Vulnerabilites related to dell - emc_vipr_srm
Vulnerability from fkie_nvd
Published
2017-09-22 01:29
Modified
2025-04-20 01:37
Severity ?
Summary
In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Webservice Gateway is affected by a directory traversal vulnerability. Attackers with knowledge of Webservice Gateway credentials could potentially exploit this vulnerability to access unauthorized information, and modify or delete data, by supplying specially crafted strings in input parameters of the web service call.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security_alert@emc.com | http://seclists.org/fulldisclosure/2017/Sep/51 | Mailing List, Third Party Advisory | |
| security_alert@emc.com | http://www.securityfocus.com/bid/100957 | Third Party Advisory, VDB Entry | |
| security_alert@emc.com | http://www.securitytracker.com/id/1039417 | Third Party Advisory, VDB Entry | |
| security_alert@emc.com | http://www.securitytracker.com/id/1039418 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2017/Sep/51 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/100957 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1039417 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1039418 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | emc_m\&r | * | |
| dell | emc_storage_monitoring_and_reporting | * | |
| dell | emc_vipr_srm | * | |
| dell | emc_vnx_monitoring_and_reporting | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:emc_m\\\u0026r:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4257D51A-8593-43F5-9C39-1D0BA9DD2C0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_storage_monitoring_and_reporting:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B368A32D-4310-476A-A012-67D9A77D4EC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_vipr_srm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "15CDF8E3-4681-48E5-A0D3-CF40E301D23C",
"versionEndIncluding": "4.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_vnx_monitoring_and_reporting:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7DC88D9-BBC4-47B7-83D4-6958FDD6FF55",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In EMC ViPR SRM, Storage M\u0026R, VNX M\u0026R, and M\u0026R (Watch4Net) for SAS Solution Packs, the Webservice Gateway is affected by a directory traversal vulnerability. Attackers with knowledge of Webservice Gateway credentials could potentially exploit this vulnerability to access unauthorized information, and modify or delete data, by supplying specially crafted strings in input parameters of the web service call."
},
{
"lang": "es",
"value": "En EMC ViPR SRM, Storage MR, VNX MR y MR (Watch4Net) para SAS Solution Packs, la puerta de enlace del servicio web se ha visto afectado por una vulnerabilidad de salto de directorio. Los atacantes que conozcan las credenciales de la puerta de enlace del servicio web podr\u00edan explotar esta vulnerabilidad para acceder a informaci\u00f3n no autorizada y modificar o borrar datos proporcionando strings especialmente manipuladas en par\u00e1metros de entrada de la llamada del servicio web."
}
],
"id": "CVE-2017-8007",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-22T01:29:25.467",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/Sep/51"
},
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100957"
},
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039417"
},
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039418"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/Sep/51"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100957"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039417"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039418"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-17 14:29
Modified
2025-04-20 01:37
Severity ?
Summary
EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R for SAS Solution Packs (EMC ViPR SRM prior to 4.1, EMC Storage M&R prior to 4.1, EMC VNX M&R all versions, EMC M&R (Watch4Net) for SAS Solution Packs all versions) contain undocumented accounts with default passwords for Webservice Gateway and RMI JMX components. A remote attacker with the knowledge of the default password may potentially use these accounts to run arbitrary web service and remote procedure calls on the affected system.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security_alert@emc.com | http://seclists.org/fulldisclosure/2017/Jul/21 | Mailing List, Third Party Advisory | |
| security_alert@emc.com | http://www.securityfocus.com/bid/99555 | Third Party Advisory, VDB Entry | |
| security_alert@emc.com | http://www.securitytracker.com/id/1038905 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2017/Jul/21 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99555 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1038905 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | emc_m\&r | - | |
| dell | emc_storage_monitoring_and_reporting | 4.0.2 | |
| dell | emc_vipr_srm | * | |
| dell | emc_vnx_monitoring_and_reporting | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:emc_m\\\u0026r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "53A85D4E-3852-4638-9CD0-EBA9544B950F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_storage_monitoring_and_reporting:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D171B347-D3A0-4067-B92F-60FE4DC64F3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_vipr_srm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "15CDF8E3-4681-48E5-A0D3-CF40E301D23C",
"versionEndIncluding": "4.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_vnx_monitoring_and_reporting:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE16D5AE-ABC8-4210-A54C-67F2162F64E7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "EMC ViPR SRM, EMC Storage M\u0026R, EMC VNX M\u0026R, EMC M\u0026R for SAS Solution Packs (EMC ViPR SRM prior to 4.1, EMC Storage M\u0026R prior to 4.1, EMC VNX M\u0026R all versions, EMC M\u0026R (Watch4Net) for SAS Solution Packs all versions) contain undocumented accounts with default passwords for Webservice Gateway and RMI JMX components. A remote attacker with the knowledge of the default password may potentially use these accounts to run arbitrary web service and remote procedure calls on the affected system."
},
{
"lang": "es",
"value": "EMC ViPR SRM, EMC Storage M\u0026R, EMC VNX M\u0026R, EMC M\u0026R para SAS Solution Packs (EMC ViPR SRM anterior a versi\u00f3n 4.1, EMC Storage M\u0026R anterior a versi\u00f3n 4.1, EMC VNX M\u0026R todas las versiones, EMC M\u0026R (Watch4Net) para todas las versiones de SAS Solution Packs), contienen cuentas no documentadas con contrase\u00f1as por defecto para los componentes WebService Gateway y RMI JMX. Un atacante remoto con conocimiento de la contrase\u00f1a por defecto puede usar estas cuentas para ejecutar servicios web arbitrarios y llamadas a procedimientos remotos sobre el sistema afectado."
