Path traversal in Dell EMC Data Protection Advisor
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2016-8211 |
| CWE-ID | CWE-22 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
EMC Data Protection Advisor Server applications / Other server solutions |
| Vendor | Dell |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Path traversal
EUVDB-ID: #VU39746
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2016-8211
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
EMC Data Protection Advisor 6.1.x, EMC Data Protection Advisor 6.2, EMC Data Protection Advisor 6.2.1, EMC Data Protection Advisor 6.2.2, EMC Data Protection Advisor 6.2.3 prior to patch 446 has a path traversal vulnerability that may potentially be exploited by malicious users to compromise the affected system.
MitigationInstall update from vendor's website.
Vulnerable software versionsEMC Data Protection Advisor: 6.1 - 6.2.3
CPE2.3- cpe:2.3:a:dell:emc_data_protection_advisor:6.1:*:*:*:*:*:*:*
- cpe:2.3:a:dell:emc_data_protection_advisor:6.2:*:*:*:*:*:*:*
- cpe:2.3:a:dell:emc_data_protection_advisor:6.2.1:*:*:*:*:*:*:*
https://www.securityfocus.com/archive/1/540067/30/0/threaded
https://www.securityfocus.com/bid/95833
https://www.securitytracker.com/id/1037729
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
