CVE-2018-11067
Dell EMC Avamar and Integrated Data Protection Appliance Open Redirection Vulnerability
Severity Score
6.1
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain an open redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites.
Dell EMC Avamar Client Manager, en las versiones 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 y 18.1 de Dell EMC Avamar Server y las 2.0, 2.1 y 2.2 de Dell EMC Integrated Data Protection Appliance (IDPA) tienen una vulnerabilidad de redirección abierta. Un atacante remoto no autenticado podría explotar esta vulnerabilidad para redirigir los usuarios de la aplicación a URL de páginas web arbitrarias, engañándolos para que hagan clic en enlaces maliciosamente manipulados. Se podría usar esta vulnerabilidad para realizar ataques de phishing que provoquen que los usuarios visiten sitios web maliciosos sin querer.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-05-14 CVE Reserved
- 2018-11-20 CVE Published
- 2024-04-12 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/105969 | Third Party Advisory | |
| http://www.securitytracker.com/id/1042153 | Third Party Advisory | |
| https://seclists.org/fulldisclosure/2018/Nov/49 | Mailing List |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.vmware.com/security/advisories/VMSA-2018-0029.html | 2019-01-02 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Dell Search vendor "Dell" | Emc Avamar Search vendor "Dell" for product "Emc Avamar" | 7.2.0 Search vendor "Dell" for product "Emc Avamar" and version "7.2.0" | - |
Affected
| ||||||
| Dell Search vendor "Dell" | Emc Avamar Search vendor "Dell" for product "Emc Avamar" | 7.2.1 Search vendor "Dell" for product "Emc Avamar" and version "7.2.1" | - |
Affected
| ||||||
| Dell Search vendor "Dell" | Emc Avamar Search vendor "Dell" for product "Emc Avamar" | 7.3.0 Search vendor "Dell" for product "Emc Avamar" and version "7.3.0" | - |
Affected
| ||||||
| Dell Search vendor "Dell" | Emc Avamar Search vendor "Dell" for product "Emc Avamar" | 7.3.1 Search vendor "Dell" for product "Emc Avamar" and version "7.3.1" | - |
Affected
| ||||||
| Dell Search vendor "Dell" | Emc Avamar Search vendor "Dell" for product "Emc Avamar" | 7.4.0 Search vendor "Dell" for product "Emc Avamar" and version "7.4.0" | - |
Affected
| ||||||
| Dell Search vendor "Dell" | Emc Avamar Search vendor "Dell" for product "Emc Avamar" | 7.4.1 Search vendor "Dell" for product "Emc Avamar" and version "7.4.1" | - |
Affected
| ||||||
| Dell Search vendor "Dell" | Emc Avamar Search vendor "Dell" for product "Emc Avamar" | 7.5.0 Search vendor "Dell" for product "Emc Avamar" and version "7.5.0" | - |
Affected
| ||||||
| Dell Search vendor "Dell" | Emc Avamar Search vendor "Dell" for product "Emc Avamar" | 7.5.1 Search vendor "Dell" for product "Emc Avamar" and version "7.5.1" | - |
Affected
| ||||||
| Dell Search vendor "Dell" | Emc Avamar Search vendor "Dell" for product "Emc Avamar" | 18.1 Search vendor "Dell" for product "Emc Avamar" and version "18.1" | - |
Affected
| ||||||
| Dell Search vendor "Dell" | Emc Integrated Data Protection Appliance Search vendor "Dell" for product "Emc Integrated Data Protection Appliance" | 2.0 Search vendor "Dell" for product "Emc Integrated Data Protection Appliance" and version "2.0" | - |
Affected
| ||||||
| Dell Search vendor "Dell" | Emc Integrated Data Protection Appliance Search vendor "Dell" for product "Emc Integrated Data Protection Appliance" | 2.1 Search vendor "Dell" for product "Emc Integrated Data Protection Appliance" and version "2.1" | - |
Affected
| ||||||
| Dell Search vendor "Dell" | Emc Integrated Data Protection Appliance Search vendor "Dell" for product "Emc Integrated Data Protection Appliance" | 2.2 Search vendor "Dell" for product "Emc Integrated Data Protection Appliance" and version "2.2" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Data Protection Search vendor "Vmware" for product "Vsphere Data Protection" | 6.0.0 Search vendor "Vmware" for product "Vsphere Data Protection" and version "6.0.0" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Data Protection Search vendor "Vmware" for product "Vsphere Data Protection" | 6.0.1 Search vendor "Vmware" for product "Vsphere Data Protection" and version "6.0.1" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Data Protection Search vendor "Vmware" for product "Vsphere Data Protection" | 6.0.2 Search vendor "Vmware" for product "Vsphere Data Protection" and version "6.0.2" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Data Protection Search vendor "Vmware" for product "Vsphere Data Protection" | 6.0.3 Search vendor "Vmware" for product "Vsphere Data Protection" and version "6.0.3" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Data Protection Search vendor "Vmware" for product "Vsphere Data Protection" | 6.0.4 Search vendor "Vmware" for product "Vsphere Data Protection" and version "6.0.4" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Data Protection Search vendor "Vmware" for product "Vsphere Data Protection" | 6.0.5 Search vendor "Vmware" for product "Vsphere Data Protection" and version "6.0.5" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Data Protection Search vendor "Vmware" for product "Vsphere Data Protection" | 6.0.6 Search vendor "Vmware" for product "Vsphere Data Protection" and version "6.0.6" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Data Protection Search vendor "Vmware" for product "Vsphere Data Protection" | 6.0.7 Search vendor "Vmware" for product "Vsphere Data Protection" and version "6.0.7" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Data Protection Search vendor "Vmware" for product "Vsphere Data Protection" | 6.0.8 Search vendor "Vmware" for product "Vsphere Data Protection" and version "6.0.8" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Data Protection Search vendor "Vmware" for product "Vsphere Data Protection" | 6.1.0 Search vendor "Vmware" for product "Vsphere Data Protection" and version "6.1.0" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Data Protection Search vendor "Vmware" for product "Vsphere Data Protection" | 6.1.1 Search vendor "Vmware" for product "Vsphere Data Protection" and version "6.1.1" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Data Protection Search vendor "Vmware" for product "Vsphere Data Protection" | 6.1.2 Search vendor "Vmware" for product "Vsphere Data Protection" and version "6.1.2" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Data Protection Search vendor "Vmware" for product "Vsphere Data Protection" | 6.1.3 Search vendor "Vmware" for product "Vsphere Data Protection" and version "6.1.3" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Data Protection Search vendor "Vmware" for product "Vsphere Data Protection" | 6.1.4 Search vendor "Vmware" for product "Vsphere Data Protection" and version "6.1.4" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Data Protection Search vendor "Vmware" for product "Vsphere Data Protection" | 6.1.5 Search vendor "Vmware" for product "Vsphere Data Protection" and version "6.1.5" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Data Protection Search vendor "Vmware" for product "Vsphere Data Protection" | 6.1.6 Search vendor "Vmware" for product "Vsphere Data Protection" and version "6.1.6" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Data Protection Search vendor "Vmware" for product "Vsphere Data Protection" | 6.1.7 Search vendor "Vmware" for product "Vsphere Data Protection" and version "6.1.7" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Data Protection Search vendor "Vmware" for product "Vsphere Data Protection" | 6.1.8 Search vendor "Vmware" for product "Vsphere Data Protection" and version "6.1.8" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Data Protection Search vendor "Vmware" for product "Vsphere Data Protection" | 6.1.9 Search vendor "Vmware" for product "Vsphere Data Protection" and version "6.1.9" | - |
Affected
| ||||||