← Zuruck zu CVEs
CVE-2017-8007
HIGH8.8
Beschreibung
In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Webservice Gateway is affected by a directory traversal vulnerability. Attackers with knowledge of Webservice Gateway credentials could potentially exploit this vulnerability to access unauthorized information, and modify or delete data, by supplying specially crafted strings in input parameters of the web service call.
CVE Details
CVSS v3.1 Bewertung8.8
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienLOW
BenutzerinteraktionNONE
Veroffentlicht9/22/2017
Zuletzt geandert4/20/2025
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
dell:emc_m\&rdell:emc_storage_monitoring_and_reportingdell:emc_vipr_srmdell:emc_vnx_monitoring_and_reporting
Schwachen (CWE)
CWE-22
Referenzen
http://seclists.org/fulldisclosure/2017/Sep/51(security_alert@emc.com)
http://www.securityfocus.com/bid/100957(security_alert@emc.com)
http://www.securitytracker.com/id/1039417(security_alert@emc.com)
http://www.securitytracker.com/id/1039418(security_alert@emc.com)
http://seclists.org/fulldisclosure/2017/Sep/51(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/100957(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1039417(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1039418(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.