software-download/it-management/avocent-universal-management-gateway-appliance--software-downloads/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.vertiv.com/en-us/support/software-download/software/trellis-enterprise-and-quick-start-solutions-software-downloads/"}], "solutions": [{"lang": "en", "value": "Vertiv Avocent has released patches for these vulnerabilities. Trellis customers of the UMG running firmware v4.2.0.23 that are operating Trellis v5.0.2 through 5.0.6 and all Non-Trellis UMG customers should install the update patch found  https://www.vertiv.com/en-us/support/software-download/it-management/avocent-universal-management-gateway-appliance--software-downloads/ . Trellis users of the UMG that are operating Trellis v5.0.6 and later should install Universal Gateway firmware version 4.3.0.23 found https://www.vertiv.com/en-us/support/software-download/software/trellis-enterprise-and-quick-start-solutions-software-downloads/ ."}], "source": {"discovery": "UNKNOWN"}, "title": "The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to reflected cross site scripting", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@cert.org", "DATE_PUBLIC": "2019-04-12T00:00:00.000Z", "ID": "CVE-2019-9509", "STATE": "PUBLIC", "TITLE": "The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to reflected cross site scripting"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Avocent UMG-4000", "version": {"version_data": [{"version_affected": "=", "version_name": "4.2.1.19", "version_value": "4.2.1.19"}]}}]}, "vendor_name": "Vertiv"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to reflected XSS in an HTTP POST parameter. The web application does not neutralize user-controllable input before displaying to users in a web page, which could allow a remote attacker authenticated with a user account to execute arbitrary code."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-79 Cross-site Scripting (XSS)"}]}]}, "references": {"reference_data": [{"name": "https://www.vertiv.com/en-us/support/software-download/it-management/avocent-universal-management-gateway-appliance--software-downloads/", "refsource": "MISC", "url": "https://www.vertiv.com/en-us/support/software-download/it-management/avocent-universal-management-gateway-appliance--software-downloads/"}, {"name": "https://www.vertiv.com/en-us/support/software-download/software/trellis-enterprise-and-quick-start-solutions-software-downloads/", "refsource": "MISC", "url": "https://www.vertiv.com/en-us/support/software-download/software/trellis-enterprise-and-quick-start-solutions-software-downloads/"}]}, "solution": [{"lang": "en", "value": "Vertiv Avocent has released patches for these vulnerabilities. Trellis customers of the UMG running firmware v4.2.0.23 that are operating Trellis v5.0.2 through 5.0.6 and all Non-Trellis UMG customers should install the update patch found  https://www.vertiv.com/en-us/support/software-download/it-management/avocent-universal-management-gateway-appliance--software-downloads/ . Trellis users of the UMG that are operating Trellis v5.0.6 and later should install Universal Gateway firmware version 4.3.0.23 found https://www.vertiv.com/en-us/support/software-download/software/trellis-enterprise-and-quick-start-solutions-software-downloads/ ."}], "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T21:54:44.118Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.vertiv.com/en-us/support/software-download/it-management/avocent-universal-management-gateway-appliance--software-downloads/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.vertiv.com/en-us/support/software-download/software/trellis-enterprise-and-quick-start-solutions-software-downloads/"}]}]}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2019-9509", "datePublished": "2020-03-30T20:50:26.611183Z", "dateReserved": "2019-03-01T00:00:00", "dateUpdated": "2024-09-16T20:01:41.057Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : Avocent UMG-4000 (string)

vendor : Vertiv (string)

versions : [ »

0 : { »

status : affected (string)

version : 4.2.1.19 (string)

}

]

}

]

datePublic : 2019-04-12T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to reflected XSS in an HTTP POST parameter. The web application does not neutralize user-controllable input before displaying to users in a web page, which could allow a remote attacker authenticated with a user account to execute arbitrary code. (string)

}

]

metrics : [ »

0 : { »

cvssV3_1 : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : LOW (string)

baseScore : 6.3 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : LOW (string)

integrityImpact : LOW (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L (string)

version : 3.1 (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

cweId : CWE-79 (string)

description : CWE-79 Cross-site Scripting (XSS) (string)

lang : en (string)

type : CWE (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2020-03-30T20:50:26 (string)

orgId : 37e5125f-f79b-445b-8fad-9564f167944b (string)

shortName : certcc (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://www.vertiv.com/en-us/support/software-download/it-management/avocent-universal-management-gateway-appliance--software-downloads/ (string)

}

1 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://www.vertiv.com/en-us/support/software-download/software/trellis-enterprise-and-quick-start-solutions-software-downloads/ (string)

}

]

solutions : [ »

0 : { »

lang : en (string)

value : Vertiv Avocent has released patches for these vulnerabilities. Trellis customers of the UMG running firmware v4.2.0.23 that are operating Trellis v5.0.2 through 5.0.6 and all Non-Trellis UMG customers should install the update patch found https://www.vertiv.com/en-us/support/software-download/it-management/avocent-universal-management-gateway-appliance--software-downloads/ . Trellis users of the UMG that are operating Trellis v5.0.6 and later should install Universal Gateway firmware version 4.3.0.23 found https://www.vertiv.com/en-us/support/software-download/software/trellis-enterprise-and-quick-start-solutions-software-downloads/ . (string)

}

]

source : { »

discovery : UNKNOWN (string)

}

title : The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to reflected cross site scripting (string)

x_generator : { »

engine : Vulnogram 0.0.9 (string)

}

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : cert@cert.org (string)

DATE_PUBLIC : 2019-04-12T00:00:00.000Z (string)

ID : CVE-2019-9509 (string)

STATE : PUBLIC (string)

TITLE : The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to reflected cross site scripting (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : Avocent UMG-4000 (string)

version : { »

version_data : [ »

0 : { »

version_affected : = (string)

version_name : 4.2.1.19 (string)

version_value : 4.2.1.19 (string)

}

]

}

]

}

vendor_name : Vertiv (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to reflected XSS in an HTTP POST parameter. The web application does not neutralize user-controllable input before displaying to users in a web page, which could allow a remote attacker authenticated with a user account to execute arbitrary code. (string)

}

]

}

generator : { »

engine : Vulnogram 0.0.9 (string)

}

impact : { »

cvss : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : LOW (string)

baseScore : 6.3 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : LOW (string)

integrityImpact : LOW (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L (string)

version : 3.1 (string)

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : CWE-79 Cross-site Scripting (XSS) (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://www.vertiv.com/en-us/support/software-download/it-management/avocent-universal-management-gateway-appliance--software-downloads/ (string)

refsource : MISC (string)

url : https://www.vertiv.com/en-us/support/software-download/it-management/avocent-universal-management-gateway-appliance--software-downloads/ (string)

}

1 : { »

name : https://www.vertiv.com/en-us/support/software-download/software/trellis-enterprise-and-quick-start-solutions-software-downloads/ (string)

refsource : MISC (string)

url : https://www.vertiv.com/en-us/support/software-download/software/trellis-enterprise-and-quick-start-solutions-software-downloads/ (string)

}

]

}

solution : [ »

0 : { »

lang : en (string)

value : Vertiv Avocent has released patches for these vulnerabilities. Trellis customers of the UMG running firmware v4.2.0.23 that are operating Trellis v5.0.2 through 5.0.6 and all Non-Trellis UMG customers should install the update patch found https://www.vertiv.com/en-us/support/software-download/it-management/avocent-universal-management-gateway-appliance--software-downloads/ . Trellis users of the UMG that are operating Trellis v5.0.6 and later should install Universal Gateway firmware version 4.3.0.23 found https://www.vertiv.com/en-us/support/software-download/software/trellis-enterprise-and-quick-start-solutions-software-downloads/ . (string)

}

]

source : { »

discovery : UNKNOWN (string)

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-04T21:54:44.118Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://www.vertiv.com/en-us/support/software-download/it-management/avocent-universal-management-gateway-appliance--software-downloads/ (string)

}

1 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://www.vertiv.com/en-us/support/software-download/software/trellis-enterprise-and-quick-start-solutions-software-downloads/ (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 37e5125f-f79b-445b-8fad-9564f167944b (string)

assignerShortName : certcc (string)

cveId : CVE-2019-9509 (string)

datePublished : 2020-03-30T20:50:26.611183Z (string)

dateReserved : 2019-03-01T00:00:00 (string)

