PT-2018-11220 · Dell Emc · Unityvsa+3

Publicado

2018-09-28

Atualizado

2019-10-09

CVE-2018-1250

CVSS v3.1

6.5

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Dell EMC Unity and UnityVSA versions prior to 4.3.1.1525703027

Description The issue allows a remote authenticated user to potentially bypass authorization and read files on a NAS server. This is achieved by directly interacting with certain APIs of Unity OE, which bypasses the Role-Based Authorization control that is only implemented in the Unisphere GUI.

Recommendations For versions prior to 4.3.1.1525703027, update to version 4.3.1.1525703027 or later to resolve the issue.

Correção

Incorrect Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-863

Identificadores relacionados

CVE-2018-1250

Produtos afetados

Dell Emc Unity

Unisphere

Unity Oe

Unityvsa

PT-2018-11220 · Dell Emc · Unityvsa+3

CVE-2018-1250

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3