CVE-2025-21104

Опубликовано: 13 мар. 2025

Источник: nvd

CVSS3: 4.3

CVSS3: 6.5

EPSS Низкий

Описание

Dell NetWorker, versions prior to 19.12.0.1 and versions prior to 19.11.0.4, contain(s) an Open Redirect Vulnerability in NMC. An unauthenticated attacker with remoter access could potentially exploit this vulnerability, leading to a targeted application user being redirected to arbitrary web URLs. The vulnerability could be leveraged by attackers to conduct phishing attacks that cause users to divulge sensitive information.

Ссылки

https://www.dell.com/support/kbdoc/en-us/000294392/dsa-2025-124-security-update-for-dell-networker-management-console-for-http-host-header-injection-vulnerability
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:dell:networker:*:*:*:*:*:*:*:*

Версия до 19.11.0.4 (исключая)

cpe:2.3:a:dell:networker:19.12:*:*:*:*:*:*:*

EPSS

Процентиль: 39%

0.00175

Низкий

4.3 Medium

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-601

Связанные уязвимости

GHSA-5c7g-5xj5-gpx3

CVSS3: 4.3

github

11 месяцев назад

Dell NetWorker, 19.11.0.3 and below versions, contain(s) an Open Redirect Vulnerability in NMC. An unauthenticated attacker with remoter access could potentially exploit this vulnerability, leading to a targeted application user being redirected to arbitrary web URLs. The vulnerability could be leveraged by attackers to conduct phishing attacks that cause users to divulge sensitive information.

BDU:2025-07191

CVSS3: 4.3

fstec

11 месяцев назад

Уязвимость консоли управления NetWorker Management Console, связанная с переадресацией URL на ненадежный сайт, позволяющая нарушителю раскрыть защищаемую информацию

EPSS

Процентиль: 39%

0.00175

Низкий

4.3 Medium

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-601