CVE-2017-10949
HIGHDell Storage Manager 2016 R2.1 - Path Traversal in EmWebsiteServlet doGet Method
Title source: llmDescription
Directory Traversal in Dell Storage Manager 2016 R2.1 causes Information Disclosure when the doGet method of the EmWebsiteServlet class doesn't properly validate user provided path before using it in file operations. Was ZDI-CAN-4459.
References (3)
Core 3
Core References
Release Notes, Vendor Advisory x_refsource_misc
http://topics-cdn.dell.com/pdf/dell-compellent-sc8000_release%20notes24_en-us.pdf
Third Party Advisory, VDB Entry x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-17-523
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/100138
Scores
CVSS v3
7.5
EPSS
0.1801
EPSS Percentile
95.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-22
Status
published
Products (2)
dell/storage_manager_2016
r2.1
Zero Day Initiative/Dell Storage Manager
2016 R2.1
Published
Aug 04, 2017
Tracked Since
Feb 18, 2026