Jarrod Farncomb

**Name of the Vulnerable Software and Affected Versions** IsilonSD Management Server version 1.1.0 **Description** The issue is related to a cross-site scripting vulnerability that occurs when uploading an OVA file. A remote attacker can exploit this to execute malicious HTML or JavaScript code in the context of an admin user by tricking the admin into performing certain actions. **Recommendations** For IsilonSD Management Server version 1.1.0, consider restricting access to the OVA file upload functionality until a fix is available. As a temporary workaround, avoid uploading OVA files from untrusted sources to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** IsilonSD Management Server version 1.1.0 **Description** The issue is related to a cross-site scripting vulnerability that occurs when registering vCenter servers. A remote attacker can exploit this to execute malicious HTML or JavaScript code in the context of an admin user. **Recommendations** For IsilonSD Management Server version 1.1.0, consider restricting access to the vCenter server registration functionality until a fix is available. As a temporary workaround, avoid registering new vCenter servers to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Q'center Virtual Appliance versions 1.8.1014 and earlier **Description** A cross-site scripting (XSS) issue allows remote attackers to inject Javascript code into the compromised application. **Recommendations** For Q'center Virtual Appliance versions 1.8.1014 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dell EMC Avamar Server versions 7.2.0 through 7.5.1, 18.1 Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0 through 2.2 **Description** The issue is related to an open redirection vulnerability in the Dell EMC Avamar Client Manager component. A remote unauthenticated attacker could exploit this to redirect application users to arbitrary web URLs by tricking victims into clicking on maliciously crafted links. This could be used to conduct phishing attacks, causing users to unknowingly visit malicious sites. **Recommendations** For Dell EMC Avamar Server versions 7.2.0 through 7.5.1 and 18.1, update to a version that includes a fix for the open redirection vulnerability. For Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0 through 2.2, update to a version that includes a fix for the open redirection vulnerability. As a temporary workaround, consider restricting access to the Avamar Client Manager component to minimize the risk of exploitation.