← Back to CVEs
CVE-2017-8007
HIGH8.8
Description
In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Webservice Gateway is affected by a directory traversal vulnerability. Attackers with knowledge of Webservice Gateway credentials could potentially exploit this vulnerability to access unauthorized information, and modify or delete data, by supplying specially crafted strings in input parameters of the web service call.
CVE Details
CVSS v3.1 Score8.8
SeverityHIGH
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
Published9/22/2017
Last Modified4/20/2025
Sourcenvd
Honeypot Sightings0
Affected Products
dell:emc_m\&rdell:emc_storage_monitoring_and_reportingdell:emc_vipr_srmdell:emc_vnx_monitoring_and_reporting
Weaknesses (CWE)
CWE-22
References
http://seclists.org/fulldisclosure/2017/Sep/51(security_alert@emc.com)
http://www.securityfocus.com/bid/100957(security_alert@emc.com)
http://www.securitytracker.com/id/1039417(security_alert@emc.com)
http://www.securitytracker.com/id/1039418(security_alert@emc.com)
http://seclists.org/fulldisclosure/2017/Sep/51(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/100957(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1039417(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1039418(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.