Details of VAR-201404-0083

ID

VAR-201404-0083

CVE

CVE-2013-0740

TITLE

Dell OpenManage Server Administrator Open redirect vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2013-006300

DESCRIPTION

Open redirect vulnerability in Dell OpenManage Server Administrator (OMSA) before 7.3.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the file parameter to HelpViewer. Dell OpenManage Server Administrator is prone to an open-redirection vulnerability. An attacker can leverage this issue by constructing a crafted URI and enticing a user to follow it. When an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site; this may aid in phishing attacks. Other attacks are possible. Dell OpenManage Server Administrator 7.2.0 is vulnerable; other versions may also be affected. The solution supports online diagnosis, system operation detection, equipment management, etc

Trust: 1.98

sources: NVD: CVE-2013-0740 // JVNDB: JVNDB-2013-006300 // BID: 61383 // VULHUB: VHN-60742

AFFECTED PRODUCTS

vendor:	dell	model:	openmanage server administrator	scope:	eq	version:	7.1.0.1	Trust: 1.6
vendor:	dell	model:	openmanage server administrator	scope:	eq	version:	7.1.0	Trust: 1.6
vendor:	dell	model:	openmanage server administrator	scope:	eq	version:	7.0.0.1	Trust: 1.6
vendor:	dell	model:	openmanage server administrator	scope:	eq	version:	7.0.0	Trust: 1.6
vendor:	dell	model:	openmanage server administrator	scope:	lte	version:	7.2.0	Trust: 1.0
vendor:	dell	model:	openmanage server administrator	scope:	lt	version:	7.3.0	Trust: 0.8
vendor:	dell	model:	openmanage server administrator	scope:	eq	version:	7.2.0	Trust: 0.6

sources: JVNDB: JVNDB-2013-006300 // CNNVD: CNNVD-201307-467 // NVD: CVE-2013-0740

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-0740
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-0740
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201307-467
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-60742
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-0740
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-60742
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-60742 // JVNDB: JVNDB-2013-006300 // CNNVD: CNNVD-201307-467 // NVD: CVE-2013-0740

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-60742 // JVNDB: JVNDB-2013-006300 // NVD: CVE-2013-0740

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201307-467

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201307-467

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-006300

PATCH

title:	Dell OpenManage Server Administrator	url:	http://www.dell.com/support/contents/jp/ja/jpbsd1/article/Product-Support/Self-support-Knowledgebase/enterprise-resource-center/Enterprise-Tools/OMSA	Trust: 0.8
title:	OM-SrvAdmin-Dell-Web-WIN-7.3.0-350_A00	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=49281	Trust: 0.6

sources: JVNDB: JVNDB-2013-006300 // CNNVD: CNNVD-201307-467

EXTERNAL IDS

db:	NVD	id:	CVE-2013-0740	Trust: 2.8
db:	OSVDB	id:	95545	Trust: 2.5
db:	BID	id:	61383	Trust: 2.0
db:	SECUNIA	id:	52742	Trust: 1.7
db:	JVNDB	id:	JVNDB-2013-006300	Trust: 0.8
db:	CNNVD	id:	CNNVD-201307-467	Trust: 0.7
db:	NSFOCUS	id:	24174	Trust: 0.6
db:	VULHUB	id:	VHN-60742	Trust: 0.1

sources: VULHUB: VHN-60742 // BID: 61383 // JVNDB: JVNDB-2013-006300 // CNNVD: CNNVD-201307-467 // NVD: CVE-2013-0740

REFERENCES

url:	http://osvdb.org/95545	Trust: 2.5
url:	http://www.securityfocus.com/bid/61383	Trust: 1.7
url:	http://secunia.com/advisories/52742	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-0740	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-0740	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/24174	Trust: 0.6
url:	http://dell.com	Trust: 0.3

sources: VULHUB: VHN-60742 // BID: 61383 // JVNDB: JVNDB-2013-006300 // CNNVD: CNNVD-201307-467 // NVD: CVE-2013-0740

CREDITS

Mahendra Dhodi of VISTA InfoSec via Secunia

Trust: 0.9

sources: BID: 61383 // CNNVD: CNNVD-201307-467

SOURCES

db:	VULHUB	id:	VHN-60742
db:	BID	id:	61383
db:	JVNDB	id:	JVNDB-2013-006300
db:	CNNVD	id:	CNNVD-201307-467
db:	NVD	id:	CVE-2013-0740

LAST UPDATE DATE

2024-08-14T15:44:51.730000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-60742	date:	2014-04-11T00:00:00
db:	BID	id:	61383	date:	2013-07-22T00:00:00
db:	JVNDB	id:	JVNDB-2013-006300	date:	2014-04-14T00:00:00
db:	CNNVD	id:	CNNVD-201307-467	date:	2014-04-14T00:00:00
db:	NVD	id:	CVE-2013-0740	date:	2014-04-11T16:14:59.140

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-60742	date:	2014-04-10T00:00:00
db:	BID	id:	61383	date:	2013-07-22T00:00:00
db:	JVNDB	id:	JVNDB-2013-006300	date:	2014-04-14T00:00:00
db:	CNNVD	id:	CNNVD-201307-467	date:	2013-07-25T00:00:00
db:	NVD	id:	CVE-2013-0740	date:	2014-04-10T20:29:23.487