Vulnerability-Lookup

CVE-2018-11067 (GCVE-0-2018-11067)

Vulnerability from cvelistv5 – Published: 2018-11-26 20:00 – Updated: 2024-09-17 00:11

Title

Dell EMC Avamar and Integrated Data Protection Appliance Open Redirection Vulnerability

Summary

Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain an open redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites.

Severity ?

No CVSS data available.

CWE

Open Redirection Vulnerability

Assigner

dell

References

URL

Tags

	https://seclists.org/fulldisclosure/2018/Nov/49	mailing-listx_refsource_FULLDISC
	https://www.vmware.com/security/advisories/VMSA-2…	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/105969	vdb-entryx_refsource_BID
	http://www.securitytracker.com/id/1042153	vdb-entryx_refsource_SECTRACK

Impacted products

Vendor

Product

Version

Dell EMC

Avamar

Affected: 7.2.0
Affected: 7.2.1
Affected: 7.3.0
Affected: 7.3.1
Affected: 7.4.0
Affected: 7.4.1
Affected: 7.5.0
Affected: 7.5.1
Affected: 18.1

Dell EMC

Integrated Data Protection Appliance

Affected: 2.0
Affected: 2.1
Affected: 2.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T07:54:36.648Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20181120 DSA-2018-145: Dell EMC Avamar Multiple Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "https://seclists.org/fulldisclosure/2018/Nov/49"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
          },
          {
            "name": "105969",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105969"
          },
          {
            "name": "1042153",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1042153"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Avamar",
          "vendor": "Dell EMC",
          "versions": [
            {
              "status": "affected",
              "version": "7.2.0"
            },
            {
              "status": "affected",
              "version": "7.2.1"
            },
            {
              "status": "affected",
              "version": "7.3.0"
            },
            {
              "status": "affected",
              "version": "7.3.1"
            },
            {
              "status": "affected",
              "version": "7.4.0"
            },
            {
              "status": "affected",
              "version": "7.4.1"
            },
            {
              "status": "affected",
              "version": "7.5.0"
            },
            {
              "status": "affected",
              "version": "7.5.1"
            },
            {
              "status": "affected",
              "version": "18.1"
            }
          ]
        },
        {
          "product": "Integrated Data Protection Appliance",
          "vendor": "Dell EMC",
          "versions": [
            {
              "status": "affected",
              "version": "2.0"
            },
            {
              "status": "affected",
              "version": "2.1"
            },
            {
              "status": "affected",
              "version": "2.2"
            }
          ]
        }
      ],
      "datePublic": "2018-11-20T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain an open redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Open Redirection Vulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-11-27T16:57:01.000Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "name": "20181120 DSA-2018-145: Dell EMC Avamar Multiple Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "https://seclists.org/fulldisclosure/2018/Nov/49"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
        },
        {
          "name": "105969",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105969"
        },
        {
          "name": "1042153",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1042153"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Dell EMC Avamar and Integrated Data Protection Appliance Open Redirection Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security_alert@emc.com",
          "DATE_PUBLIC": "2018-11-20T05:00:00.000Z",
          "ID": "CVE-2018-11067",
          "STATE": "PUBLIC",
          "TITLE": "Dell EMC Avamar and Integrated Data Protection Appliance Open Redirection Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Avamar",
                      "version": {
                        "version_data": [
                          {
                            "affected": "=",
                            "version_affected": "=",
                            "version_value": "7.2.0"
                          },
                          {
                            "affected": "=",
                            "version_affected": "=",
                            "version_value": "7.2.1"
                          },
                          {
                            "affected": "=",
                            "version_affected": "=",
                            "version_value": "7.3.0"
                          },
                          {
                            "affected": "=",
                            "version_affected": "=",
                            "version_value": "7.3.1"
                          },
                          {
                            "affected": "=",
                            "version_affected": "=",
                            "version_value": "7.4.0"
                          },
                          {
                            "affected": "=",
                            "version_affected": "=",
                            "version_value": "7.4.1"
                          },
                          {
                            "version_value": "7.5.0"
                          },
                          {
                            "version_value": "7.5.1"
                          },
                          {
                            "version_value": "18.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Integrated Data Protection Appliance",
                      "version": {
                        "version_data": [
                          {
                            "affected": "=",
                            "version_affected": "=",
                            "version_value": "2.0"
                          },
                          {
                            "affected": "=",
                            "version_affected": "=",
                            "version_value": "2.1"
                          },
                          {
                            "affected": "=",
                            "version_affected": "=",
                            "version_value": "2.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Dell EMC"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain an open redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Open Redirection Vulnerability"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20181120 DSA-2018-145: Dell EMC Avamar Multiple Vulnerabilities",
              "refsource": "FULLDISC",
              "url": "https://seclists.org/fulldisclosure/2018/Nov/49"
            },
            {
              "name": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html",
              "refsource": "CONFIRM",
              "url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
            },
            {
              "name": "105969",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105969"
            },
            {
              "name": "1042153",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1042153"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2018-11067",
    "datePublished": "2018-11-26T20:00:00.000Z",
    "dateReserved": "2018-05-14T00:00:00.000Z",
    "dateUpdated": "2024-09-17T00:11:44.344Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GHSA-56QV-9P9C-2Q4V

