CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-1250

Dell EMC Unity and UnityVSA versions prior to 4.3.1.1525703027 contains an Authorization Bypass vulnerability. A remote authenticated user could potentially exploit this vulnerability to read files in NAS server by directly interacting with certain APIs of Unity OE, bypassing Role-Based Authorization control implemented only in Unisphere GUI.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 29.1%

CVSS Severity

CVSS v3 Score 6.5

CVSS v2 Score 4.0

References

https://seclists.org/fulldisclosure/2018/Sep/30
https://seclists.org/fulldisclosure/2018/Sep/30

Products affected by CVE-2018-1250

Dell » Emc Unity » Version: N/A

cpe:2.3:h:dell:emc_unity:-
Dell » Emc Unity Firmware » Version: Any

cpe:2.3:o:dell:emc_unity_firmware:*
Dell » Emc Unityvsa » Version: Any

cpe:2.3:o:dell:emc_unityvsa:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-1250

Products

Pricing

Contact Us