CVE-2017-8007
HIGHEMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) Path Traversal via Webservice Gateway
Title source: llmDescription
In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Webservice Gateway is affected by a directory traversal vulnerability. Attackers with knowledge of Webservice Gateway credentials could potentially exploit this vulnerability to access unauthorized information, and modify or delete data, by supplying specially crafted strings in input parameters of the web service call.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/100957
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1039418
Mailing List, Third Party Advisory x_refsource_confirm
http://seclists.org/fulldisclosure/2017/Sep/51
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1039417
Scores
CVSS v3
8.8
EPSS
0.0164
EPSS Percentile
82.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-22
Status
published
Products (5)
dell/emc_m\&r
dell/emc_storage_monitoring_and_reporting
dell/emc_vipr_srm
< 4.0.2
dell/emc_vnx_monitoring_and_reporting
n/a/EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R (Watch4Net) for SAS Solution Packs
EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R (Watch4Net) for SAS Solution Packs
Published
Sep 22, 2017
Tracked Since
Feb 18, 2026