CVE-2017-8012
published 2017-09-22CVE-2017-8012: In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Java Management Extensions (JMX) protocol used to communicate between…
PriorityP343high7.4CVSS 3.1
AVNACHPRNUINSUCNIHAH
EPSS
1.92%
77.4th percentile
In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Java Management Extensions (JMX) protocol used to communicate between components in the Alerting and/or Compliance components can be leveraged to create a denial of service (DoS) condition. Attackers with knowledge of JMX agent user credentials could potentially exploit this vulnerability to create arbitrary files on the affected system and create a DoS condition by leveraging inherent JMX protocol capabilities.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | zookeeper | >= 0 < 3.4.5+dfsg-1ubuntu0.1~esm1 | 3.4.5+dfsg-1ubuntu0.1~esm1 |
| apache | zookeeper | >= 0 < 3.4.8-1ubuntu0.1~esm1 | 3.4.8-1ubuntu0.1~esm1 |
| dell | emc_vipr_srm | <= 4.0.2 | — |
CVSS provenance
nvdv3.17.4HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
nvdv2.05.8MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:P
osv8.1HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-rg2r-4fr3-6jvr: In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Java Management Extensions (JMX) protocol used to communicate b
ghsa_unreviewed·2022-05-13
CVE-2017-8012 [HIGH] GHSA-rg2r-4fr3-6jvr: In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Java Management Extensions (JMX) protocol used to communicate b
In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Java Management Extensions (JMX) protocol used to communicate between components in the Alerting and/or Compliance components can be leveraged to create a denial of service (DoS) condition. Attackers with knowledge of JMX agent user credentials could potentially exploit this vulnerability to create arbitrary files on the affected system and create a DoS condition by leveraging inherent JMX protocol capabilities.
OSV
zookeeper vulnerabilities
osv·2021-03-15·CVSS 8.1
CVE-2016-5017 zookeeper vulnerabilities
zookeeper vulnerabilities
It was discovered that Apache ZooKeeper incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a denial of service or
other unspecified impact. (CVE-2016-5017)
It was discovered that Apache ZooKeeper incorrectly implemented "wchp/wchc"
commands. An attacker could possibly use this issue to cause a denial of
service. (CVE-2017-5637)
It was discovered that Apache Zookeeper incorrectly handled clusters. An
attacker could possibly use this issue to obtain sensitive information.
This issue only affected Ubuntu 16.04 ESM. (CVE-2018-8012)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://seclists.org/fulldisclosure/2017/Sep/51http://www.securityfocus.com/bid/100982http://www.securitytracker.com/id/1039417http://www.securitytracker.com/id/1039418http://seclists.org/fulldisclosure/2017/Sep/51http://www.securityfocus.com/bid/100982http://www.securitytracker.com/id/1039417http://www.securitytracker.com/id/1039418
2017-09-22
Published