dateUpdated : 2024-09-16T20:01:41.057Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:vertiv:avocent_umg-4000_firmware:4.2.1.19:*:*:*:*:*:*:*", "matchCriteriaId": "8B951ADA-5030-41BC-9DA6-278F571B3ADA", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:vertiv:avocent_umg-4000:-:*:*:*:*:*:*:*", "matchCriteriaId": "86B85E8E-24E1-462C-8FA7-4A7427D87243", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to reflected XSS in an HTTP POST parameter. The web application does not neutralize user-controllable input before displaying to users in a web page, which could allow a remote attacker authenticated with a user account to execute arbitrary code."}, {"lang": "es", "value": "La interfaz web del Vertiv Avocent UMG-4000 versi\u00f3n 4.2.1.19, es vulnerable a un ataque de tipo XSS reflejado en un par\u00e1metro HTTP POST. La aplicaci\u00f3n web no neutraliza la entrada controlable por el usuario antes de desplegarla a los usuarios en una p\u00e1gina web, lo que podr\u00eda permitir a un atacante remoto autenticado con una cuenta de usuario ejecutar c\u00f3digo arbitrario."}], "id": "CVE-2019-9509", "lastModified": "2024-11-21T04:51:45.677", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "cret@cert.org", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-03-30T22:15:14.367", "references": [{"source": "cret@cert.org", "tags": ["Vendor Advisory"], "url": "https://www.vertiv.com/en-us/support/software-download/it-management/avocent-universal-management-gateway-appliance--software-downloads/"}, {"source": "cret@cert.org", "tags": ["Vendor Advisory"], "url": "https://www.vertiv.com/en-us/support/software-download/software/trellis-enterprise-and-quick-start-solutions-software-downloads/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.vertiv.com/en-us/support/software-download/it-management/avocent-universal-management-gateway-appliance--software-downloads/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.vertiv.com/en-us/support/software-download/software/trellis-enterprise-and-quick-start-solutions-software-downloads/"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "cret@cert.org", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:vertiv:avocent_umg-4000_firmware:4.2.1.19:*:*:*:*:*:*:* (string)

matchCriteriaId : 8B951ADA-5030-41BC-9DA6-278F571B3ADA (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:vertiv:avocent_umg-4000:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 86B85E8E-24E1-462C-8FA7-4A7427D87243 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to reflected XSS in an HTTP POST parameter. The web application does not neutralize user-controllable input before displaying to users in a web page, which could allow a remote attacker authenticated with a user account to execute arbitrary code. (string)

}

1 : { »

lang : es (string)

value : La interfaz web del Vertiv Avocent UMG-4000 versión 4.2.1.19, es vulnerable a un ataque de tipo XSS reflejado en un parámetro HTTP POST. La aplicación web no neutraliza la entrada controlable por el usuario antes de desplegarla a los usuarios en una página web, lo que podría permitir a un atacante remoto autenticado con una cuenta de usuario ejecutar código arbitrario. (string)

}

]

id : CVE-2019-9509 (string)

lastModified : 2024-11-21T04:51:45.677 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : LOW (string)

cvssData : { »

accessComplexity : MEDIUM (string)

accessVector : NETWORK (string)

authentication : SINGLE (string)

availabilityImpact : NONE (string)

baseScore : 3.5 (number)

confidentialityImpact : NONE (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:M/Au:S/C:N/I:P/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 6.8 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : true (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : LOW (string)

baseScore : 6.3 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : LOW (string)

integrityImpact : LOW (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L (string)

version : 3.1 (string)

}

exploitabilityScore : 2.8 (number)

impactScore : 3.4 (number)

source : cret@cert.org (string)

type : Secondary (string)

}

1 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 5.4 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : LOW (string)

integrityImpact : LOW (string)

privilegesRequired : LOW (string)

scope : CHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N (string)

version : 3.1 (string)

}

exploitabilityScore : 2.3 (number)

impactScore : 2.7 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2020-03-30T22:15:14.367 (string)

references : [ »

0 : { »

source : cret@cert.org (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.vertiv.com/en-us/support/software-download/it-management/avocent-universal-management-gateway-appliance--software-downloads/ (string)

}

1 : { »

source : cret@cert.org (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.vertiv.com/en-us/support/software-download/software/trellis-enterprise-and-quick-start-solutions-software-downloads/ (string)

}

2 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.vertiv.com/en-us/support/software-download/it-management/avocent-universal-management-gateway-appliance--software-downloads/ (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.vertiv.com/en-us/support/software-download/software/trellis-enterprise-and-quick-start-solutions-software-downloads/ (string)

}

]

sourceIdentifier : cret@cert.org (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-79 (string)

}

]

source : cret@cert.org (string)

type : Secondary (string)

}

1 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-79 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object