CVE-2016-6645 — Improper Input Validation in Dell EMC Unisphere

CWE-20 — Improper Input Validation3 documents3 sources

Severity

8.8HIGHNVD

EPSS

1.3%

top 19.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell EMC Unisphere EMC Solutions Enabler EMC Unisphere

Timeline

PublishedOct 5

Latest updateMay 13

Description

The vApp Managers web application in EMC Unisphere for VMAX Virtual Appliance 8.x before 8.3.0 and Solutions Enabler Virtual Appliance 8.x before 8.3.0 allows remote authenticated users to execute arbitrary code via crafted input to the (1) GeneralCmdRequest, (2) PersistantDataRequest, or (3) GetCommandExecRequest class.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

▶NVDemc/solutions_enabler5 versions+4

▶NVDemc/unisphere8.0.3

▶NVDdell/emc_unisphere4 versions+3

🔴Vulnerability Details

GHSA

GHSA-x7m5-r44w-528r: The vApp Managers web application in EMC Unisphere for VMAX Virtual Appliance 8↗2022-05-13

▶

CVEList

CVE-2016-6645: The vApp Managers web application in EMC Unisphere for VMAX Virtual Appliance 8↗2016-10-05

▶