CVE-2018-1251 HIGH

CVE-2018-1251

Vendor Dell Emc
Product Dell EMC Unity
Published September 28, 2018
Last update September 16, 2024

CVSS base score

8.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L

What the vulnerability does

01Description

Dell EMC Unity and UnityVSA versions prior to 4.3.1.1525703027 contains a URL Redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect Unity users to arbitrary web URLs by tricking the victim user to click on a maliciously crafted Unisphere URL. Attacker could potentially phish information, including Unisphere users' credentials, from the victim once they are redirected.

Key dates

02Disclosure timeline

September 28, 2018 CVE published
September 16, 2024 Record updated