Path traversal in EMC Data Protection Advisor - CVE-2017-8003
Published: July 10, 2017
Vulnerability identifier: #VU7388
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-8003
CWE-ID: CWE-22
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Dell
Affected software:
EMC Data Protection Advisor
EMC Data Protection Advisor
Detailed vulnerability description
The vulnerability allows a remote authenticated high privileged attacker to obtain potentially sensitive information.
The weakness exists due to improper input validation. A remote attacker can supply specially crafted stings in input parameters, trigger path traversal and read important information on the underlying operating system.
Successful exploitation of the vulnerability results in information disclosure.
The weakness exists due to improper input validation. A remote attacker can supply specially crafted stings in input parameters, trigger path traversal and read important information on the underlying operating system.
Successful exploitation of the vulnerability results in information disclosure.
How to mitigate CVE-2017-8003
Update to version 6.4.