CVE-2017-8012

{"id": "CVE-2017-8012", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.4, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 2.2}]}, "published": "2017-09-22T01:29:25.500", "references": [{"url": "http://seclists.org/fulldisclosure/2017/Sep/51", "tags": ["Mailing List", "Third Party Advisory"], "source": "security_alert@emc.com"}, {"url": "http://www.securityfocus.com/bid/100982", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security_alert@emc.com"}, {"url": "http://www.securitytracker.com/id/1039417", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security_alert@emc.com"}, {"url": "http://www.securitytracker.com/id/1039418", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security_alert@emc.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Java Management Extensions (JMX) protocol used to communicate between components in the Alerting and/or Compliance components can be leveraged to create a denial of service (DoS) condition. Attackers with knowledge of JMX agent user credentials could potentially exploit this vulnerability to create arbitrary files on the affected system and create a DoS condition by leveraging inherent JMX protocol capabilities."}, {"lang": "es", "value": "En EMC ViPR SRM, Storage MR, VNX MR y MR (Watch4Net) para SAS Solution Packs, el protocolo Java Management Extensions (JMX) empleado para la comunicaci\u00f3n entre componentes los componentes Alerting o Compliance puede aprovecharse para provocar una condici\u00f3n de denegaci\u00f3n de servicio. Los atacantes que conozcan las credenciales de usuario del agente JMX podr\u00edan explotar esta vulnerabilidad para crear archivos arbitrarios en el sistema afectado y crear una condici\u00f3n de denegaci\u00f3n de servicio mediante el aprovechamiento de las capacidades inherentes del protocolo JMX."}], "lastModified": "2021-09-13T12:07:25.187", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dell:emc_m\\&r:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4257D51A-8593-43F5-9C39-1D0BA9DD2C0F"}, {"criteria": "cpe:2.3:a:dell:emc_storage_monitoring_and_reporting:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B368A32D-4310-476A-A012-67D9A77D4EC8"}, {"criteria": "cpe:2.3:a:dell:emc_vipr_srm:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "15CDF8E3-4681-48E5-A0D3-CF40E301D23C", "versionEndIncluding": "4.0.2"}, {"criteria": "cpe:2.3:a:dell:emc_vnx_monitoring_and_reporting:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D7DC88D9-BBC4-47B7-83D4-6958FDD6FF55"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}