}
],
"id": "CVE-2017-8011",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-17T14:29:01.250",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/Jul/21"
},
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99555"
},
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038905"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/Jul/21"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99555"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038905"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-04-30 20:29
Modified
2024-11-21 03:59
Severity ?
Summary
In Dell EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4.0.8, Dell EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.8, Dell EMC VASA Provider Virtual Appliance versions prior to 8.4.0.512, Dell EMC SMIS versions prior to 8.4.0.6, Dell EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4.0.347, Dell EMC VNX2 Operating Environment (OE) for File versions prior to 8.1.9.231, Dell EMC VNX2 Operating Environment (OE) for Block versions prior to 05.33.009.5.231, Dell EMC VNX1 Operating Environment (OE) for File versions prior to 7.1.82.0, Dell EMC VNX1 Operating Environment (OE) for Block versions prior to 05.32.000.5.225, Dell EMC VNXe3200 Operating Environment (OE) all versions, Dell EMC VNXe1600 Operating Environment (OE) versions prior to 3.1.9.9570228, Dell EMC VNXe 3100/3150/3300 Operating Environment (OE) all versions, Dell EMC ViPR SRM versions 3.7, 3.7.1, 3.7.2 (only if using Dell EMC Host Interface for Windows), Dell EMC ViPR SRM versions 4.0, 4.0.1, 4.0.2, 4.0.3 (only if using Dell EMC Host Interface for Windows), Dell EMC XtremIO versions 4.x, Dell EMC VMAX eNAS version 8.x, Dell EMC Unity Operating Environment (OE) versions prior to 4.3.0.1522077968, ECOM is affected by a XXE injection vulnerability due to the configuration of the XML parser shipped with the product. XXE Injection attack may occur when XML input containing a reference to an external entity (defined by the attacker) is processed by an affected XML parser. XXE Injection may allow attackers to gain unauthorized access to files containing sensitive information or may be used to cause denial-of-service.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security_alert@emc.com | http://seclists.org/fulldisclosure/2018/Apr/61 | Mailing List, Third Party Advisory | |
| security_alert@emc.com | http://www.securityfocus.com/bid/104024 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2018/Apr/61 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/104024 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | emc_smis | * | |
| dell | emc_solutions_enabler_virtual_appliance | * | |
| dell | emc_unisphere | * | |
| dell | emc_unity_operating_environment | * | |
| dell | emc_vasa_provider_virtual_appliance | * | |
| dell | emc_vipr_srm | - | |
| dell | emc_vipr_srm | 3.7 | |
| dell | emc_vipr_srm | 3.7.1 | |
| dell | emc_vipr_srm | 3.7.2 | |
| dell | emc_vipr_srm | 4.0 | |
| dell | emc_vipr_srm | 4.0.1 | |
| dell | emc_vipr_srm | 4.0.2 | |
| dell | emc_vipr_srm | 4.0.3 | |
| dell | emc_vmax_embedded_management | * | |
| dell | emc_vmax_enas | 8.0 | |
| dell | emc_vmax_enas | 8.0.1 | |
| dell | emc_vnx1_operating_environment | 05.32.000.5.225 | |
| dell | emc_vnx1_operating_environment | 7.1.82.0 | |
| dell | emc_vnx2_operating_environment | * | |
| dell | emc_vnx2_operating_environment | * | |
| dell | emc_vnxe_3100_operating_environment | - | |
| dell | emc_vnxe_3150_operating_environment | - | |
| dell | emc_vnxe_3300__operating_environment | - | |
| dell | emc_vnxe1600_operating_environment | * | |
| dell | emc_vnxe3200_operating_environment | - | |
| dell | emc_xtremio | 4.0 | |
| dell | emc_xtremio | 4.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:emc_smis:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C4890CC-B6AF-4293-940B-6BA7A343AE0D",
"versionEndExcluding": "8.4.0.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_solutions_enabler_virtual_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02910BB4-7375-4399-8DFF-71CD44DDB5D7",
"versionEndExcluding": "8.4.0.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_unisphere:*:*:*:*:*:vmax_virtual_appliance:*:*",
"matchCriteriaId": "1A7DB792-1195-4B12-997A-71FFCDC5BD12",
"versionEndExcluding": "8.4.0.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_unity_operating_environment:*:*:*:*:*:*:*:*",
"matchCriteriaId": "40F0B685-3F39-4B78-925A-19ACF20E0114",
"versionEndExcluding": "4.3.0.1522077968",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_vasa_provider_virtual_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5BFACF5C-7D38-4BDA-92FD-D40404BF1A26",
"versionEndExcluding": "8.4.0.512",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_vipr_srm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "953D0732-6869-47A1-9A1D-B3D844E63120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_vipr_srm:3.7:*:*:*:*:windows:*:*",
