CVE-2017-8007
published 2017-09-22CVE-2017-8007: In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Webservice Gateway is affected by a directory traversal vulnerability…
PriorityP352high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
2.96%
85.5th percentile
In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Webservice Gateway is affected by a directory traversal vulnerability. Attackers with knowledge of Webservice Gateway credentials could potentially exploit this vulnerability to access unauthorized information, and modify or delete data, by supplying specially crafted strings in input parameters of the web service call.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dell | emc_vipr_srm | <= 4.0.2 | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
http://seclists.org/fulldisclosure/2017/Sep/51http://www.securityfocus.com/bid/100957http://www.securitytracker.com/id/1039417http://www.securitytracker.com/id/1039418http://seclists.org/fulldisclosure/2017/Sep/51http://www.securityfocus.com/bid/100957http://www.securitytracker.com/id/1039417http://www.securitytracker.com/id/1039418
2017-09-22
Published