In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Webservice Gateway is affected by a directory traversal vulnerability. Attackers with knowledge of Webservice Gateway credentials could potentially exploit this vulnerability to access unauthorized information, and modify or delete data, by supplying specially crafted strings in input parameters of the web service call.
References
Link | Resource |
---|---|
http://seclists.org/fulldisclosure/2017/Sep/51 | Mailing List Third Party Advisory |
http://www.securityfocus.com/bid/100957 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1039417 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1039418 | Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2017-09-22 01:29
Updated : 2024-02-28 16:04
NVD link : CVE-2017-8007
Mitre link : CVE-2017-8007
CVE.ORG link : CVE-2017-8007
JSON object : View
Products Affected
dell
- emc_vipr_srm
- emc_vnx_monitoring_and_reporting
- emc_m\&r
- emc_storage_monitoring_and_reporting
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')