Vulnerability from github – Published: 2022-05-14 01:44 – Updated: 2022-05-14 01:44

Details

Severity ?

6.1 (Medium)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-11067"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-601"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-11-26T20:29:00Z",
    "severity": "MODERATE"
  },
  "details": "Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain an open redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites.",
  "id": "GHSA-56qv-9p9c-2q4v",
  "modified": "2022-05-14T01:44:07Z",
  "published": "2022-05-14T01:44:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11067"
    },
    {
      "type": "WEB",
      "url": "https://seclists.org/fulldisclosure/2018/Nov/49"
    },
    {
      "type": "WEB",
      "url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/105969"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1042153"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2018-11067

Vulnerability from fkie_nvd - Published: 2018-11-26 20:29 - Updated: 2024-11-21 03:42

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

References

URL	Tags
security_alert@emc.com	http://www.securityfocus.com/bid/105969	Third Party Advisory, VDB Entry
security_alert@emc.com	http://www.securitytracker.com/id/1042153	Third Party Advisory, VDB Entry
security_alert@emc.com	https://seclists.org/fulldisclosure/2018/Nov/49	Mailing List, Third Party Advisory
security_alert@emc.com	https://www.vmware.com/security/advisories/VMSA-2018-0029.html	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/105969	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1042153	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://seclists.org/fulldisclosure/2018/Nov/49	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.vmware.com/security/advisories/VMSA-2018-0029.html	Patch, Third Party Advisory

Impacted products

Vendor	Product	Version
dell	emc_avamar	7.2.0
dell	emc_avamar	7.2.1
dell	emc_avamar	7.3.0
dell	emc_avamar	7.3.1
dell	emc_avamar	7.4.0
dell	emc_avamar	7.4.1
dell	emc_avamar	7.5.0
dell	emc_avamar	7.5.1
dell	emc_avamar	18.1
dell	emc_integrated_data_protection_appliance	2.0
dell	emc_integrated_data_protection_appliance	2.1
dell	emc_integrated_data_protection_appliance	2.2
vmware	vsphere_data_protection	6.0.0
vmware	vsphere_data_protection	6.0.1
vmware	vsphere_data_protection	6.0.2
vmware	vsphere_data_protection	6.0.3
vmware	vsphere_data_protection	6.0.4
vmware	vsphere_data_protection	6.0.5
vmware	vsphere_data_protection	6.0.6
vmware	vsphere_data_protection	6.0.7
vmware	vsphere_data_protection	6.0.8
vmware	vsphere_data_protection	6.1.0
vmware	vsphere_data_protection	6.1.1
vmware	vsphere_data_protection	6.1.2
vmware	vsphere_data_protection	6.1.3
vmware	vsphere_data_protection	6.1.4
vmware	vsphere_data_protection	6.1.5
vmware	vsphere_data_protection	6.1.6
vmware	vsphere_data_protection	6.1.7
vmware	vsphere_data_protection	6.1.8
vmware	vsphere_data_protection	6.1.9

