CVE-2018-1251

{"id": "CVE-2018-1251", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "security_alert@emc.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.5, "exploitabilityScore": 2.8}]}, "published": "2018-09-28T18:29:01.083", "references": [{"url": "https://seclists.org/fulldisclosure/2018/Sep/30", "tags": ["Mailing List", "Third Party Advisory"], "source": "security_alert@emc.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-601"}]}], "descriptions": [{"lang": "en", "value": "Dell EMC Unity and UnityVSA versions prior to 4.3.1.1525703027 contains a URL Redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect Unity users to arbitrary web URLs by tricking the victim user to click on a maliciously crafted Unisphere URL. Attacker could potentially phish information, including Unisphere users' credentials, from the victim once they are redirected."}, {"lang": "es", "value": "Dell EMC Unity y UnityVSA en versiones anteriores a la 4.3.1.1525703027 contiene una vulnerabilidad de redirecci\u00f3n de URL. Un atacante remoto no autenticado podr\u00eda explotar esta vulnerabilidad para redirigir a los usuarios de Unity a URL web arbitrarias enga\u00f1ando a la v\u00edctima para que haga clic en una URL de Unisphere maliciosamente manipulada. Los atacantes podr\u00edan captar informaci\u00f3n, incluyendo las credenciales de usuario de Unisphere, de la v\u00edctima una vez son redirigidos."}], "lastModified": "2019-10-09T23:38:17.320", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dell:emc_unity_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CE80D21A-B8AA-4429-9FE7-01522F9595A5", "versionEndExcluding": "4.3.1.1525703027"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dell:emc_unity:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "08D30CDA-12CB-4071-94EC-6186ED329072"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dell:emc_unityvsa:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FCAA53DD-EEFF-440F-9979-09B8521FDB64", "versionEndExcluding": "4.3.1.1525703027"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}