Lucene search

[email protected]NVD:CVE-2017-10949

HistoryAug 04, 2017 - 3:29 p.m.

CVE-2017-10949

2017-08-0415:29:00

CWE-22

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.08

Percentile

94.3%

JSON

Directory Traversal in Dell Storage Manager 2016 R2.1 causes Information Disclosure when the doGet method of the EmWebsiteServlet class doesn’t properly validate user provided path before using it in file operations. Was ZDI-CAN-4459.

Affected configurations

Nvd

Node

dellstorage_manager_2016Matchr2.1

VendorProductVersionCPE
dellstorage_manager_2016r2.1cpe:2.3:a:dell:storage_manager_2016:r2.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dell	storage_manager_2016	r2.1	cpe:2.3:a:dell:storage_manager_2016:r2.1:::::::*

References

topics-cdn.dell.com/pdf/dell-compellent-sc8000_release%20notes24_en-us.pdf

www.securityfocus.com/bid/100138

www.zerodayinitiative.com/advisories/ZDI-17-523

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.08

Percentile

94.3%

JSON

Related for NVD:CVE-2017-10949

prion1 checkpoint_advisories1 cvelist1 cve1 zdi1