CVE-2017-8007 - OpenCVE

In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Webservice Gateway is affected by a directory traversal vulnerability. Attackers with knowledge of Webservice Gateway credentials could potentially exploit this vulnerability to access unauthorized information, and modify or delete data, by supplying specially crafted strings in input parameters of the web service call.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Dell	Emc M\&r Emc Storage Monitoring And Reporting Emc Vipr Srm Emc Vnx Monitoring And Reporting

Configuration 1 [-]

OR	cpe:2.3:a:dell:emc_m\&r::::::::
	cpe:2.3:a:dell:emc_storage_monitoring_and_reporting::::::::
	cpe:2.3:a:dell:emc_vipr_srm::::::::
	cpe:2.3:a:dell:emc_vnx_monitoring_and_reporting::::::::

No data.

References

Link	Providers
http://seclists.org/fulldisclosure/2017/Sep/51
http://www.securityfocus.com/bid/100957
http://www.securitytracker.com/id/1039417
http://www.securitytracker.com/id/1039418

History

No history.

MITRE

Status: PUBLISHED

Assigner: dell

Published: 2017-09-22T01:00:00

Updated: 2024-08-05T16:19:29.489Z

Reserved: 2017-04-21T00:00:00

Link: CVE-2017-8007

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2017-09-22T01:29:25.467

Modified: 2021-09-13T12:07:16.703

Link: CVE-2017-8007

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R (Watch4Net) for SAS Solution Packs", "vendor": "n/a", "versions": [{"status": "affected", "version": "EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R (Watch4Net) for SAS Solution Packs"}]}], "datePublic": "2017-09-21T00:00:00", "descriptions": [{"lang": "en", "value": "In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Webservice Gateway is affected by a directory traversal vulnerability. Attackers with knowledge of Webservice Gateway credentials could potentially exploit this vulnerability to access unauthorized information, and modify or delete data, by supplying specially crafted strings in input parameters of the web service call."}], "problemTypes": [{"descriptions": [{"description": "Directory Traversal", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-23T09:57:01", "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell"}, "references": [{"name": "100957", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/100957"}, {"name": "1039418", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1039418"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://seclists.org/fulldisclosure/2017/Sep/51"}, {"name": "1039417", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1039417"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security_alert@emc.com", "ID": "CVE-2017-8007", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R (Watch4Net) for SAS Solution Packs", "version": {"version_data": [{"version_value": "EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R (Watch4Net) for SAS Solution Packs"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Webservice Gateway is affected by a directory traversal vulnerability. Attackers with knowledge of Webservice Gateway credentials could potentially exploit this vulnerability to access unauthorized information, and modify or delete data, by supplying specially crafted strings in input parameters of the web service call."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Directory Traversal"}]}]}, "references": {"reference_data": [{"name": "100957", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100957"}, {"name": "1039418", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1039418"}, {"name": "http://seclists.org/fulldisclosure/2017/Sep/51", "refsource": "CONFIRM", "url": "http://seclists.org/fulldisclosure/2017/Sep/51"}, {"name": "1039417", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1039417"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T16:19:29.489Z"}, "title": "CVE Program Container", "references": [{"name": "100957", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/100957"}, {"name": "1039418", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1039418"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2017/Sep/51"}, {"name": "1039417", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1039417"}]}]}, "cveMetadata": {"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "assignerShortName": "dell", "cveId": "CVE-2017-8007", "datePublished": "2017-09-22T01:00:00", "dateReserved": "2017-04-21T00:00:00", "dateUpdated": "2024-08-05T16:19:29.489Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dell:emc_m\\&r:*:*:*:*:*:*:*:*", "matchCriteriaId": "4257D51A-8593-43F5-9C39-1D0BA9DD2C0F", "vulnerable": true}, {"criteria": "cpe:2.3:a:dell:emc_storage_monitoring_and_reporting:*:*:*:*:*:*:*:*", "matchCriteriaId": "B368A32D-4310-476A-A012-67D9A77D4EC8", "vulnerable": true}, {"criteria": "cpe:2.3:a:dell:emc_vipr_srm:*:*:*:*:*:*:*:*", "matchCriteriaId": "15CDF8E3-4681-48E5-A0D3-CF40E301D23C", "versionEndIncluding": "4.0.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:dell:emc_vnx_monitoring_and_reporting:*:*:*:*:*:*:*:*", "matchCriteriaId": "D7DC88D9-BBC4-47B7-83D4-6958FDD6FF55", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Webservice Gateway is affected by a directory traversal vulnerability. Attackers with knowledge of Webservice Gateway credentials could potentially exploit this vulnerability to access unauthorized information, and modify or delete data, by supplying specially crafted strings in input parameters of the web service call."}, {"lang": "es", "value": "En EMC ViPR SRM, Storage MR, VNX MR y MR (Watch4Net) para SAS Solution Packs, la puerta de enlace del servicio web se ha visto afectado por una vulnerabilidad de salto de directorio. Los atacantes que conozcan las credenciales de la puerta de enlace del servicio web podr\u00edan explotar esta vulnerabilidad para acceder a informaci\u00f3n no autorizada y modificar o borrar datos proporcionando strings especialmente manipuladas en par\u00e1metros de entrada de la llamada del servicio web."}], "id": "CVE-2017-8007", "lastModified": "2021-09-13T12:07:16.703", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-09-22T01:29:25.467", "references": [{"source": "security_alert@emc.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2017/Sep/51"}, {"source": "security_alert@emc.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/100957"}, {"source": "security_alert@emc.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1039417"}, {"source": "security_alert@emc.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1039418"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}