|
| |
| Unisys ID: |
UIS-2021-1 |
| Status: |
Published |
| CVE-ID: |
CVE-2020-35542 |
| Affected Product: |
Data Exchange |
| Affected Version: |
5.0.34 and earlier versions |
| Impact: |
HIGH |
| CVSS v3.1 Base Score: |
7.6 |
| CVSS v3.1 Vector: |
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
v3 Calculator |
| CVSS v2.0 Base Score: |
7.4 |
| CVSS v2.0 Vector: |
AV:N/AC:L/Au:S/C:P/I:P/A:P
v2 Calculator |
| CVSS Temporal Score: |
7.3 |
| Common Weakness Enumeration (CWE):  |
79 |
| Common Platform Enumeration (CPE):  |
cpe:2.3:a:unisys:data_exchange:5.0.34:*:*:*:*:*:*:* |
| Source: |
Client Reported |
| Keyword(s): |
XSS, DEMS |
| Vulnerability Description: |
| Data Exchange Management Studio doesn't sanitize the input to a HTML document field which could be used for a cross-site scripting attack. |
| System Configuration: |
| Data Exchange 5.0 IC3 (5.0.34) and earlier versions |
| Impact of Exploiting Vulnerability: |
| Data Exchange Management Studio UI or internal database may be compromised resulting in non-functional Manager software. |
| Remediation Description: |
| Data Exchange 5.0 IC4 (5.0.41) sanitizes the input to a HTML document field and disallows the script input. |
| Workaround Information: |
| Not available. |
| References: |
| PLE 19299406 |
| Additional Vendor Comment: |
|