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:dell:emc_avamar:7.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D9FD281-DB86-4D2D-BC19-CE2453709121",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dell:emc_avamar:7.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA20E0E8-6812-4416-93AA-E59B693FCFC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dell:emc_avamar:7.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "066595A8-C9EC-4ED3-AE76-A778F226B61E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dell:emc_avamar:7.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBA338A4-140B-4C5E-9D58-C17163EBE629",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dell:emc_avamar:7.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "490F94D4-CD84-418F-BCF3-A5FF2F98BEAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dell:emc_avamar:7.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "81FAAFDD-6A1B-44DE-92CB-B60D24397FED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dell:emc_avamar:7.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EA6C66A-CD8D-4829-891D-64FF533F3780",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dell:emc_avamar:7.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B634FEE-123C-413B-8D06-7D9E4AE0995B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dell:emc_avamar:18.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9022A46B-7D49-492A-8DC4-CBA9C2001497",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C4D195D-C047-42E9-9885-0464642EC6EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "76D6282D-ABA7-4972-8E13-2A625F13CF53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "06E2AD30-A9F5-453C-BC38-2A35DD39FA85",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBA48F5F-3B72-427E-9C9A-E5C3EC03A5F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5AF32F55-AE25-4F52-B043-1C2623344F1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8FEBFF6-CEF2-4A8E-BA29-3F383D6DF436",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEC123DA-FBC3-4075-B4C0-A5295A6965A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D8E9053-F846-48A5-93D7-35D0665D4038",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "561D7F05-3074-44E8-A9C9-11CF1B8FFF49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF81991D-6B69-4849-86B3-3A35CCB4B4E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9DE2E06-EAF2-401B-A775-44EF23D17691",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "12DE5F53-7FEC-4EF0-9841-C8493AE25E0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D7E39A9-BE37-4848-BAD2-7F97D04F0D7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A908399-8C17-46B6-B554-77F588C2BF42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC8AFC55-915D-46AC-80DA-E100F4CFFD64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2B9A334-69EB-4E88-A446-18A1B0C669B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D94A218-4CA0-46EA-BA44-24E90037222D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC527586-5680-4626-95D4-28EF84439DDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1476A3A-9BD3-4DF5-8290-CC32AFFA122C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F946694-A52E-46C9-A4C7-663B5EE01138",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D006B093-4DEB-4911-995C-744B3189D46D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "664DCBF4-0C41-4B68-B983-4E16933BA269",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain an open redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites."
    },
    {
      "lang": "es",
      "value": "Dell EMC Avamar Client Manager, en las versiones 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 y 18.1 de Dell EMC Avamar Server y las 2.0, 2.1 y 2.2 de Dell EMC Integrated Data Protection Appliance (IDPA) tienen una vulnerabilidad de redirecci\u00f3n abierta. Un atacante remoto no autenticado podr\u00eda explotar esta vulnerabilidad para redirigir los usuarios de la aplicaci\u00f3n a URL de p\u00e1ginas web arbitrarias, enga\u00f1\u00e1ndolos para que hagan clic en enlaces maliciosamente manipulados. Se podr\u00eda usar esta vulnerabilidad para realizar ataques de phishing que provoquen que los usuarios visiten sitios web maliciosos sin querer."
    }
  ],
  "id": "CVE-2018-11067",
  "lastModified": "2024-11-21T03:42:36.767",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-11-26T20:29:00.297",
  "references": [
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105969"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1042153"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/fulldisclosure/2018/Nov/49"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105969"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1042153"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/fulldisclosure/2018/Nov/49"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
    }
  ],
  "sourceIdentifier": "security_alert@emc.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-601"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTFR-2018-AVI-565

Vulnerability from certfr_avis - Published: 2018-11-21 - Updated: 2018-11-21

De multiples vulnérabilités ont été découvertes dans VMware vSphere Data Protection. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	VMware	N/A	vSphere Data Protection (VDP) versions 6.0.x antérieures à 6.0.9
	VMware	N/A	vSphere Data Protection (VDP) versions 6.1.x antérieures à 6.1.10

