Vulnerability Description
In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Webservice Gateway is affected by a directory traversal vulnerability. Attackers with knowledge of Webservice Gateway credentials could potentially exploit this vulnerability to access unauthorized information, and modify or delete data, by supplying specially crafted strings in input parameters of the web service call.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dell | Emc M\&R | All versions |
| Dell | Emc Storage Monitoring And Reporting | All versions |
| Dell | Emc Vipr Srm | <= 4.0.2 |
| Dell | Emc Vnx Monitoring And Reporting | All versions |
Related Weaknesses (CWE)
References
- http://seclists.org/fulldisclosure/2017/Sep/51Mailing ListThird Party Advisory
- http://www.securityfocus.com/bid/100957Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1039417Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1039418Third Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2017/Sep/51Mailing ListThird Party Advisory
- http://www.securityfocus.com/bid/100957Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1039417Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1039418Third Party AdvisoryVDB Entry
FAQ
What is CVE-2017-8007?
CVE-2017-8007 is a vulnerability with a CVSS score of 8.8 (HIGH). In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Webservice Gateway is affected by a directory traversal vulnerability. Attackers with knowledge of Webservice Gat...
How severe is CVE-2017-8007?
CVE-2017-8007 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-8007?
Check the references section above for vendor advisories and patch information. Affected products include: Dell Emc M\&R, Dell Emc Storage Monitoring And Reporting, Dell Emc Vipr Srm, Dell Emc Vnx Monitoring And Reporting.