CVE-2017-8007

moderate-risk

Published 2017-09-22

In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Webservice Gateway is affected by a directory traversal vulnerability. Attackers with knowledge of Webservice Gateway credentials could potentially exploit this vulnerability to access unauthorized information, and modify or delete data, by supplying specially crafted strings in input parameters of the web service call.

Do I need to act?

1.6% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.8/10 High

NETWORK / LOW complexity

Affected Products (4)

Emc M\&R

Emc Storage Monitoring And Reporting

Emc Vnx Monitoring And Reporting

Emc Vipr Srm

Affected Vendors

Dell

References (8)

Mailing List http://seclists.org/fulldisclosure/2017/Sep/51

Third Party Advisory http://www.securityfocus.com/bid/100957

Third Party Advisory http://www.securitytracker.com/id/1039417

Third Party Advisory http://www.securitytracker.com/id/1039418

Mailing List http://seclists.org/fulldisclosure/2017/Sep/51

Third Party Advisory http://www.securityfocus.com/bid/100957

Third Party Advisory http://www.securitytracker.com/id/1039417

Third Party Advisory http://www.securitytracker.com/id/1039418

/ 100

moderate-risk

Severity 30/34 · Critical

Exploitability 4/34 · Minimal

Exposure 10/34 · Low