CVE-2018-11067
published 2018-11-26CVE-2018-11067: Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data…
PriorityP430medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
EPSS
1.81%
75.9th percentile
Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain an open redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites.
Affected
44 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dell | emc_avamar | — | — |
| dell | emc_avamar | — | — |
| dell | emc_avamar | — | — |
| dell | emc_avamar | — | — |
| dell | emc_avamar | — | — |
| dell | emc_avamar | — | — |
| dell | emc_avamar | — | — |
| dell | emc_avamar | — | — |
| dell | emc_avamar | — | — |
| dell | emc_integrated_data_protection_appliance | — | — |
| dell | emc_integrated_data_protection_appliance | — | — |
| dell | emc_integrated_data_protection_appliance | — | — |
| dell_emc | avamar | — | — |
| dell_emc | avamar | — | — |
| dell_emc | avamar | — | — |
| dell_emc | avamar | — | — |
| dell_emc | avamar | — | — |
| dell_emc | avamar | — | — |
| dell_emc | avamar | — | — |
| dell_emc | avamar | — | — |
| dell_emc | avamar | — | — |
| dell_emc | integrated_data_protection_appliance | — | — |
| dell_emc | integrated_data_protection_appliance | — | — |
| dell_emc | integrated_data_protection_appliance | — | — |
| vmware | vmware_vsphere | — | — |
CVSS provenance
nvdv3.06.1MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.05.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-56qv-9p9c-2q4v: Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7
ghsa_unreviewed·2022-05-14
CVE-2018-11067 [MEDIUM] CWE-601 GHSA-56qv-9p9c-2q4v: Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7
Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain an open redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites.
VMware
vSphere Data Protection (VDP) updates address multiple security issues.
vendor_vmware·2018-11-20·CVSS 9.8
CVE-2018-11066 [CRITICAL] vSphere Data Protection (VDP) updates address multiple security issues.
VMSA-2018-0029: vSphere Data Protection (VDP) updates address multiple security issues.
vSphere Data Protection (VDP) updates address multiple security issues. 2. Relevant Products vSphere Data Protection (VDP). VDP is based on Dell EMC Avamar Virtual Edition. 3. Problem Description a. Remote code execution vulnerability. VDP contains a remote code execution vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary commands on the server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2018-11066 to this issue. Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Product Version Running on
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.securityfocus.com/bid/105969http://www.securitytracker.com/id/1042153https://seclists.org/fulldisclosure/2018/Nov/49https://www.vmware.com/security/advisories/VMSA-2018-0029.htmlhttp://www.securityfocus.com/bid/105969http://www.securitytracker.com/id/1042153https://seclists.org/fulldisclosure/2018/Nov/49https://www.vmware.com/security/advisories/VMSA-2018-0029.html
2018-11-26
Published