Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for emc_m\&r by dell

    CVE-2017-8012 (GCVE-0-2017-8012)

    Vulnerability from nvd – Published: 2017-09-22 01:00 – Updated: 2024-08-05 16:19
    VLAI
    Summary
    In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Java Management Extensions (JMX) protocol used to communicate between components in the Alerting and/or Compliance components can be leveraged to create a denial of service (DoS) condition. Attackers with knowledge of JMX agent user credentials could potentially exploit this vulnerability to create arbitrary files on the affected system and create a DoS condition by leveraging inherent JMX protocol capabilities.
    Severity
    No CVSS data available.
    CWE
    • Denial of Service
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id/1039418 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/bid/100982 vdb-entryx_refsource_BID
    http://seclists.org/fulldisclosure/2017/Sep/51 x_refsource_CONFIRM
    http://www.securitytracker.com/id/1039417 vdb-entryx_refsource_SECTRACK
    Impacted products
    Vendor Product Version
    n/a EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R (Watch4Net) for SAS Solution Packs Affected: EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R (Watch4Net) for SAS Solution Packs
    Date Public
    2017-09-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T16:19:29.486Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1039418",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1039418"
              },
              {
                "name": "100982",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/100982"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2017/Sep/51"
              },
              {
                "name": "1039417",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1039417"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "EMC ViPR SRM, EMC Storage M\u0026R, EMC VNX M\u0026R, EMC M\u0026R (Watch4Net) for SAS Solution Packs",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "EMC ViPR SRM, EMC Storage M\u0026R, EMC VNX M\u0026R, EMC M\u0026R (Watch4Net) for SAS Solution Packs"
                }
              ]
            }
          ],
          "datePublic": "2017-09-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In EMC ViPR SRM, Storage M\u0026R, VNX M\u0026R, and M\u0026R (Watch4Net) for SAS Solution Packs, the Java Management Extensions (JMX) protocol used to communicate between components in the Alerting and/or Compliance components can be leveraged to create a denial of service (DoS) condition. Attackers with knowledge of JMX agent user credentials could potentially exploit this vulnerability to create arbitrary files on the affected system and create a DoS condition by leveraging inherent JMX protocol capabilities."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of Service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-26T09:57:01.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "name": "1039418",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1039418"
            },
            {
              "name": "100982",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/100982"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://seclists.org/fulldisclosure/2017/Sep/51"
            },
            {
              "name": "1039417",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1039417"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "ID": "CVE-2017-8012",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "EMC ViPR SRM, EMC Storage M\u0026R, EMC VNX M\u0026R, EMC M\u0026R (Watch4Net) for SAS Solution Packs",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "EMC ViPR SRM, EMC Storage M\u0026R, EMC VNX M\u0026R, EMC M\u0026R (Watch4Net) for SAS Solution Packs"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In EMC ViPR SRM, Storage M\u0026R, VNX M\u0026R, and M\u0026R (Watch4Net) for SAS Solution Packs, the Java Management Extensions (JMX) protocol used to communicate between components in the Alerting and/or Compliance components can be leveraged to create a denial of service (DoS) condition. Attackers with knowledge of JMX agent user credentials could potentially exploit this vulnerability to create arbitrary files on the affected system and create a DoS condition by leveraging inherent JMX protocol capabilities."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Denial of Service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1039418",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1039418"
                },
                {
                  "name": "100982",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/100982"
                },
                {
                  "name": "http://seclists.org/fulldisclosure/2017/Sep/51",
                  "refsource": "CONFIRM",
                  "url": "http://seclists.org/fulldisclosure/2017/Sep/51"
                },
                {
                  "name": "1039417",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1039417"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2017-8012",
        "datePublished": "2017-09-22T01:00:00.000Z",
        "dateReserved": "2017-04-21T00:00:00.000Z",
        "dateUpdated": "2024-08-05T16:19:29.486Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-8007 (GCVE-0-2017-8007)

    Vulnerability from nvd – Published: 2017-09-22 01:00 – Updated: 2024-08-05 16:19
    VLAI
    Summary
    In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Webservice Gateway is affected by a directory traversal vulnerability. Attackers with knowledge of Webservice Gateway credentials could potentially exploit this vulnerability to access unauthorized information, and modify or delete data, by supplying specially crafted strings in input parameters of the web service call.
    Severity
    No CVSS data available.
