CVE-2017-10949

high

Description

Directory Traversal in Dell Storage Manager 2016 R2.1 causes Information Disclosure when the doGet method of the EmWebsiteServlet class doesn't properly validate user provided path before using it in file operations. Was ZDI-CAN-4459.

References

Advisories
More

http://www.zerodayinitiative.com/advisories/ZDI-17-523

http://www.securityfocus.com/bid/100138

http://topics-cdn.dell.com/pdf/dell-compellent-sc8000_release%20notes24_en-us.pdf

Details

Source: Mitre, NVD

Published: 2017-08-04

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High

EPSS

EPSS: 0.054

Detections

Analytics