"matchCriteriaId": "09ABC7C3-26EF-4D27-B814-C5EA8107C7BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_vipr_srm:3.7.1:*:*:*:*:windows:*:*",
"matchCriteriaId": "532479F9-83DC-47AC-B816-AA614447237E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_vipr_srm:3.7.2:*:*:*:*:windows:*:*",
"matchCriteriaId": "9D84812B-06DE-4362-830F-0997EC260B4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_vipr_srm:4.0:*:*:*:*:windows:*:*",
"matchCriteriaId": "1A669D38-8405-4A53-BF27-9D005D968CC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_vipr_srm:4.0.1:*:*:*:*:windows:*:*",
"matchCriteriaId": "C218A6C6-82A1-498B-B2E4-187031A2CC2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_vipr_srm:4.0.2:*:*:*:*:windows:*:*",
"matchCriteriaId": "369181DA-D10C-45C9-B3FA-115FE8D8D190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_vipr_srm:4.0.3:*:*:*:*:windows:*:*",
"matchCriteriaId": "0F448089-C90D-4EE4-BD6D-6757D13E6471",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_vmax_embedded_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A3549BA-CAF3-45A8-B7A9-508330EB5208",
"versionEndIncluding": "1.4.0.347",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_vmax_enas:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B755E0BF-FB16-449B-827C-B2552621A141",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_vmax_enas:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F9AB5710-44B2-43A9-8715-33E855002809",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_vnx1_operating_environment:05.32.000.5.225:*:*:*:*:block:*:*",
"matchCriteriaId": "E9EF3C50-4085-4BF5-9219-690115AD8467",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_vnx1_operating_environment:7.1.82.0:*:*:*:*:file:*:*",
"matchCriteriaId": "F9B59471-BBB6-443A-9450-08121701267F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_vnx2_operating_environment:*:*:*:*:*:block:*:*",
"matchCriteriaId": "5DCD4467-C1DF-455E-B079-F0A52991A818",
"versionEndExcluding": "05.33.009.5.231",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_vnx2_operating_environment:*:*:*:*:*:file:*:*",
"matchCriteriaId": "EB4C5340-CAD6-40FC-A0C4-1116150C5A0E",
"versionEndExcluding": "8.1.9.231",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_vnxe_3100_operating_environment:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9CFCEFE2-675E-4081-9EC6-15B8E24B9F6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_vnxe_3150_operating_environment:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98673570-1E9C-4452-8B37-29D5E9ED2C7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_vnxe_3300__operating_environment:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DCA77A62-9B38-41B6-B472-419B6CCA9FEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_vnxe1600_operating_environment:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1C76DD84-7211-4E0E-AFF7-3471267FE511",
"versionEndExcluding": "3.1.9.9570228",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_vnxe3200_operating_environment:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97C1ABE7-47C2-4DA2-921A-E6A432EECCE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_xtremio:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "05CAC762-BF62-4D54-8505-2052FD800201",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_xtremio:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "90F3C198-E9B7-4D6E-817A-C413DD5B54DD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Dell EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4.0.8, Dell EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.8, Dell EMC VASA Provider Virtual Appliance versions prior to 8.4.0.512, Dell EMC SMIS versions prior to 8.4.0.6, Dell EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4.0.347, Dell EMC VNX2 Operating Environment (OE) for File versions prior to 8.1.9.231, Dell EMC VNX2 Operating Environment (OE) for Block versions prior to 05.33.009.5.231, Dell EMC VNX1 Operating Environment (OE) for File versions prior to 7.1.82.0, Dell EMC VNX1 Operating Environment (OE) for Block versions prior to 05.32.000.5.225, Dell EMC VNXe3200 Operating Environment (OE) all versions, Dell EMC VNXe1600 Operating Environment (OE) versions prior to 3.1.9.9570228, Dell EMC VNXe 3100/3150/3300 Operating Environment (OE) all versions, Dell EMC ViPR SRM versions 3.7, 3.7.1, 3.7.2 (only if using Dell EMC Host Interface for Windows), Dell EMC ViPR SRM versions 4.0, 4.0.1, 4.0.2, 4.0.3 (only if using Dell EMC Host Interface for Windows), Dell EMC XtremIO versions 4.x, Dell EMC VMAX eNAS version 8.x, Dell EMC Unity Operating Environment (OE) versions prior to 4.3.0.1522077968, ECOM is affected by a XXE injection vulnerability due to the configuration of the XML parser shipped with the product. XXE Injection attack may occur when XML input containing a reference to an external entity (defined by the attacker) is processed by an affected XML parser. XXE Injection may allow attackers to gain unauthorized access to files containing sensitive information or may be used to cause denial-of-service."
