CVE-2017-8007

high

Description

In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Webservice Gateway is affected by a directory traversal vulnerability. Attackers with knowledge of Webservice Gateway credentials could potentially exploit this vulnerability to access unauthorized information, and modify or delete data, by supplying specially crafted strings in input parameters of the web service call.

References

http://www.securitytracker.com/id/1039418

http://www.securitytracker.com/id/1039417

http://www.securityfocus.com/bid/100957

http://seclists.org/fulldisclosure/2017/Sep/51

Details

Source: Mitre, NVD

Published: 2017-09-22

Updated: 2021-09-13

Risk Information

CVSS v2

Base Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High