what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

EMC Data Protection Advisor SQL Injection / Path Traversal

EMC Data Protection Advisor SQL Injection / Path Traversal
Posted Jul 7, 2017
Authored by rgod | Site emc.com

EMC Data Protection Advisor versions prior to 6.4 suffer from remote SQL injection and path traversal vulnerabilities.

tags | advisory, remote, vulnerability, sql injection
advisories | CVE-2017-8002, CVE-2017-8003
SHA-256 | 05cb312b3d51461c4a374866f6a1305114602a8066f88e5c75ce51159ee2643d

EMC Data Protection Advisor SQL Injection / Path Traversal

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


ESA-2017-075: EMC Data Protection Advisor Multiple Vulnerabilities

EMC Identifier ESA-2017-075

CVE Identifier CVE-2017-8002, CVE-2017-8003

Severity: Medium

Severity Rating: CVSS Base Score View details below for individual CVSS Score for each CVE

Affected products:
EMC Data Protection Advisor versions prior to 6.4

Summary:
A software update to EMC Data Protection Advisor contains fixes for multiple security vulnerabilities that could potentially be exploited by malicious users to compromise the affected system.

Details
Multiple Blind SQL Injection Vulnerabilities (CVE-2017-8002)

EMC Data Protection Advisor contains multiple blind SQL injection vulnerabilities. A remote authenticated attacker may potentially exploit these vulnerabilities to gain information about the application by causing execution of arbitrary SQL commands.

CVSSv3.0 Base Score 6.5 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)


Path Traversal Vulnerability (CVE-2017-8003)

EMC Data Protection Advisor contains a path traversal vulnerability. A remote authenticated high privileged user may potentially exploit this vulnerability to access unauthorized information from the underlying OS server by supplying specially crafted strings in input parameters of the application.

CVSSv3.0 Base Score: 6.8 (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N)


Resolution:
The following EMC Data Protection Advisor release contains resolutions to these vulnerabilities:

EMC Data Protection Advisor version 6.4

EMC recommends all customers upgrade at the earliest opportunity.

Link To Remedies:
Registered EMC Online Support customers can download the required patch from support.emc.com at https://support.emc.com/downloads/829_Data-Protection-Advisor
If you have any questions, contact DELL EMC Support.


Credits:
DELL EMC would like to thank rgod working with Trend Micro's Zero Day Initiative for reporting these vulnerabilities.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJZXkz+AAoJEHbcu+fsE81ZvNEH/0YKEHJ4qAoXc9ZrZOMvDbqE
Di79jtHeikuinWA+E6lyUd+0dblVwEdScEf4NHTBRtLLXxj53LAkey1CUt3hpNoG
oUWghsLKw/YUeXvjn2EDmv85OPKsxGOWNw0HedAt5MqSuJhkOroHTK13FwR+y9sE
XeClCnX86n89e6V0Ac4/ivBmBUUvSDcy5DBkrHBYIbArSjnYzeBFTiKN7YFQjIZz
LJ2nKiUNOeIgI/ziBz4zXoEJXSvP4g5vtwW3Za6NrFZLkIw5KTgLJdRRumh+fJ1N
bU3pa1b/DtxoIvsvUXZ+CBhtt1mEbkO9OyleJtJeIrGDf3E1D1L4lO+l8qWResw=
=D6YP
-----END PGP SIGNATURE-----


Login or Register to add favorites

File Archive:

October 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    10 Files
  • 2
    Oct 2nd
    0 Files
  • 3
    Oct 3rd
    12 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    18 Files
  • 6
    Oct 6th
    16 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close