},
{
"lang": "es",
"value": "En Dell EMC Unisphere for VMAX Virtual Appliance en versiones anteriores a la 8.4.0.8; Dell EMC Solutions Enabler Virtual Appliance en versiones anteriores a la 8.4.0.8; Dell EMC VASA Provider Virtual Appliance en versiones anteriores a la 8.4.0.512; Dell EMC SMIS en versiones anteriores a la 8.4.0.6; Dell EMC VMAX Embedded Management (eManagement) en versiones anteriores, e incluyendo, la 1.4.0.347; Dell EMC VNX2 Operating Environment (OE) for File en versiones anteriores a la 8.1.9.231; Dell EMC VNX2 Operating Environment (OE) for Block en versiones anteriores a la 05.33.009.5.231; Dell EMC VNX1 Operating Environment (OE) for File en versiones anteriores a la 7.1.82.0; Dell EMC VNX1 Operating Environment (OE) for Block en versiones anteriores a la 05.32.000.5.225; Dell EMC VNXe3200 Operating Environment (OE) en todas las versiones; Dell EMC VNXe1600 Operating Environment (OE) en versiones anteriores a la 3.1.9.9570228; Dell EMC VNXe 3100/3150/3300 Operating Environment (OE) en todas las versiones, Dell EMC ViPR SRM en versiones 3.7, 3.7.1 y 3.7.2 (solo si se usa Dell EMC Host Interface for Windows); Dell EMC ViPR SRM en versiones 4.0, 4.0.1, 4.0.2 y 4.0.3 (solo si se usa Dell EMC Host Interface for Windows); Dell EMC XtremIO en versiones 4.x; Dell EMC VMAX eNAS en versiones 8.x y Dell EMC Unity Operating Environment (OE) en versiones anteriores a la 4.3.0.1522077968, ECOM se ha visto afectado por una vulnerabilidad de XEE (XML External Entity) debido a la configuraci\u00f3n del analizador de XML distribuido con el producto. Podr\u00eda ocurrir un ataque de inyecci\u00f3n XEE cuando las entradas que contienen una referencia a una entidad externa (definida por un atacante) son procesadas por un analizador XML afectado. La inyecci\u00f3n XEE podr\u00eda permitir que los atacantes obtengan acceso no autorizado a los archivos que contienen informaci\u00f3n sensible o que podr\u00edan emplearse para provocar una denegaci\u00f3n de servicio (DoS)."
}
],
"id": "CVE-2018-1183",
"lastModified": "2024-11-21T03:59:21.123",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-30T20:29:00.310",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2018/Apr/61"
},
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2018/Apr/61"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104024"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-09-22 01:29
Modified
2025-04-20 01:37
Severity ?
Summary
In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Java Management Extensions (JMX) protocol used to communicate between components in the Alerting and/or Compliance components can be leveraged to create a denial of service (DoS) condition. Attackers with knowledge of JMX agent user credentials could potentially exploit this vulnerability to create arbitrary files on the affected system and create a DoS condition by leveraging inherent JMX protocol capabilities.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security_alert@emc.com | http://seclists.org/fulldisclosure/2017/Sep/51 | Mailing List, Third Party Advisory | |
| security_alert@emc.com | http://www.securityfocus.com/bid/100982 | Third Party Advisory, VDB Entry | |
| security_alert@emc.com | http://www.securitytracker.com/id/1039417 | Third Party Advisory, VDB Entry | |
| security_alert@emc.com | http://www.securitytracker.com/id/1039418 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2017/Sep/51 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/100982 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1039417 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1039418 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | emc_m\&r | * | |
| dell | emc_storage_monitoring_and_reporting | * | |
| dell | emc_vipr_srm | * | |
| dell | emc_vnx_monitoring_and_reporting | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:emc_m\\\u0026r:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4257D51A-8593-43F5-9C39-1D0BA9DD2C0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_storage_monitoring_and_reporting:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B368A32D-4310-476A-A012-67D9A77D4EC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_vipr_srm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "15CDF8E3-4681-48E5-A0D3-CF40E301D23C",
"versionEndIncluding": "4.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_vnx_monitoring_and_reporting:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7DC88D9-BBC4-47B7-83D4-6958FDD6FF55",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In EMC ViPR SRM, Storage M\u0026R, VNX M\u0026R, and M\u0026R (Watch4Net) for SAS Solution Packs, the Java Management Extensions (JMX) protocol used to communicate between components in the Alerting and/or Compliance components can be leveraged to create a denial of service (DoS) condition. Attackers with knowledge of JMX agent user credentials could potentially exploit this vulnerability to create arbitrary files on the affected system and create a DoS condition by leveraging inherent JMX protocol capabilities."
},
{
"lang": "es",
"value": "En EMC ViPR SRM, Storage MR, VNX MR y MR (Watch4Net) para SAS Solution Packs, el protocolo Java Management Extensions (JMX) empleado para la comunicaci\u00f3n entre componentes los componentes Alerting o Compliance puede aprovecharse para provocar una condici\u00f3n de denegaci\u00f3n de servicio. Los atacantes que conozcan las credenciales de usuario del agente JMX podr\u00edan explotar esta vulnerabilidad para crear archivos arbitrarios en el sistema afectado y crear una condici\u00f3n de denegaci\u00f3n de servicio mediante el aprovechamiento de las capacidades inherentes del protocolo JMX."
