CVE-2018-1250
6.5
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Dell EMC Unity and UnityVSA versions prior to 4.3.1.1525703027 contains an Authorization Bypass vulnerability. A remote authenticated user could potentially exploit this vulnerability to read files in NAS server by directly interacting with certain APIs of Unity OE, bypassing Role-Based Authorization control implemented only in Unisphere GUI.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Dell EMC | Dell EMC Unity | unspecified < 4.3.1.1525703027 | affected |
| Dell EMC | Dell EMC UnityVSA | unspecified < 4.3.1.1525703027 | affected |
Weaknesses
- Authorization Bypass
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.