Description
EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R for SAS Solution Packs (EMC ViPR SRM prior to 4.1, EMC Storage M&R prior to 4.1, EMC VNX M&R all versions, EMC M&R (Watch4Net) for SAS Solution Packs all versions) contain undocumented accounts with default passwords for Webservice Gateway and RMI JMX components. A remote attacker with the knowledge of the default password may potentially use these accounts to run arbitrary web service and remote procedure calls on the affected system.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1038905
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/99555
Mailing List, Third Party Advisory x_refsource_confirm
http://seclists.org/fulldisclosure/2017/Jul/21
Scores
CVSS v3
9.8
EPSS
0.1565
EPSS Percentile
94.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-798
Status
published
Products (5)
dell/emc_m\&r
dell/emc_storage_monitoring_and_reporting
4.0.2
dell/emc_vipr_srm
< 4.0.2
dell/emc_vnx_monitoring_and_reporting
n/a/EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R (Watch4Net)
EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R (Watch4Net)
Published
Jul 17, 2017
Tracked Since
Feb 18, 2026