    CWE
    • Directory Traversal
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/100957 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id/1039418 vdb-entryx_refsource_SECTRACK
    http://seclists.org/fulldisclosure/2017/Sep/51 x_refsource_CONFIRM
    http://www.securitytracker.com/id/1039417 vdb-entryx_refsource_SECTRACK
    Impacted products
    Vendor Product Version
    n/a EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R (Watch4Net) for SAS Solution Packs Affected: EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R (Watch4Net) for SAS Solution Packs
    Date Public
    2017-09-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T16:19:29.489Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "100957",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/100957"
              },
              {
                "name": "1039418",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1039418"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2017/Sep/51"
              },
              {
                "name": "1039417",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1039417"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "EMC ViPR SRM, EMC Storage M\u0026R, EMC VNX M\u0026R, EMC M\u0026R (Watch4Net) for SAS Solution Packs",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "EMC ViPR SRM, EMC Storage M\u0026R, EMC VNX M\u0026R, EMC M\u0026R (Watch4Net) for SAS Solution Packs"
                }
              ]
            }
          ],
          "datePublic": "2017-09-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In EMC ViPR SRM, Storage M\u0026R, VNX M\u0026R, and M\u0026R (Watch4Net) for SAS Solution Packs, the Webservice Gateway is affected by a directory traversal vulnerability. Attackers with knowledge of Webservice Gateway credentials could potentially exploit this vulnerability to access unauthorized information, and modify or delete data, by supplying specially crafted strings in input parameters of the web service call."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Directory Traversal",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-23T09:57:01.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "name": "100957",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/100957"
            },
            {
              "name": "1039418",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1039418"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://seclists.org/fulldisclosure/2017/Sep/51"
            },
            {
              "name": "1039417",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1039417"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "ID": "CVE-2017-8007",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "EMC ViPR SRM, EMC Storage M\u0026R, EMC VNX M\u0026R, EMC M\u0026R (Watch4Net) for SAS Solution Packs",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "EMC ViPR SRM, EMC Storage M\u0026R, EMC VNX M\u0026R, EMC M\u0026R (Watch4Net) for SAS Solution Packs"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In EMC ViPR SRM, Storage M\u0026R, VNX M\u0026R, and M\u0026R (Watch4Net) for SAS Solution Packs, the Webservice Gateway is affected by a directory traversal vulnerability. Attackers with knowledge of Webservice Gateway credentials could potentially exploit this vulnerability to access unauthorized information, and modify or delete data, by supplying specially crafted strings in input parameters of the web service call."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Directory Traversal"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "100957",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/100957"
                },
                {
                  "name": "1039418",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1039418"
                },
                {
                  "name": "http://seclists.org/fulldisclosure/2017/Sep/51",
                  "refsource": "CONFIRM",
                  "url": "http://seclists.org/fulldisclosure/2017/Sep/51"
                },
                {
                  "name": "1039417",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1039417"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2017-8007",
        "datePublished": "2017-09-22T01:00:00.000Z",
        "dateReserved": "2017-04-21T00:00:00.000Z",
        "dateUpdated": "2024-08-05T16:19:29.489Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-8011 (GCVE-0-2017-8011)

    Vulnerability from nvd – Published: 2017-07-17 14:00 – Updated: 2024-08-05 16:19
    VLAI
    Summary
    EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R for SAS Solution Packs (EMC ViPR SRM prior to 4.1, EMC Storage M&R prior to 4.1, EMC VNX M&R all versions, EMC M&R (Watch4Net) for SAS Solution Packs all versions) contain undocumented accounts with default passwords for Webservice Gateway and RMI JMX components. A remote attacker with the knowledge of the default password may potentially use these accounts to run arbitrary web service and remote procedure calls on the affected system.
    Severity
    No CVSS data available.
