SQL injection in EMC Data Protection Advisor - CVE-2017-8002
Published: July 10, 2017 / Updated: August 30, 2017
Vulnerability identifier: #VU7387
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-8002
CWE-ID: CWE-89
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Dell
Affected software:
EMC Data Protection Advisor
EMC Data Protection Advisor
Detailed vulnerability description
The vulnerability allows a remote authenticated attacker to execute SQL commands on the target system.
The weakness exists within the EMC DPA Application service, which listens on TCP port 9002 by default due to improper input validation. A remote attacker can supply a specially crafted parameter value to execute SQL commands on the underlying database and obtain information about the application.
Successful exploitation of the vulnerability results in information disclosure.
The weakness exists within the EMC DPA Application service, which listens on TCP port 9002 by default due to improper input validation. A remote attacker can supply a specially crafted parameter value to execute SQL commands on the underlying database and obtain information about the application.
Successful exploitation of the vulnerability results in information disclosure.
How to mitigate CVE-2017-8002
Update to version 6.4.