CVE-2018-11064
https://notcve.org/view.php?id=CVE-2018-11064
Dell EMC Unity OE versions 4.3.0.x and 4.3.1.x and UnityVSA OE versions 4.3.0.x and 4.3.1.x contains an Incorrect File Permissions vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability to alter multiple library files in service tools that might result in arbitrary code execution with elevated privileges. No user file systems are directly affected by this vulnerability. Dell EMC Unity OE en versiones 4.3.0.x y 4.3.1.x y UnityVSA OE en versiones 4.3.0.x y 4.3.1.x contienen una vulnerabilidad de permisos de archivo incorrectos. Un usuario malicioso autenticado localmente podría explotar esta vulnerabilidad para alterar múltiples archivos en las herramientas del servicio, lo que podría resultar en la ejecución de código arbitrario con privilegios elevados. • http://www.securityfocus.com/bid/105447 https://seclists.org/fulldisclosure/2018/Sep/55 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2018-1246
https://notcve.org/view.php?id=CVE-2018-1246
Dell EMC Unity and UnityVSA contains reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or Java Script code to Unisphere, which is then reflected back to the victim and executed by the web browser. Dell EMC Unity y UnityVSA contiene una vulnerabilidad de Cross-Site Scripting (XSS) reflejado. Un atacante remoto no autenticado podría explotar esta vulnerabilidad engañando a un usuario de una aplicación víctima para que proporcione código HTML o JavaScript malicioso a Unisphere, que se devuelve a la víctima y es ejecutado por el navegador web. • https://seclists.org/fulldisclosure/2018/Sep/30 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-1251
https://notcve.org/view.php?id=CVE-2018-1251
Dell EMC Unity and UnityVSA versions prior to 4.3.1.1525703027 contains a URL Redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect Unity users to arbitrary web URLs by tricking the victim user to click on a maliciously crafted Unisphere URL. Attacker could potentially phish information, including Unisphere users' credentials, from the victim once they are redirected. Dell EMC Unity y UnityVSA en versiones anteriores a la 4.3.1.1525703027 contiene una vulnerabilidad de redirección de URL. Un atacante remoto no autenticado podría explotar esta vulnerabilidad para redirigir a los usuarios de Unity a URL web arbitrarias engañando a la víctima para que haga clic en una URL de Unisphere maliciosamente manipulada. • https://seclists.org/fulldisclosure/2018/Sep/30 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2018-1250
https://notcve.org/view.php?id=CVE-2018-1250
Dell EMC Unity and UnityVSA versions prior to 4.3.1.1525703027 contains an Authorization Bypass vulnerability. A remote authenticated user could potentially exploit this vulnerability to read files in NAS server by directly interacting with certain APIs of Unity OE, bypassing Role-Based Authorization control implemented only in Unisphere GUI. Dell EMC Unity y UnityVSA en versiones anteriores a la 4.3.1.1525703027 contiene una vulnerabilidad de omisión de autenticación. Un usuario autenticado remoto podría explotar esta vulnerabilidad para leer archivos en el servidor NAS interactuando directamente con ciertas API de Unity OE, omitiendo el control de autorización basado en roles implementado solo en la interfaz gráfica de usuario de Unisphere. • https://seclists.org/fulldisclosure/2018/Sep/30 • CWE-863: Incorrect Authorization •
CVE-2018-1239
https://notcve.org/view.php?id=CVE-2018-1239
Dell EMC Unity Operating Environment (OE) versions prior to 4.3.0.1522077968 are affected by multiple OS command injection vulnerabilities. A remote application admin user could potentially exploit the vulnerabilities to execute arbitrary OS commands as system root on the system where Dell EMC Unity is installed. Dell EMC Unity Operating Environment (OE) en versiones anteriores a la 4.3.0.1522077968 se ve afectado por múltiples vulnerabilidades de inyección de comandos de sistema operativo. Un usuario de administración de la aplicación remoto podría explotar las vulnerabilidades para ejecutar comandos arbitrarios del sistema operativo como root del sistema en el sistema en el que esté instalado Dell EMC Unity. • http://seclists.org/fulldisclosure/2018/May/15 http://www.securityfocus.com/bid/104092 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •