CVE-2017-8007 — Path Traversal in Dell EMC Vipr SRM

CWE-22 — Path Traversal4 documents4 sources

Severity

8.8HIGHNVD

EPSS

1.6%

top 18.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell EMC Vipr SRM

Timeline

PublishedSep 22

Latest updateMay 13

Description

In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Webservice Gateway is affected by a directory traversal vulnerability. Attackers with knowledge of Webservice Gateway credentials could potentially exploit this vulnerability to access unauthorized information, and modify or delete data, by supplying specially crafted strings in input parameters of the web service call.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

▶NVDdell/emc_vipr_srm4.0.2

🔴Vulnerability Details

GHSA

GHSA-xvr5-pqwf-8crh: In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Webservice Gateway is affected by a directory traversal vulnera↗2022-05-13

▶

CVEList

CVE-2017-8007: In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Webservice Gateway is affected by a directory traversal vulnera↗2017-09-22

▶

💬Community

Bugzilla

CVE-2018-11769 couchdb: Possible privilege escalation by couchdb administrator to system couchdb user↗2018-12-18

▶