CVE-2023-43071

Summary

Dell SmartFabric Storage Software v1.4 (and earlier) contains possible vulnerabilities for HTML injection or CVS formula injection which might escalate to cross-site scripting attacks in HTML pages in the GUI. A remote authenticated attacker could potentially exploit these issues, leading to various injection type attacks.

Affected Software

VendorProductVersion RangeStatus
DellDell SmartFabric Storage Softwarev1.4.0 and prioraffected

Weaknesses

  • CWE-1236: CWE-1236: Improper Neutralization of Formula Elements in a CSV File

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References