}
],
"id": "CVE-2017-8012",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-22T01:29:25.500",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/Sep/51"
},
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100982"
},
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039417"
},
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039418"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/Sep/51"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100982"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039417"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039418"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2018-1183 (GCVE-0-2018-1183)
Vulnerability from cvelistv5
Published
2018-04-30 20:00
Modified
2024-09-16 17:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- XXE injection vulnerability
Summary
In Dell EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4.0.8, Dell EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.8, Dell EMC VASA Provider Virtual Appliance versions prior to 8.4.0.512, Dell EMC SMIS versions prior to 8.4.0.6, Dell EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4.0.347, Dell EMC VNX2 Operating Environment (OE) for File versions prior to 8.1.9.231, Dell EMC VNX2 Operating Environment (OE) for Block versions prior to 05.33.009.5.231, Dell EMC VNX1 Operating Environment (OE) for File versions prior to 7.1.82.0, Dell EMC VNX1 Operating Environment (OE) for Block versions prior to 05.32.000.5.225, Dell EMC VNXe3200 Operating Environment (OE) all versions, Dell EMC VNXe1600 Operating Environment (OE) versions prior to 3.1.9.9570228, Dell EMC VNXe 3100/3150/3300 Operating Environment (OE) all versions, Dell EMC ViPR SRM versions 3.7, 3.7.1, 3.7.2 (only if using Dell EMC Host Interface for Windows), Dell EMC ViPR SRM versions 4.0, 4.0.1, 4.0.2, 4.0.3 (only if using Dell EMC Host Interface for Windows), Dell EMC XtremIO versions 4.x, Dell EMC VMAX eNAS version 8.x, Dell EMC Unity Operating Environment (OE) versions prior to 4.3.0.1522077968, ECOM is affected by a XXE injection vulnerability due to the configuration of the XML parser shipped with the product. XXE Injection attack may occur when XML input containing a reference to an external entity (defined by the attacker) is processed by an affected XML parser. XXE Injection may allow attackers to gain unauthorized access to files containing sensitive information or may be used to cause denial-of-service.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell EMC | Dell EMC Unisphere for VMAX Virtual Appliance, Dell EMC Solutions Enabler Virtual Appliance, Dell EMC VASA Provider Virtual Appliance, Dell EMC SMIS, Dell EMC VMAX Embedded Management (eManagement), Dell EMC VNX2 Operating Environment (OE) for File, Dell EMC VNX2 Operating Environment (OE) for Block, Dell EMC VNX1 Operating Environment (OE) for File, Dell EMC VNX1 Operating Environment (OE) for Block, Dell EMC VNXe3200 Operating Environment (OE), Dell EMC VNXe1600 Operating Environment (OE), Dell EMC VNXe 3100/3150/3300 Operating Environment (OE), Dell EMC ViPR SRM, Dell EMC ViPR SRM, Dell EMC XtremIO, Dell EMC VMAX eNAS, Dell EMC Unity Operating Environment (OE) |
Version: Dell EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4.0.8, Dell EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.8, Dell EMC VASA Provider Virtual Appliance versions prior to 8.4.0.512, Dell EMC SMIS versions prior to 8.4.0.6, Dell EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4.0.347, Dell EMC VNX2 Operating Environment (OE) for File versions prior to 8.1.9.231, Dell EMC VNX2 Operating Environment (OE) for Block versions prior to 05.33.009.5.231, Dell EMC VNX1 Operating Environment (OE) for File versions prior to 7.1.82.0, Dell EMC VNX1 Operating Environment (OE) for Block versions prior to 05.32.000.5.225, Dell EMC VNXe3200 Operating Environment (OE) all versions, Dell EMC VNXe1600 Operating Environment (OE) versions prior to 3.1.9.9570228, Dell EMC VNXe 3100/3150/3300 Operating Environment (OE) all versions, Dell EMC ViPR SRM versions 3.7, 3.7.1, 3.7.2 (only if using Dell EMC Host Interface for Windows), Dell EMC ViPR SRM versions ...[truncated*] |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:51:49.021Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20180425 DSA-2018-013: Dell EMC ECOM XML External Entity Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2018/Apr/61"
},
{
"name": "104024",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104024"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Dell EMC Unisphere for VMAX Virtual Appliance, Dell EMC Solutions Enabler Virtual Appliance, Dell EMC VASA Provider Virtual Appliance, Dell EMC SMIS, Dell EMC VMAX Embedded Management (eManagement), Dell EMC VNX2 Operating Environment (OE) for File, Dell EMC VNX2 Operating Environment (OE) for Block, Dell EMC VNX1 Operating Environment (OE) for File, Dell EMC VNX1 Operating Environment (OE) for Block, Dell EMC VNXe3200 Operating Environment (OE), Dell EMC VNXe1600 Operating Environment (OE), Dell EMC VNXe 3100/3150/3300 Operating Environment (OE), Dell EMC ViPR SRM, Dell EMC ViPR SRM, Dell EMC XtremIO, Dell EMC VMAX eNAS, Dell EMC Unity Operating Environment (OE)",
"vendor": "Dell EMC",
"versions": [
{
"status": "affected",
"version": "Dell EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4.0.8, Dell EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.8, Dell EMC VASA Provider Virtual Appliance versions prior to 8.4.0.512, Dell EMC SMIS versions prior to 8.4.0.6, Dell EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4.0.347, Dell EMC VNX2 Operating Environment (OE) for File versions prior to 8.1.9.231, Dell EMC VNX2 Operating Environment (OE) for Block versions prior to 05.33.009.5.231, Dell EMC VNX1 Operating Environment (OE) for File versions prior to 7.1.82.0, Dell EMC VNX1 Operating Environment (OE) for Block versions prior to 05.32.000.5.225, Dell EMC VNXe3200 Operating Environment (OE) all versions, Dell EMC VNXe1600 Operating Environment (OE) versions prior to 3.1.9.9570228, Dell EMC VNXe 3100/3150/3300 Operating Environment (OE) all versions, Dell EMC ViPR SRM versions 3.7, 3.7.1, 3.7.2 (only if using Dell EMC Host Interface for Windows), Dell EMC ViPR SRM versions ...[truncated*]"