References

Title

Publication Time

GSD-2018-11067

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-11067

Aliases

CVE-2018-11067

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-11067",
    "description": "Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain an open redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites.",
    "id": "GSD-2018-11067"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-11067"
      ],
      "details": "Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain an open redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites.",
      "id": "GSD-2018-11067",
      "modified": "2023-12-13T01:22:41.975775Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security_alert@emc.com",
        "DATE_PUBLIC": "2018-11-20T05:00:00.000Z",
        "ID": "CVE-2018-11067",
        "STATE": "PUBLIC",
        "TITLE": "Dell EMC Avamar and Integrated Data Protection Appliance Open Redirection Vulnerability"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Avamar",
                    "version": {
                      "version_data": [
                        {
                          "affected": "=",
                          "version_value": "7.2.0"
                        },
                        {
                          "affected": "=",
                          "version_value": "7.2.1"
                        },
                        {
                          "affected": "=",
                          "version_value": "7.3.0"
                        },
                        {
                          "affected": "=",
                          "version_value": "7.3.1"
                        },
                        {
                          "affected": "=",
                          "version_value": "7.4.0"
                        },
                        {
                          "affected": "=",
                          "version_value": "7.4.1"
                        },
                        {
                          "version_value": "7.5.0"
                        },
                        {
                          "version_value": "7.5.1"
                        },
                        {
                          "version_value": "18.1"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Integrated Data Protection Appliance ",
                    "version": {
                      "version_data": [
                        {
                          "affected": "=",
                          "version_value": "2.0"
                        },
                        {
                          "affected": "=",
                          "version_value": "2.1"
                        },
                        {
                          "affected": "=",
                          "version_value": "2.2"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Dell EMC"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain an open redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Open Redirection Vulnerability"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20181120 DSA-2018-145: Dell EMC Avamar Multiple Vulnerabilities",
            "refsource": "FULLDISC",
            "url": "https://seclists.org/fulldisclosure/2018/Nov/49"
          },
          {
            "name": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html",
            "refsource": "CONFIRM",
            "url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
          },
          {
            "name": "105969",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/105969"
          },
          {
            "name": "1042153",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1042153"
          }
        ]
      },
      "source": {
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:dell:emc_avamar:7.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dell:emc_avamar:7.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dell:emc_avamar:7.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dell:emc_avamar:7.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dell:emc_avamar:7.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dell:emc_avamar:7.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dell:emc_avamar:18.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dell:emc_avamar:7.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dell:emc_avamar:7.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@dell.com",
          "ID": "CVE-2018-11067"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain an open redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-601"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20181120 DSA-2018-145: Dell EMC Avamar Multiple Vulnerabilities",
              "refsource": "FULLDISC",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://seclists.org/fulldisclosure/2018/Nov/49"
            },
            {
              "name": "1042153",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1042153"
            },
            {
              "name": "105969",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/105969"
            },
            {
              "name": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 2.7
        }
      },
      "lastModifiedDate": "2019-01-02T18:21Z",
      "publishedDate": "2018-11-26T20:29Z"
    }
  }
}

CNVD-2018-23619

Vulnerability from cnvd - Published: 2018-11-21

Title

Dell EMC Avamar开放重定向漏洞

Description

Dell EMC Avamar是一套用于服务器的完全虚拟化的备份和恢复软件。 Dell EMC Avamar存在开放重定向漏洞。远程未经身份验证的攻击者可能会利用此漏洞通过欺骗受害用户单击恶意构建的链接，将应用程序用户重定向到任意Web URL。

Severity

中

Patch Name

Dell EMC Avamar开放重定向漏洞的补丁

Patch Description

Dell EMC Avamar是一套用于服务器的完全虚拟化的备份和恢复软件。 Dell EMC Avamar存在开放重定向漏洞。远程未经身份验证的攻击者可能会利用此漏洞通过欺骗受害用户单击恶意构建的链接，将应用程序用户重定向到任意Web URL。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下供应商提供的安全公告获得补丁信息： https://seclists.org/fulldisclosure/2018/Nov/49

