CVE-2018-11067

Опубликовано: 26 нояб. 2018

Источник: nvd

CVSS3: 6.1

CVSS2: 5.8

EPSS Низкий

Описание

Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain an open redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites.

Ссылки

http://www.securityfocus.com/bid/105969
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1042153
Third Party Advisory
VDB Entry
https://seclists.org/fulldisclosure/2018/Nov/49
Mailing List
Third Party Advisory
https://www.vmware.com/security/advisories/VMSA-2018-0029.html
Patch
Third Party Advisory
http://www.securityfocus.com/bid/105969
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1042153
Third Party Advisory
VDB Entry
https://seclists.org/fulldisclosure/2018/Nov/49
Mailing List
Third Party Advisory
https://www.vmware.com/security/advisories/VMSA-2018-0029.html
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:dell:emc_avamar:7.2.0:*:*:*:*:*:*:*

cpe:2.3:a:dell:emc_avamar:7.2.1:*:*:*:*:*:*:*

cpe:2.3:a:dell:emc_avamar:7.3.0:*:*:*:*:*:*:*

cpe:2.3:a:dell:emc_avamar:7.3.1:*:*:*:*:*:*:*

cpe:2.3:a:dell:emc_avamar:7.4.0:*:*:*:*:*:*:*

cpe:2.3:a:dell:emc_avamar:7.4.1:*:*:*:*:*:*:*

cpe:2.3:a:dell:emc_avamar:7.5.0:*:*:*:*:*:*:*

cpe:2.3:a:dell:emc_avamar:7.5.1:*:*:*:*:*:*:*

cpe:2.3:a:dell:emc_avamar:18.1:*:*:*:*:*:*:*

cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.0:*:*:*:*:*:*:*

cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.1:*:*:*:*:*:*:*

cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.2:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:a:vmware:vsphere_data_protection:6.0.0:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vsphere_data_protection:6.0.1:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vsphere_data_protection:6.0.2:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vsphere_data_protection:6.0.3:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vsphere_data_protection:6.0.4:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vsphere_data_protection:6.0.5:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vsphere_data_protection:6.0.6:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vsphere_data_protection:6.0.7:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vsphere_data_protection:6.0.8:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vsphere_data_protection:6.1.0:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vsphere_data_protection:6.1.1:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vsphere_data_protection:6.1.2:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vsphere_data_protection:6.1.3:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vsphere_data_protection:6.1.4:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vsphere_data_protection:6.1.5:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vsphere_data_protection:6.1.6:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vsphere_data_protection:6.1.7:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vsphere_data_protection:6.1.8:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vsphere_data_protection:6.1.9:*:*:*:*:*:*:*

EPSS

Процентиль: 66%

0.00509

Низкий

6.1 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-601

Связанные уязвимости

GHSA-56qv-9p9c-2q4v

CVSS3: 6.1

github

больше 3 лет назад

BDU:2019-00975

CVSS3: 6.1

fstec

около 7 лет назад

Уязвимость компонента EMC Avamar Client Manager системы резервного копирования Dell EMC Avamar Server, позволяющая нарушителю оказать воздействие на конфиденциальность и целостность защищаемой информации

EPSS

Процентиль: 66%

0.00509

Низкий

6.1 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-601