VISTA InfoSec’s Information Security Consultant Mr. Mahendra Dhodi has discovered a weakness in Dell OpenManage Server Administrator, which can be exploited by malicious people to conduct spoofing attacks.
Input passed via the “file” GET parameter to /HelpViewer is not properly sanitised before being used to redirect users. This can be exploited to redirect a user to an arbitrary website e.g. when a user clicks a specially crafted link to the affected script hosted on a trusted domain.
The weakness is confirmed in version 7.2.0. Prior versions may also be affected.
Update to version 7.3.0.
Secunia Reference: Secunia Advisory SA52742
CVE Reference: CVE-2013-0740
Reference Link: http://secunia.com/advisories/52742/