Reference

https://seclists.org/fulldisclosure/2018/Nov/49

Impacted products

Name
['Dell EMC Avamar Server 7.3.1', 'Dell EMC Avamar Server 7.4.1', 'Dell EMC Avamar Server 7.5.0', 'Dell EMC Avamar Server 7.2.0', 'Dell EMC Avamar Server 7.2.1', 'Dell EMC Avamar Server 7.3.0', 'Dell EMC Avamar Server 7.4.0', 'Dell EMC Avamar Server 7.5.1', 'Dell EMC Avamar Server 18.1']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-11067"
    }
  },
  "description": "Dell EMC Avamar\u662f\u4e00\u5957\u7528\u4e8e\u670d\u52a1\u5668\u7684\u5b8c\u5168\u865a\u62df\u5316\u7684\u5907\u4efd\u548c\u6062\u590d\u8f6f\u4ef6\u3002\n\nDell EMC Avamar\u5b58\u5728\u5f00\u653e\u91cd\u5b9a\u5411\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u653b\u51fb\u8005\u53ef\u80fd\u4f1a\u5229\u7528\u6b64\u6f0f\u6d1e\u901a\u8fc7\u6b3a\u9a97\u53d7\u5bb3\u7528\u6237\u5355\u51fb\u6076\u610f\u6784\u5efa\u7684\u94fe\u63a5\uff0c\u5c06\u5e94\u7528\u7a0b\u5e8f\u7528\u6237\u91cd\u5b9a\u5411\u5230\u4efb\u610fWeb URL\u3002",
  "discovererName": "Jarrod Farncomb",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://seclists.org/fulldisclosure/2018/Nov/49",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-23619",
  "openTime": "2018-11-21",
  "patchDescription": "Dell EMC Avamar\u662f\u4e00\u5957\u7528\u4e8e\u670d\u52a1\u5668\u7684\u5b8c\u5168\u865a\u62df\u5316\u7684\u5907\u4efd\u548c\u6062\u590d\u8f6f\u4ef6\u3002\r\n\r\nDell EMC Avamar\u5b58\u5728\u5f00\u653e\u91cd\u5b9a\u5411\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u653b\u51fb\u8005\u53ef\u80fd\u4f1a\u5229\u7528\u6b64\u6f0f\u6d1e\u901a\u8fc7\u6b3a\u9a97\u53d7\u5bb3\u7528\u6237\u5355\u51fb\u6076\u610f\u6784\u5efa\u7684\u94fe\u63a5\uff0c\u5c06\u5e94\u7528\u7a0b\u5e8f\u7528\u6237\u91cd\u5b9a\u5411\u5230\u4efb\u610fWeb URL\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Dell EMC Avamar\u5f00\u653e\u91cd\u5b9a\u5411\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Dell EMC Avamar Server 7.3.1",
      "Dell EMC Avamar Server 7.4.1",
      "Dell EMC Avamar Server 7.5.0",
      "Dell EMC Avamar Server 7.2.0",
      "Dell EMC Avamar Server 7.2.1",
      "Dell EMC Avamar Server 7.3.0",
      "Dell EMC Avamar Server 7.4.0",
      "Dell EMC Avamar Server 7.5.1",
      "Dell EMC Avamar Server 18.1"
    ]
  },
  "referenceLink": "https://seclists.org/fulldisclosure/2018/Nov/49",
  "serverity": "\u4e2d",
  "submitTime": "2018-11-21",
  "title": "Dell EMC Avamar\u5f00\u653e\u91cd\u5b9a\u5411\u6f0f\u6d1e"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-11067 (GCVE-0-2018-11067)

GHSA-56QV-9P9C-2Q4V

FKIE_CVE-2018-11067

CERTFR-2018-AVI-565

Solution

GSD-2018-11067

CNVD-2018-23619

Tags

Sightings

Nomenclature