Allele Security Alert
ASA-2019-00339
Identifier(s)
ASA-2019-00339, CVE-2019-0130, INTEL-SA-00226
Title
Reflected Cross-Site Scripting (XSS) in web interface
Vendor(s)
Intel
Product(s)
Intel® Accelerated Storage Manager in Intel® RSTe
Affected version(s)
Intel® Accelerated Storage Manager in Intel® RSTe before version 5.5.0.2015
Fixed version(s)
Intel® Accelerated Storage Manager in Intel® RSTe version 5.5.0.2015 or later
Proof of concept
Unknown
Description
Reflected Cross-Site Scripting (XSS) in web interface for Intel Accelerated Storage Manager in Intel RSTe before version 5.5.0.2015 may allow an unauthenticated user to potentially enable denial of service via network access.
Technical details
Unknown
Credits
Marius Gabriel Mihai
Reference(s)
Intel® Accelerated Storage Manager in Intel® Rapid Storage Technology Enterprise Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00226.html
Intel® Virtual RAID on CPU (Intel® VROC) and Intel® Rapid Storage Technology enterprise (Intel® RSTe) Driver for Windows Server 2019*
https://downloadcenter.intel.com/download/28681
CVE-2019-0130
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0130
CVE-2019-0130
https://nvd.nist.gov/vuln/detail/CVE-2019-0130
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: June 13, 2019