CVE-2016-6646 — Improper Input Validation in Dell EMC Unisphere

CWE-20 — Improper Input Validation3 documents3 sources

Severity

9.8CRITICALNVD

EPSS

3.9%

top 11.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell EMC Unisphere EMC Solutions Enabler EMC Unisphere

Timeline

PublishedOct 5

Latest updateMay 13

Description

The vApp Managers web application in EMC Unisphere for VMAX Virtual Appliance 8.x before 8.3.0 and Solutions Enabler Virtual Appliance 8.x before 8.3.0 allows remote attackers to execute arbitrary code via crafted input to the (1) GetSymmCmdRequest or (2) RemoteServiceHandler class.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶NVDemc/solutions_enabler5 versions+4

▶NVDemc/unisphere8.0.3

▶NVDdell/emc_unisphere4 versions+3

🔴Vulnerability Details

GHSA

GHSA-v9f4-qj25-m829: The vApp Managers web application in EMC Unisphere for VMAX Virtual Appliance 8↗2022-05-13

▶

CVEList

CVE-2016-6646: The vApp Managers web application in EMC Unisphere for VMAX Virtual Appliance 8↗2016-10-05

▶