}
]
}
],
"datePublic": "2018-04-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Dell EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4.0.8, Dell EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.8, Dell EMC VASA Provider Virtual Appliance versions prior to 8.4.0.512, Dell EMC SMIS versions prior to 8.4.0.6, Dell EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4.0.347, Dell EMC VNX2 Operating Environment (OE) for File versions prior to 8.1.9.231, Dell EMC VNX2 Operating Environment (OE) for Block versions prior to 05.33.009.5.231, Dell EMC VNX1 Operating Environment (OE) for File versions prior to 7.1.82.0, Dell EMC VNX1 Operating Environment (OE) for Block versions prior to 05.32.000.5.225, Dell EMC VNXe3200 Operating Environment (OE) all versions, Dell EMC VNXe1600 Operating Environment (OE) versions prior to 3.1.9.9570228, Dell EMC VNXe 3100/3150/3300 Operating Environment (OE) all versions, Dell EMC ViPR SRM versions 3.7, 3.7.1, 3.7.2 (only if using Dell EMC Host Interface for Windows), Dell EMC ViPR SRM versions 4.0, 4.0.1, 4.0.2, 4.0.3 (only if using Dell EMC Host Interface for Windows), Dell EMC XtremIO versions 4.x, Dell EMC VMAX eNAS version 8.x, Dell EMC Unity Operating Environment (OE) versions prior to 4.3.0.1522077968, ECOM is affected by a XXE injection vulnerability due to the configuration of the XML parser shipped with the product. XXE Injection attack may occur when XML input containing a reference to an external entity (defined by the attacker) is processed by an affected XML parser. XXE Injection may allow attackers to gain unauthorized access to files containing sensitive information or may be used to cause denial-of-service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XXE injection vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-01T09:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "20180425 DSA-2018-013: Dell EMC ECOM XML External Entity Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2018/Apr/61"
},
{
"name": "104024",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104024"
}
],
"x_ConverterErrors": {
"version_name": {
"error": "version_name too long. Use array of versions to record more than one version.",
"message": "Truncated!"
}
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2018-04-25T00:00:00",
"ID": "CVE-2018-1183",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Dell EMC Unisphere for VMAX Virtual Appliance, Dell EMC Solutions Enabler Virtual Appliance, Dell EMC VASA Provider Virtual Appliance, Dell EMC SMIS, Dell EMC VMAX Embedded Management (eManagement), Dell EMC VNX2 Operating Environment (OE) for File, Dell EMC VNX2 Operating Environment (OE) for Block, Dell EMC VNX1 Operating Environment (OE) for File, Dell EMC VNX1 Operating Environment (OE) for Block, Dell EMC VNXe3200 Operating Environment (OE), Dell EMC VNXe1600 Operating Environment (OE), Dell EMC VNXe 3100/3150/3300 Operating Environment (OE), Dell EMC ViPR SRM, Dell EMC ViPR SRM, Dell EMC XtremIO, Dell EMC VMAX eNAS, Dell EMC Unity Operating Environment (OE)",
"version": {
"version_data": [
{
"version_value": "Dell EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4.0.8, Dell EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.8, Dell EMC VASA Provider Virtual Appliance versions prior to 8.4.0.512, Dell EMC SMIS versions prior to 8.4.0.6, Dell EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4.0.347, Dell EMC VNX2 Operating Environment (OE) for File versions prior to 8.1.9.231, Dell EMC VNX2 Operating Environment (OE) for Block versions prior to 05.33.009.5.231, Dell EMC VNX1 Operating Environment (OE) for File versions prior to 7.1.82.0, Dell EMC VNX1 Operating Environment (OE) for Block versions prior to 05.32.000.5.225, Dell EMC VNXe3200 Operating Environment (OE) all versions, Dell EMC VNXe1600 Operating Environment (OE) versions prior to 3.1.9.9570228, Dell EMC VNXe 3100/3150/3300 Operating Environment (OE) all versions, Dell EMC ViPR SRM versions 3.7, 3.7.1, 3.7.2 (only if using Dell EMC Host Interface for Windows), Dell EMC ViPR SRM versions 4.0, 4.0.1, 4.0.2, 4.0.3 (only if using Dell EMC Host Interface for Windows), Dell EMC XtremIO versions 4.x, Dell EMC VMAX eNAS version 8.x, Dell EMC Unity Operating Environment (OE) versions prior to 4.3.0.1522077968"
}
]
}
}
]
},
"vendor_name": "Dell EMC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Dell EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4.0.8, Dell EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.8, Dell EMC VASA Provider Virtual Appliance versions prior to 8.4.0.512, Dell EMC SMIS versions prior to 8.4.0.6, Dell EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4.0.347, Dell EMC VNX2 Operating Environment (OE) for File versions prior to 8.1.9.231, Dell EMC VNX2 Operating Environment (OE) for Block versions prior to 05.33.009.5.231, Dell EMC VNX1 Operating Environment (OE) for File versions prior to 7.1.82.0, Dell EMC VNX1 Operating Environment (OE) for Block versions prior to 05.32.000.5.225, Dell EMC VNXe3200 Operating Environment (OE) all versions, Dell EMC VNXe1600 Operating Environment (OE) versions prior to 3.1.9.9570228, Dell EMC VNXe 3100/3150/3300 Operating Environment (OE) all versions, Dell EMC ViPR SRM versions 3.7, 3.7.1, 3.7.2 (only if using Dell EMC Host Interface for Windows), Dell EMC ViPR SRM versions 4.0, 4.0.1, 4.0.2, 4.0.3 (only if using Dell EMC Host Interface for Windows), Dell EMC XtremIO versions 4.x, Dell EMC VMAX eNAS version 8.x, Dell EMC Unity Operating Environment (OE) versions prior to 4.3.0.1522077968, ECOM is affected by a XXE injection vulnerability due to the configuration of the XML parser shipped with the product. XXE Injection attack may occur when XML input containing a reference to an external entity (defined by the attacker) is processed by an affected XML parser. XXE Injection may allow attackers to gain unauthorized access to files containing sensitive information or may be used to cause denial-of-service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XXE injection vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20180425 DSA-2018-013: Dell EMC ECOM XML External Entity Injection Vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Apr/61"
},
{
