← Back

CVE-2018-1251

nvd nist
Published: Sep 28, 2018Modified: Nov 21, 2024

JSON object

Loading...
8.1
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Exploitability: 2.8 / Impact: 5.2
Source: NVD

Description

Dell EMC Unity and UnityVSA versions prior to 4.3.1.1525703027 contains a URL Redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect Unity users to arbitrary web URLs by tricking the victim user to click on a maliciously crafted Unisphere URL. Attacker could potentially phish information, including Unisphere users' credentials, from the victim once they are redirected.

Affected (2)

Dell
2 products
Emc Unity Firmware
Emc Unityvsa
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Emc Unity Firmware
Before 4.3.1.1525703027
Running on/withPlatform Versions
Dell
Emc Unity
All versions
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Emc Unityvsa
Before 4.3.1.1525703027

Related CWEs

CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.

References (2)

Source: security_alert@emc.com
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory

Timeline

No history available yet.