CVE-2018-11067

Published Nov 26, 2018

Last updated 4 days ago

CVSS medium 6.1

Overview

Description: Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain an open redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites.
Source: security_alert@emc.com
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 6.1
Impact score: 2.7
Exploitability score: 2.8
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 5.8
Impact score: 4.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-601

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:dell:emc_avamar:7.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4D9FD281-DB86-4D2D-BC19-CE2453709121"
          },
          {
            "criteria": "cpe:2.3:a:dell:emc_avamar:7.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AA20E0E8-6812-4416-93AA-E59B693FCFC6"
          },
          {
            "criteria": "cpe:2.3:a:dell:emc_avamar:7.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "066595A8-C9EC-4ED3-AE76-A778F226B61E"
          },
          {
            "criteria": "cpe:2.3:a:dell:emc_avamar:7.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DBA338A4-140B-4C5E-9D58-C17163EBE629"
          },
          {
            "criteria": "cpe:2.3:a:dell:emc_avamar:7.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "490F94D4-CD84-418F-BCF3-A5FF2F98BEAA"
          },
          {
            "criteria": "cpe:2.3:a:dell:emc_avamar:7.4.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "81FAAFDD-6A1B-44DE-92CB-B60D24397FED"
          },
          {
            "criteria": "cpe:2.3:a:dell:emc_avamar:7.5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8EA6C66A-CD8D-4829-891D-64FF533F3780"
          },
          {
            "criteria": "cpe:2.3:a:dell:emc_avamar:7.5.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3B634FEE-123C-413B-8D06-7D9E4AE0995B"
          },
          {
            "criteria": "cpe:2.3:a:dell:emc_avamar:18.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9022A46B-7D49-492A-8DC4-CBA9C2001497"
          },
          {
            "criteria": "cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8C4D195D-C047-42E9-9885-0464642EC6EC"
          },
          {
            "criteria": "cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "76D6282D-ABA7-4972-8E13-2A625F13CF53"
          },
          {
            "criteria": "cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "06E2AD30-A9F5-453C-BC38-2A35DD39FA85"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FBA48F5F-3B72-427E-9C9A-E5C3EC03A5F8"
          },
          {
            "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5AF32F55-AE25-4F52-B043-1C2623344F1A"
          },
          {
            "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B8FEBFF6-CEF2-4A8E-BA29-3F383D6DF436"
          },
          {
            "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BEC123DA-FBC3-4075-B4C0-A5295A6965A1"
          },
          {
            "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4D8E9053-F846-48A5-93D7-35D0665D4038"
          },
          {
            "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "561D7F05-3074-44E8-A9C9-11CF1B8FFF49"
          },
          {
            "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BF81991D-6B69-4849-86B3-3A35CCB4B4E5"
          },
          {
            "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F9DE2E06-EAF2-401B-A775-44EF23D17691"
          },
          {
            "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "12DE5F53-7FEC-4EF0-9841-C8493AE25E0B"
          },
          {
            "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0D7E39A9-BE37-4848-BAD2-7F97D04F0D7C"
          },
          {
            "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7A908399-8C17-46B6-B554-77F588C2BF42"
          },
          {
            "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FC8AFC55-915D-46AC-80DA-E100F4CFFD64"
          },
          {
            "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E2B9A334-69EB-4E88-A446-18A1B0C669B2"
          },
          {
            "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0D94A218-4CA0-46EA-BA44-24E90037222D"
          },
          {
            "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AC527586-5680-4626-95D4-28EF84439DDA"
          },
          {
            "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F1476A3A-9BD3-4DF5-8290-CC32AFFA122C"
          },
          {
            "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0F946694-A52E-46C9-A4C7-663B5EE01138"
          },
          {
            "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D006B093-4DEB-4911-995C-744B3189D46D"
          },
          {
            "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "664DCBF4-0C41-4B68-B983-4E16933BA269"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References