Vulnerability Details : CVE-2017-8007
In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Webservice Gateway is affected by a directory traversal vulnerability. Attackers with knowledge of Webservice Gateway credentials could potentially exploit this vulnerability to access unauthorized information, and modify or delete data, by supplying specially crafted strings in input parameters of the web service call.
Vulnerability category: Directory traversal
Products affected by CVE-2017-8007
- cpe:2.3:a:dell:emc_vipr_srm:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:emc_storage_monitoring_and_reporting:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:emc_m\&r:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:emc_vnx_monitoring_and_reporting:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-8007
0.27%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 68 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-8007
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST | |
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2017-8007
-
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-8007
-
http://www.securitytracker.com/id/1039418
EMC M&R Watch4net for SAS Solution Packs WebService Gateway Directory Traversal Flaw Lets Remote Authenticated Users Access and Modify Data and JMX Protocol Flaw Lets Remote Users Deny Service - SecurThird Party Advisory;VDB Entry
-
http://seclists.org/fulldisclosure/2017/Sep/51
Full Disclosure: ESA-2017-081: EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R (Watch4Net) for SAS Solution Packs Multiple VulnerabilitiesMailing List;Third Party Advisory
-
http://www.securitytracker.com/id/1039417
EMC ViPR SRM WebService Gateway Directory Traversal Flaw Lets Remote Authenticated Users Access and Modify Data and JMX Protocol Flaw Lets Remote Users Deny Service - SecurityTrackerThird Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/100957
Multiple EMC Products CVE-2017-8007 Directory Traversal VulnerabilityThird Party Advisory;VDB Entry
Jump to