1. CVE-Search
  2. CVE-2018-11067
ID CVE-2018-11067
Summary Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain an open redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites.
References
Vulnerable Configurations
  • cpe:2.3:a:dell:emc_avamar:7.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:dell:emc_avamar:7.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:dell:emc_avamar:7.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:dell:emc_avamar:7.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:dell:emc_avamar:7.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:dell:emc_avamar:7.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:dell:emc_avamar:7.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:dell:emc_avamar:7.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:dell:emc_avamar:7.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:dell:emc_avamar:7.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:dell:emc_avamar:7.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:dell:emc_avamar:7.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:dell:emc_avamar:7.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:dell:emc_avamar:7.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:dell:emc_avamar:7.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:dell:emc_avamar:7.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:dell:emc_avamar:18.1:*:*:*:*:*:*:*
    cpe:2.3:a:dell:emc_avamar:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.1:*:*:*:*:*:*:*
    cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.2:*:*:*:*:*:*:*
    cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vsphere_data_protection:6.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:vsphere_data_protection:6.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vsphere_data_protection:6.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:vsphere_data_protection:6.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vsphere_data_protection:6.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:vsphere_data_protection:6.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vsphere_data_protection:6.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:vsphere_data_protection:6.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vsphere_data_protection:6.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:vsphere_data_protection:6.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vsphere_data_protection:6.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:vsphere_data_protection:6.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vsphere_data_protection:6.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:vsphere_data_protection:6.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vsphere_data_protection:6.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:vsphere_data_protection:6.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vsphere_data_protection:6.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:vsphere_data_protection:6.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vsphere_data_protection:6.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:vsphere_data_protection:6.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vsphere_data_protection:6.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:vsphere_data_protection:6.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vsphere_data_protection:6.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:vsphere_data_protection:6.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vsphere_data_protection:6.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:vsphere_data_protection:6.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vsphere_data_protection:6.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:vsphere_data_protection:6.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vsphere_data_protection:6.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:vsphere_data_protection:6.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vsphere_data_protection:6.1.6:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:vsphere_data_protection:6.1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vsphere_data_protection:6.1.7:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:vsphere_data_protection:6.1.7:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vsphere_data_protection:6.1.8:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:vsphere_data_protection:6.1.8:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vsphere_data_protection:6.1.9:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:vsphere_data_protection:6.1.9:*:*:*:*:*:*:*
CVSS
Base: 5.8 (as of 02-01-2019 - 18:21)
Impact:
Exploitability:
CWE CWE-601
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:N
refmap via4
bid 105969
confirm https://www.vmware.com/security/advisories/VMSA-2018-0029.html
fulldisc 20181120 DSA-2018-145: Dell EMC Avamar Multiple Vulnerabilities
sectrack 1042153
Last major update 02-01-2019 - 18:21
Published 26-11-2018 - 20:29
Last modified 02-01-2019 - 18:21
Back to Top