Directory traversal in Dell products - CVE-2017-8007
Published: September 22, 2017
Vulnerability identifier: #VU8570
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-8007
CWE-ID: CWE-22
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Dell
Affected software:
Storage M&R
VNX M&R
EMC M&R (Watch4Net)
EMC ViPR SRM
Storage M&R
VNX M&R
EMC M&R (Watch4Net)
EMC ViPR SRM
Detailed vulnerability description
The vulnerability allows a remote authenticated attacker to access information on the target system.
The weakness exists due to directory traversal in Webservice Gateway. A remote attacker can with knowledge of Webservice Gateway credentials can supply specially crafted strings in input parameters of the web service call to access, modify or delete data.
The weakness exists due to directory traversal in Webservice Gateway. A remote attacker can with knowledge of Webservice Gateway credentials can supply specially crafted strings in input parameters of the web service call to access, modify or delete data.
How to mitigate CVE-2017-8007
Update the software to version 4.1.
Install 6.7.x fox for EMC M&R Watch4net for SAS Solution Packs.
Install 6.7.x fox for EMC M&R Watch4net for SAS Solution Packs.