CVE-2018-11067

Name of the Vulnerable Software and Affected Versions Dell EMC Avamar Server versions 7.2.0 through 7.5.1, 18.1 Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0 through 2.2

Description The issue is related to an open redirection vulnerability in the Dell EMC Avamar Client Manager component. A remote unauthenticated attacker could exploit this to redirect application users to arbitrary web URLs by tricking victims into clicking on maliciously crafted links. This could be used to conduct phishing attacks, causing users to unknowingly visit malicious sites.

Recommendations For Dell EMC Avamar Server versions 7.2.0 through 7.5.1 and 18.1, update to a version that includes a fix for the open redirection vulnerability. For Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0 through 2.2, update to a version that includes a fix for the open redirection vulnerability. As a temporary workaround, consider restricting access to the Avamar Client Manager component to minimize the risk of exploitation.