Description
The FileUploadController servlet in EMC Connectrix Manager Converged Network Edition (CMCNE) before 12.1.5 does not properly restrict additions to the Connectrix Manager repository, which allows remote attackers to obtain sensitive information by importing a crafted firmware file.
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1029939
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/57513
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/66308
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/91987
Third Party Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2014-03/0115.html
Scores
EPSS
0.0043
EPSS Percentile
63.0%
Details
CWE
CWE-264
Status
published
Products (1)
emc/connectrix_manager
< 12.1.2
Published
Mar 21, 2014
Tracked Since
Feb 18, 2026