cbcvebase.
CVE-2017-8012
published 2017-09-22

CVE-2017-8012: In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Java Management Extensions (JMX) protocol used to communicate between…

PriorityP343high7.4CVSS 3.1
AVNACHPRNUINSUCNIHAH
EPSS
1.92%
77.4th percentile
In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Java Management Extensions (JMX) protocol used to communicate between components in the Alerting and/or Compliance components can be leveraged to create a denial of service (DoS) condition. Attackers with knowledge of JMX agent user credentials could potentially exploit this vulnerability to create arbitrary files on the affected system and create a DoS condition by leveraging inherent JMX protocol capabilities.

Affected

3 ranges
VendorProductVersion rangeFixed in
apachezookeeper>= 0 < 3.4.5+dfsg-1ubuntu0.1~esm13.4.5+dfsg-1ubuntu0.1~esm1
apachezookeeper>= 0 < 3.4.8-1ubuntu0.1~esm13.4.8-1ubuntu0.1~esm1
dellemc_vipr_srm<= 4.0.2

CVSS provenance

nvdv3.17.4HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
nvdv2.05.8MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:P
osv8.1HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.