CVE-2018-11067
MEDIUMDell EMC Avamar and Integrated Data Protection Appliance - Unauthenticated Open Redirect via Malicious Link
Title source: llmDescription
Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain an open redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites.
References (4)
Core 4
Core References
Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
https://seclists.org/fulldisclosure/2018/Nov/49
Patch, Third Party Advisory x_refsource_confirm
https://www.vmware.com/security/advisories/VMSA-2018-0029.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/105969
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1042153
Scores
CVSS v3
6.1
EPSS
0.0051
EPSS Percentile
66.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-601
Status
published
Products (31)
dell/emc_avamar
7.2.0
dell/emc_avamar
7.2.1
dell/emc_avamar
7.3.0
dell/emc_avamar
7.3.1
dell/emc_avamar
7.4.0
dell/emc_avamar
7.4.1
dell/emc_avamar
7.5.0
dell/emc_avamar
7.5.1
dell/emc_avamar
18.1
dell/emc_integrated_data_protection_appliance
2.0
... and 21 more
Published
Nov 26, 2018
Tracked Since
Feb 18, 2026