    CWE
    • undocumented accounts vulnerability
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id/1038905 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/bid/99555 vdb-entryx_refsource_BID
    http://seclists.org/fulldisclosure/2017/Jul/21 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    n/a EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R (Watch4Net) Affected: EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R (Watch4Net)
    Date Public
    2017-07-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T16:19:29.762Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1038905",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038905"
              },
              {
                "name": "99555",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/99555"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2017/Jul/21"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "EMC ViPR SRM, EMC Storage M\u0026R, EMC VNX M\u0026R, EMC M\u0026R (Watch4Net)",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "EMC ViPR SRM, EMC Storage M\u0026R, EMC VNX M\u0026R, EMC M\u0026R (Watch4Net)"
                }
              ]
            }
          ],
          "datePublic": "2017-07-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "EMC ViPR SRM, EMC Storage M\u0026R, EMC VNX M\u0026R, EMC M\u0026R for SAS Solution Packs (EMC ViPR SRM prior to 4.1, EMC Storage M\u0026R prior to 4.1, EMC VNX M\u0026R all versions, EMC M\u0026R (Watch4Net) for SAS Solution Packs all versions) contain undocumented accounts with default passwords for Webservice Gateway and RMI JMX components. A remote attacker with the knowledge of the default password may potentially use these accounts to run arbitrary web service and remote procedure calls on the affected system."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "undocumented accounts vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-18T09:57:01.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "name": "1038905",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038905"
            },
            {
              "name": "99555",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/99555"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://seclists.org/fulldisclosure/2017/Jul/21"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "ID": "CVE-2017-8011",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "EMC ViPR SRM, EMC Storage M\u0026R, EMC VNX M\u0026R, EMC M\u0026R (Watch4Net)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "EMC ViPR SRM, EMC Storage M\u0026R, EMC VNX M\u0026R, EMC M\u0026R (Watch4Net)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "EMC ViPR SRM, EMC Storage M\u0026R, EMC VNX M\u0026R, EMC M\u0026R for SAS Solution Packs (EMC ViPR SRM prior to 4.1, EMC Storage M\u0026R prior to 4.1, EMC VNX M\u0026R all versions, EMC M\u0026R (Watch4Net) for SAS Solution Packs all versions) contain undocumented accounts with default passwords for Webservice Gateway and RMI JMX components. A remote attacker with the knowledge of the default password may potentially use these accounts to run arbitrary web service and remote procedure calls on the affected system."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "undocumented accounts vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1038905",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038905"
                },
                {
                  "name": "99555",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/99555"
                },
                {
                  "name": "http://seclists.org/fulldisclosure/2017/Jul/21",
                  "refsource": "CONFIRM",
                  "url": "http://seclists.org/fulldisclosure/2017/Jul/21"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2017-8011",
        "datePublished": "2017-07-17T14:00:00.000Z",
        "dateReserved": "2017-04-21T00:00:00.000Z",
        "dateUpdated": "2024-08-05T16:19:29.762Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-8007 (GCVE-0-2017-8007)

    Vulnerability from cvelistv5 – Published: 2017-09-22 01:00 – Updated: 2024-08-05 16:19
    VLAI
    Summary
    In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Webservice Gateway is affected by a directory traversal vulnerability. Attackers with knowledge of Webservice Gateway credentials could potentially exploit this vulnerability to access unauthorized information, and modify or delete data, by supplying specially crafted strings in input parameters of the web service call.
    Severity
    No CVSS data available.
    CWE
    • Directory Traversal
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/100957 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id/1039418 vdb-entryx_refsource_SECTRACK
    http://seclists.org/fulldisclosure/2017/Sep/51 x_refsource_CONFIRM
    http://www.securitytracker.com/id/1039417 vdb-entryx_refsource_SECTRACK
    Impacted products
    Vendor Product Version
    n/a EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R (Watch4Net) for SAS Solution Packs Affected: EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R (Watch4Net) for SAS Solution Packs
    Date Public
    2017-09-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T16:19:29.489Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "100957",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/100957"
              },
              {
                "name": "1039418",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1039418"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2017/Sep/51"
              },
              {
                "name": "1039417",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1039417"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "EMC ViPR SRM, EMC Storage M\u0026R, EMC VNX M\u0026R, EMC M\u0026R (Watch4Net) for SAS Solution Packs",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "EMC ViPR SRM, EMC Storage M\u0026R, EMC VNX M\u0026R, EMC M\u0026R (Watch4Net) for SAS Solution Packs"
                }
              ]
            }
          ],
