CVE-2017-15550

An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could access arbitrary files on the server file system in the context of the running vulnerable application via Path traversal.
References
Link Resource
http://seclists.org/fulldisclosure/2018/Jan/17 Issue Tracking Mailing List Third Party Advisory
http://www.securityfocus.com/bid/102358 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1040070 Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2018/Jan/17 Issue Tracking Mailing List Third Party Advisory
http://www.securityfocus.com/bid/102358 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1040070 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:emc:avamar_server:7.1-21:sp2:*:*:*:*:*:*
cpe:2.3:a:emc:avamar_server:7.1-145:sp1:*:*:*:*:*:*
cpe:2.3:a:emc:avamar_server:7.1-302:*:*:*:*:*:*:*
cpe:2.3:a:emc:avamar_server:7.1-370:*:*:*:*:*:*:*
cpe:2.3:a:emc:avamar_server:7.2-32:sp1:*:*:*:*:*:*
cpe:2.3:a:emc:avamar_server:7.2-309:*:*:*:*:*:*:*
cpe:2.3:a:emc:avamar_server:7.2-401:*:*:*:*:*:*:*
cpe:2.3:a:emc:avamar_server:7.3-125:sp1:*:*:*:*:*:*
cpe:2.3:a:emc:avamar_server:7.3-211:*:*:*:*:*:*:*
cpe:2.3:a:emc:avamar_server:7.3-226:*:*:*:*:*:*:*
cpe:2.3:a:emc:avamar_server:7.3-233:*:*:*:*:*:*:*
cpe:2.3:a:emc:avamar_server:7.4-58:sp1:*:*:*:*:*:*
cpe:2.3:a:emc:avamar_server:7.4-242:*:*:*:*:*:*:*
cpe:2.3:a:emc:avamar_server:7.5-183:*:*:*:*:*:*:*
cpe:2.3:a:emc:integrated_data_protection_appliance:2.0:*:*:*:*:*:*:*
cpe:2.3:a:emc:networker:9.0:*:*:*:virtual:*:*:*
cpe:2.3:a:emc:networker:9.1:*:*:*:virtual:*:*:*
cpe:2.3:a:emc:networker:9.2:*:*:*:virtual:*:*:*

History

21 Nov 2024, 03:14

Type Values Removed Values Added
References () http://seclists.org/fulldisclosure/2018/Jan/17 - Issue Tracking, Mailing List, Third Party Advisory () http://seclists.org/fulldisclosure/2018/Jan/17 - Issue Tracking, Mailing List, Third Party Advisory
References () http://www.securityfocus.com/bid/102358 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/102358 - Third Party Advisory, VDB Entry
References () http://www.securitytracker.com/id/1040070 - Third Party Advisory, VDB Entry () http://www.securitytracker.com/id/1040070 - Third Party Advisory, VDB Entry

Information

Published : 2018-01-05 17:29

Updated : 2024-11-21 03:14


NVD link : CVE-2017-15550

Mitre link : CVE-2017-15550

CVE.ORG link : CVE-2017-15550


JSON object : View

Products Affected

emc

  • networker
  • integrated_data_protection_appliance
  • avamar_server
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')