CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Dell: >> Emc Unity Security Vulnerabilities

CVE-2018-1251

Dell EMC Unity and UnityVSA versions prior to 4.3.1.1525703027 contains a URL Redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect Unity users to arbitrary web URLs by tricking the victim user to click on a maliciously crafted Unisphere URL. Attacker could potentially phish information, including Unisphere users' credentials, from the victim once they are redirected.

CVSS Score

8.3

EPSS Score

0.002

Published

2018-09-28

CVE-2018-1250

Dell EMC Unity and UnityVSA versions prior to 4.3.1.1525703027 contains an Authorization Bypass vulnerability. A remote authenticated user could potentially exploit this vulnerability to read files in NAS server by directly interacting with certain APIs of Unity OE, bypassing Role-Based Authorization control implemented only in Unisphere GUI.

CVSS Score

6.5

EPSS Score

0.001

Published

2018-09-28

Page 1

Vulnerabilities

Vulnerable Software

Dell: >> Emc Unity Security Vulnerabilities

Products

Pricing

Contact Us