          "datePublic": "2017-09-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In EMC ViPR SRM, Storage M\u0026R, VNX M\u0026R, and M\u0026R (Watch4Net) for SAS Solution Packs, the Webservice Gateway is affected by a directory traversal vulnerability. Attackers with knowledge of Webservice Gateway credentials could potentially exploit this vulnerability to access unauthorized information, and modify or delete data, by supplying specially crafted strings in input parameters of the web service call."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Directory Traversal",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-23T09:57:01.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "name": "100957",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/100957"
            },
            {
              "name": "1039418",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1039418"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://seclists.org/fulldisclosure/2017/Sep/51"
            },
            {
              "name": "1039417",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1039417"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "ID": "CVE-2017-8007",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "EMC ViPR SRM, EMC Storage M\u0026R, EMC VNX M\u0026R, EMC M\u0026R (Watch4Net) for SAS Solution Packs",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "EMC ViPR SRM, EMC Storage M\u0026R, EMC VNX M\u0026R, EMC M\u0026R (Watch4Net) for SAS Solution Packs"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In EMC ViPR SRM, Storage M\u0026R, VNX M\u0026R, and M\u0026R (Watch4Net) for SAS Solution Packs, the Webservice Gateway is affected by a directory traversal vulnerability. Attackers with knowledge of Webservice Gateway credentials could potentially exploit this vulnerability to access unauthorized information, and modify or delete data, by supplying specially crafted strings in input parameters of the web service call."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Directory Traversal"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "100957",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/100957"
                },
                {
                  "name": "1039418",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1039418"
                },
                {
                  "name": "http://seclists.org/fulldisclosure/2017/Sep/51",
                  "refsource": "CONFIRM",
                  "url": "http://seclists.org/fulldisclosure/2017/Sep/51"
                },
                {
                  "name": "1039417",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1039417"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2017-8007",
        "datePublished": "2017-09-22T01:00:00.000Z",
        "dateReserved": "2017-04-21T00:00:00.000Z",
        "dateUpdated": "2024-08-05T16:19:29.489Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-8012 (GCVE-0-2017-8012)

    Vulnerability from cvelistv5 – Published: 2017-09-22 01:00 – Updated: 2024-08-05 16:19
    VLAI
    Summary
    In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Java Management Extensions (JMX) protocol used to communicate between components in the Alerting and/or Compliance components can be leveraged to create a denial of service (DoS) condition. Attackers with knowledge of JMX agent user credentials could potentially exploit this vulnerability to create arbitrary files on the affected system and create a DoS condition by leveraging inherent JMX protocol capabilities.
    Severity
    No CVSS data available.
    CWE
    • Denial of Service
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id/1039418 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/bid/100982 vdb-entryx_refsource_BID
    http://seclists.org/fulldisclosure/2017/Sep/51 x_refsource_CONFIRM
    http://www.securitytracker.com/id/1039417 vdb-entryx_refsource_SECTRACK
    Impacted products
    Vendor Product Version
    n/a EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R (Watch4Net) for SAS Solution Packs Affected: EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R (Watch4Net) for SAS Solution Packs
    Date Public
    2017-09-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T16:19:29.486Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1039418",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1039418"
              },
              {
                "name": "100982",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/100982"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2017/Sep/51"
              },
              {
                "name": "1039417",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1039417"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "EMC ViPR SRM, EMC Storage M\u0026R, EMC VNX M\u0026R, EMC M\u0026R (Watch4Net) for SAS Solution Packs",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "EMC ViPR SRM, EMC Storage M\u0026R, EMC VNX M\u0026R, EMC M\u0026R (Watch4Net) for SAS Solution Packs"
                }
              ]
            }
          ],
          "datePublic": "2017-09-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In EMC ViPR SRM, Storage M\u0026R, VNX M\u0026R, and M\u0026R (Watch4Net) for SAS Solution Packs, the Java Management Extensions (JMX) protocol used to communicate between components in the Alerting and/or Compliance components can be leveraged to create a denial of service (DoS) condition. Attackers with knowledge of JMX agent user credentials could potentially exploit this vulnerability to create arbitrary files on the affected system and create a DoS condition by leveraging inherent JMX protocol capabilities."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of Service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-26T09:57:01.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "name": "1039418",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1039418"
            },
            {
              "name": "100982",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/100982"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://seclists.org/fulldisclosure/2017/Sep/51"
            },
            {