"name": "104024",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104024"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2018-1183",
"datePublished": "2018-04-30T20:00:00Z",
"dateReserved": "2017-12-06T00:00:00",
"dateUpdated": "2024-09-16T17:58:56.361Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8012 (GCVE-0-2017-8012)
Vulnerability from cvelistv5
Published
2017-09-22 01:00
Modified
2024-08-05 16:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Denial of Service
Summary
In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Java Management Extensions (JMX) protocol used to communicate between components in the Alerting and/or Compliance components can be leveraged to create a denial of service (DoS) condition. Attackers with knowledge of JMX agent user credentials could potentially exploit this vulnerability to create arbitrary files on the affected system and create a DoS condition by leveraging inherent JMX protocol capabilities.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R (Watch4Net) for SAS Solution Packs |
Version: EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R (Watch4Net) for SAS Solution Packs |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:19:29.486Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1039418",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039418"
},
{
"name": "100982",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100982"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2017/Sep/51"
},
{
"name": "1039417",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039417"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EMC ViPR SRM, EMC Storage M\u0026R, EMC VNX M\u0026R, EMC M\u0026R (Watch4Net) for SAS Solution Packs",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "EMC ViPR SRM, EMC Storage M\u0026R, EMC VNX M\u0026R, EMC M\u0026R (Watch4Net) for SAS Solution Packs"
}
]
}
],
"datePublic": "2017-09-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In EMC ViPR SRM, Storage M\u0026R, VNX M\u0026R, and M\u0026R (Watch4Net) for SAS Solution Packs, the Java Management Extensions (JMX) protocol used to communicate between components in the Alerting and/or Compliance components can be leveraged to create a denial of service (DoS) condition. Attackers with knowledge of JMX agent user credentials could potentially exploit this vulnerability to create arbitrary files on the affected system and create a DoS condition by leveraging inherent JMX protocol capabilities."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-26T09:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "1039418",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039418"
},
{
"name": "100982",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100982"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://seclists.org/fulldisclosure/2017/Sep/51"
},
{
"name": "1039417",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039417"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2017-8012",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EMC ViPR SRM, EMC Storage M\u0026R, EMC VNX M\u0026R, EMC M\u0026R (Watch4Net) for SAS Solution Packs",
"version": {
"version_data": [
{
"version_value": "EMC ViPR SRM, EMC Storage M\u0026R, EMC VNX M\u0026R, EMC M\u0026R (Watch4Net) for SAS Solution Packs"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In EMC ViPR SRM, Storage M\u0026R, VNX M\u0026R, and M\u0026R (Watch4Net) for SAS Solution Packs, the Java Management Extensions (JMX) protocol used to communicate between components in the Alerting and/or Compliance components can be leveraged to create a denial of service (DoS) condition. Attackers with knowledge of JMX agent user credentials could potentially exploit this vulnerability to create arbitrary files on the affected system and create a DoS condition by leveraging inherent JMX protocol capabilities."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1039418",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039418"
},
{
"name": "100982",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100982"
},
{
"name": "http://seclists.org/fulldisclosure/2017/Sep/51",
"refsource": "CONFIRM",
"url": "http://seclists.org/fulldisclosure/2017/Sep/51"
},
{
"name": "1039417",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039417"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2017-8012",
"datePublished": "2017-09-22T01:00:00",
"dateReserved": "2017-04-21T00:00:00",
"dateUpdated": "2024-08-05T16:19:29.486Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8011 (GCVE-0-2017-8011)
Vulnerability from cvelistv5
Published
2017-07-17 14:00
Modified
2024-08-05 16:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- undocumented accounts vulnerability
Summary
EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R for SAS Solution Packs (EMC ViPR SRM prior to 4.1, EMC Storage M&R prior to 4.1, EMC VNX M&R all versions, EMC M&R (Watch4Net) for SAS Solution Packs all versions) contain undocumented accounts with default passwords for Webservice Gateway and RMI JMX components. A remote attacker with the knowledge of the default password may potentially use these accounts to run arbitrary web service and remote procedure calls on the affected system.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R (Watch4Net) |
Version: EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R (Watch4Net) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:19:29.762Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1038905",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038905"
},
{
"name": "99555",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99555"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2017/Jul/21"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EMC ViPR SRM, EMC Storage M\u0026R, EMC VNX M\u0026R, EMC M\u0026R (Watch4Net)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "EMC ViPR SRM, EMC Storage M\u0026R, EMC VNX M\u0026R, EMC M\u0026R (Watch4Net)"
}
]
}
],
"datePublic": "2017-07-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "EMC ViPR SRM, EMC Storage M\u0026R, EMC VNX M\u0026R, EMC M\u0026R for SAS Solution Packs (EMC ViPR SRM prior to 4.1, EMC Storage M\u0026R prior to 4.1, EMC VNX M\u0026R all versions, EMC M\u0026R (Watch4Net) for SAS Solution Packs all versions) contain undocumented accounts with default passwords for Webservice Gateway and RMI JMX components. A remote attacker with the knowledge of the default password may potentially use these accounts to run arbitrary web service and remote procedure calls on the affected system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "undocumented accounts vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-18T09:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "1038905",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038905"
},
{
"name": "99555",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99555"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://seclists.org/fulldisclosure/2017/Jul/21"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2017-8011",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EMC ViPR SRM, EMC Storage M\u0026R, EMC VNX M\u0026R, EMC M\u0026R (Watch4Net)",
"version": {
"version_data": [
{
"version_value": "EMC ViPR SRM, EMC Storage M\u0026R, EMC VNX M\u0026R, EMC M\u0026R (Watch4Net)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC ViPR SRM, EMC Storage M\u0026R, EMC VNX M\u0026R, EMC M\u0026R for SAS Solution Packs (EMC ViPR SRM prior to 4.1, EMC Storage M\u0026R prior to 4.1, EMC VNX M\u0026R all versions, EMC M\u0026R (Watch4Net) for SAS Solution Packs all versions) contain undocumented accounts with default passwords for Webservice Gateway and RMI JMX components. A remote attacker with the knowledge of the default password may potentially use these accounts to run arbitrary web service and remote procedure calls on the affected system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "undocumented accounts vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038905",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038905"
},
{
"name": "99555",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99555"
},
{
"name": "http://seclists.org/fulldisclosure/2017/Jul/21",
"refsource": "CONFIRM",
"url": "http://seclists.org/fulldisclosure/2017/Jul/21"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2017-8011",
"datePublished": "2017-07-17T14:00:00",
"dateReserved": "2017-04-21T00:00:00",
"dateUpdated": "2024-08-05T16:19:29.762Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8007 (GCVE-0-2017-8007)
Vulnerability from cvelistv5
Published
2017-09-22 01:00
Modified
2024-08-05 16:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Directory Traversal
Summary
In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Webservice Gateway is affected by a directory traversal vulnerability. Attackers with knowledge of Webservice Gateway credentials could potentially exploit this vulnerability to access unauthorized information, and modify or delete data, by supplying specially crafted strings in input parameters of the web service call.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R (Watch4Net) for SAS Solution Packs |
Version: EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R (Watch4Net) for SAS Solution Packs |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:19:29.489Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "100957",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100957"
},
{
"name": "1039418",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039418"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2017/Sep/51"
},
{
"name": "1039417",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039417"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EMC ViPR SRM, EMC Storage M\u0026R, EMC VNX M\u0026R, EMC M\u0026R (Watch4Net) for SAS Solution Packs",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "EMC ViPR SRM, EMC Storage M\u0026R, EMC VNX M\u0026R, EMC M\u0026R (Watch4Net) for SAS Solution Packs"
}
]
}
],
"datePublic": "2017-09-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In EMC ViPR SRM, Storage M\u0026R, VNX M\u0026R, and M\u0026R (Watch4Net) for SAS Solution Packs, the Webservice Gateway is affected by a directory traversal vulnerability. Attackers with knowledge of Webservice Gateway credentials could potentially exploit this vulnerability to access unauthorized information, and modify or delete data, by supplying specially crafted strings in input parameters of the web service call."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory Traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-23T09:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "100957",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100957"
},
{
"name": "1039418",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039418"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://seclists.org/fulldisclosure/2017/Sep/51"
},
{
"name": "1039417",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039417"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2017-8007",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EMC ViPR SRM, EMC Storage M\u0026R, EMC VNX M\u0026R, EMC M\u0026R (Watch4Net) for SAS Solution Packs",
"version": {
"version_data": [
{
"version_value": "EMC ViPR SRM, EMC Storage M\u0026R, EMC VNX M\u0026R, EMC M\u0026R (Watch4Net) for SAS Solution Packs"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In EMC ViPR SRM, Storage M\u0026R, VNX M\u0026R, and M\u0026R (Watch4Net) for SAS Solution Packs, the Webservice Gateway is affected by a directory traversal vulnerability. Attackers with knowledge of Webservice Gateway credentials could potentially exploit this vulnerability to access unauthorized information, and modify or delete data, by supplying specially crafted strings in input parameters of the web service call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100957",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100957"
},
{
"name": "1039418",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039418"
},
{
"name": "http://seclists.org/fulldisclosure/2017/Sep/51",
"refsource": "CONFIRM",
"url": "http://seclists.org/fulldisclosure/2017/Sep/51"
},
{
"name": "1039417",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039417"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2017-8007",
"datePublished": "2017-09-22T01:00:00",
"dateReserved": "2017-04-21T00:00:00",
"dateUpdated": "2024-08-05T16:19:29.489Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}