              "name": "1039417",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1039417"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "ID": "CVE-2017-8012",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "EMC ViPR SRM, EMC Storage M\u0026R, EMC VNX M\u0026R, EMC M\u0026R (Watch4Net) for SAS Solution Packs",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "EMC ViPR SRM, EMC Storage M\u0026R, EMC VNX M\u0026R, EMC M\u0026R (Watch4Net) for SAS Solution Packs"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In EMC ViPR SRM, Storage M\u0026R, VNX M\u0026R, and M\u0026R (Watch4Net) for SAS Solution Packs, the Java Management Extensions (JMX) protocol used to communicate between components in the Alerting and/or Compliance components can be leveraged to create a denial of service (DoS) condition. Attackers with knowledge of JMX agent user credentials could potentially exploit this vulnerability to create arbitrary files on the affected system and create a DoS condition by leveraging inherent JMX protocol capabilities."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Denial of Service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1039418",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1039418"
                },
                {
                  "name": "100982",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/100982"
                },
                {
                  "name": "http://seclists.org/fulldisclosure/2017/Sep/51",
                  "refsource": "CONFIRM",
                  "url": "http://seclists.org/fulldisclosure/2017/Sep/51"
                },
                {
                  "name": "1039417",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1039417"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2017-8012",
        "datePublished": "2017-09-22T01:00:00.000Z",
        "dateReserved": "2017-04-21T00:00:00.000Z",
        "dateUpdated": "2024-08-05T16:19:29.486Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-8011 (GCVE-0-2017-8011)

    Vulnerability from cvelistv5 – Published: 2017-07-17 14:00 – Updated: 2024-08-05 16:19
    VLAI
    Summary
    EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R for SAS Solution Packs (EMC ViPR SRM prior to 4.1, EMC Storage M&R prior to 4.1, EMC VNX M&R all versions, EMC M&R (Watch4Net) for SAS Solution Packs all versions) contain undocumented accounts with default passwords for Webservice Gateway and RMI JMX components. A remote attacker with the knowledge of the default password may potentially use these accounts to run arbitrary web service and remote procedure calls on the affected system.
    Severity
    No CVSS data available.
    CWE
    • undocumented accounts vulnerability
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id/1038905 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/bid/99555 vdb-entryx_refsource_BID
    http://seclists.org/fulldisclosure/2017/Jul/21 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    n/a EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R (Watch4Net) Affected: EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R (Watch4Net)
    Date Public
    2017-07-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T16:19:29.762Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1038905",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038905"
              },
              {
                "name": "99555",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/99555"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2017/Jul/21"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "EMC ViPR SRM, EMC Storage M\u0026R, EMC VNX M\u0026R, EMC M\u0026R (Watch4Net)",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "EMC ViPR SRM, EMC Storage M\u0026R, EMC VNX M\u0026R, EMC M\u0026R (Watch4Net)"
                }
              ]
            }
          ],
          "datePublic": "2017-07-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "EMC ViPR SRM, EMC Storage M\u0026R, EMC VNX M\u0026R, EMC M\u0026R for SAS Solution Packs (EMC ViPR SRM prior to 4.1, EMC Storage M\u0026R prior to 4.1, EMC VNX M\u0026R all versions, EMC M\u0026R (Watch4Net) for SAS Solution Packs all versions) contain undocumented accounts with default passwords for Webservice Gateway and RMI JMX components. A remote attacker with the knowledge of the default password may potentially use these accounts to run arbitrary web service and remote procedure calls on the affected system."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "undocumented accounts vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-18T09:57:01.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "name": "1038905",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038905"
            },
            {
              "name": "99555",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/99555"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://seclists.org/fulldisclosure/2017/Jul/21"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "ID": "CVE-2017-8011",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "EMC ViPR SRM, EMC Storage M\u0026R, EMC VNX M\u0026R, EMC M\u0026R (Watch4Net)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "EMC ViPR SRM, EMC Storage M\u0026R, EMC VNX M\u0026R, EMC M\u0026R (Watch4Net)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "EMC ViPR SRM, EMC Storage M\u0026R, EMC VNX M\u0026R, EMC M\u0026R for SAS Solution Packs (EMC ViPR SRM prior to 4.1, EMC Storage M\u0026R prior to 4.1, EMC VNX M\u0026R all versions, EMC M\u0026R (Watch4Net) for SAS Solution Packs all versions) contain undocumented accounts with default passwords for Webservice Gateway and RMI JMX components. A remote attacker with the knowledge of the default password may potentially use these accounts to run arbitrary web service and remote procedure calls on the affected system."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "undocumented accounts vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1038905",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038905"
                },
                {
                  "name": "99555",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/99555"
                },
                {
                  "name": "http://seclists.org/fulldisclosure/2017/Jul/21",
                  "refsource": "CONFIRM",
                  "url": "http://seclists.org/fulldisclosure/2017/Jul/21"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2017-8011",
        "datePublished": "2017-07-17T14:00:00.000Z",
        "dateReserved": "2017-04-21T00:00:00.000Z",
        "dateUpdated": "2024-08-05T16:19:29.762Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }