var-201709-1103
Vulnerability from variot
In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Webservice Gateway is affected by a directory traversal vulnerability. Attackers with knowledge of Webservice Gateway credentials could potentially exploit this vulnerability to access unauthorized information, and modify or delete data, by supplying specially crafted strings in input parameters of the web service call. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Dell EMC VNX Monitoring and Reporting. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.The specific flaw exists within Scheduler.class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute arbitrary code under the context of SYSTEM. EMCViPRSRM and other products are products of American company. EMCViPRSRM is a set of storage resource management software. StorageM&R is a data storage collector. WebserviceGateway is one of the gateways. A remote attacker could use the vulnerability to access information, change or delete data by sending a request with a directory traversal sequence of \342\200\230../\342\200\231. Remote attackers can use specially crafted requests with directory-traversal sequences ('../') to read arbitrary files in the context of the application. This may aid in further attacks. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
ESA-2017-081: EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R (Watch4Net) for SAS Solution Packs Multiple Vulnerabilities
EMC Identifier: ESA-2017-081
CVE Identifier: CVE-2017-8007, CVE-2017-8012
Severity Rating: CVSS Base Score: See below for individual scores.
CVSSv3 Base Score: 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
- JMX Denial of Service Vulnerability (CVE-2017-8012) The Java Management Extensions (JMX) protocol used to communicate between components in the Alerting and/or Compliance components in these products can be leveraged to create a denial of service (DoS) condition. Please see ESA-2017-089 for more details on how to change the credentials.
- Customers are strongly advised to review product documentation and use firewall controls to limit access to WebService Gateway and all other internal ports only to those servers that require access to them. o For vApp installations, please review Knowledge Base article 503844 (https://support.emc.com/kb/503844) for guidance on making firewall changes within the vApp.
Mitigation information for CVE-2017-8012 for all customers: * Change any default JMX agent credentials. Please see ESA-2017-089 for more details on how to change the credentials. * Review product documentation and use firewall controls to limit access to the JMX ports and all other internal ports only to those servers that require access to them. o For vApp installations, please review Knowledge Base article 503844 (https://support.emc.com/kb/503844) for guidance on making firewall changes within the vApp. * Future releases will contain further measures to remove or harden communication via the JMX protocol. EMC VNX M&R customers must migrate to EMC Storage M&R version 4.1 or later to receive future security fixes.
Link to remedies:
-
For EMC ViPR SRM and EMC Storage M&R, registered EMC Online Support customers can download patches and software from support.emc.com at: https://support.emc.com/downloads/34247_ViPR-SRM.
-
For EMC M&R (Watch4Net) for SAS Solution Packs, registered EMC Online Support customers can download patches and software from support.emc.com at: https://support.emc.com/downloads/6175_Smarts-Service-Assurance-Manager
-
For VNX M&R, registered EMC Online Support customers can follow the mitigation steps described above.
Credits: EMC would like to thank rgod working with Trend Micro's Zero Day Initiative for reporting these vulnerabilities.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2
iQEcBAEBCAAGBQJZwl9WAAoJEHbcu+fsE81ZLegH+wU8RTmKZt33ThZsOJcGekEJ CuD+v/JawNGDxK6nheFPreMa/IQRTTskGeVmbqypcV6Gh5pfx711OYzMnXBsufqH LNNywQ6q1hsM5LPYkZ1hu9bHcotM5Uvd80Lpsld1xU3TGbU+ruULPK2WY1QHcIyL IvU43HW803SCTS5lNaL+OKX3Coa+UUW1t7psJ0mVdCC3U19Qh+RrZPSnyHBThe5Z Btho0WoKauY+jqO6RxML+BT8D02Dn/+kjnlWyaca0QTXu8k0oEBqLI+vnO+KJCKY HxkxI1uvWsWy+z7x3MdsatFCl9ksMpXsWBoPR4EgZGbebDX38R9+ww/ryWQDPQ8= =jk2j -----END PGP SIGNATURE-----
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "emc vnx monitoring and reporting",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "*"
},
{
"_id": null,
"model": "emc vipr srm",
"scope": "lte",
"trust": 1.0,
"vendor": "dell",
"version": "4.0.2"
},
{
"_id": null,
"model": "emc m\\\u0026r",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "*"
},
{
"_id": null,
"model": "emc storage monitoring and reporting",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "*"
},
{
"_id": null,
"model": "m\u0026r",
"scope": "eq",
"trust": 0.8,
"vendor": "dell emc old emc",
"version": "(watch4net) for sas solution packs"
},
{
"_id": null,
"model": "storage m\u0026r",
"scope": null,
"trust": 0.8,
"vendor": "dell emc old emc",
"version": null
},
{
"_id": null,
"model": "vnx m\u0026r",
"scope": null,
"trust": 0.8,
"vendor": "dell emc old emc",
"version": null
},
{
"_id": null,
"model": "vipr srm",
"scope": null,
"trust": 0.8,
"vendor": "dell emc old emc",
"version": null
},
{
"_id": null,
"model": "vnx monitoring and reporting",
"scope": null,
"trust": 0.7,
"vendor": "dell emc",
"version": null
},
{
"_id": null,
"model": "vipr srm",
"scope": null,
"trust": 0.6,
"vendor": "emc",
"version": null
},
{
"_id": null,
"model": "m\u0026r for sas solution packs",
"scope": null,
"trust": 0.6,
"vendor": "emc",
"version": null
},
{
"_id": null,
"model": "storage m\u0026r",
"scope": null,
"trust": 0.6,
"vendor": "emc",
"version": null
},
{
"_id": null,
"model": "vnx m\u0026r",
"scope": null,
"trust": 0.6,
"vendor": "emc",
"version": null
},
{
"_id": null,
"model": "storage m\\\u0026r",
"scope": null,
"trust": 0.6,
"vendor": "emc",
"version": null
},
{
"_id": null,
"model": "vnx m\\\u0026r",
"scope": null,
"trust": 0.6,
"vendor": "emc",
"version": null
},
{
"_id": null,
"model": "vipr srm",
"scope": "eq",
"trust": 0.6,
"vendor": "emc",
"version": "4.0.2"
},
{
"_id": null,
"model": "m\\\u0026r",
"scope": null,
"trust": 0.6,
"vendor": "emc",
"version": null
},
{
"_id": null,
"model": "vipr srm",
"scope": "eq",
"trust": 0.3,
"vendor": "emc",
"version": "3.6.3"
},
{
"_id": null,
"model": "vipr srm",
"scope": "eq",
"trust": 0.3,
"vendor": "emc",
"version": "3.6.4"
},
{
"_id": null,
"model": "vipr srm",
"scope": "eq",
"trust": 0.3,
"vendor": "emc",
"version": "3.6.1"
},
{
"_id": null,
"model": "vipr srm",
"scope": "eq",
"trust": 0.3,
"vendor": "emc",
"version": "3.7.2"
},
{
"_id": null,
"model": "vipr srm",
"scope": "eq",
"trust": 0.3,
"vendor": "emc",
"version": "3.6.0"
},
{
"_id": null,
"model": "vipr srm",
"scope": "eq",
"trust": 0.3,
"vendor": "emc",
"version": "3.7.1"
},
{
"_id": null,
"model": "vipr srm",
"scope": "eq",
"trust": 0.3,
"vendor": "emc",
"version": "3.6.2"
},
{
"_id": null,
"model": "vipr srm",
"scope": "eq",
"trust": 0.3,
"vendor": "emc",
"version": "3.7"
},
{
"_id": null,
"model": "vipr srm",
"scope": "ne",
"trust": 0.3,
"vendor": "emc",
"version": "4.1"
},
{
"_id": null,
"model": "storage m\u0026r",
"scope": "eq",
"trust": 0.3,
"vendor": "emc",
"version": "0"
},
{
"_id": null,
"model": "m\u0026r for sas solution packs",
"scope": "eq",
"trust": 0.3,
"vendor": "emc",
"version": "0"
},
{
"_id": null,
"model": "vnx m\u0026r",
"scope": "eq",
"trust": 0.3,
"vendor": "emc",
"version": "0"
},
{
"_id": null,
"model": "storage m\u0026r",
"scope": "ne",
"trust": 0.3,
"vendor": "emc",
"version": "4.1"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-827"
},
{
"db": "CNVD",
"id": "CNVD-2017-35396"
},
{
"db": "BID",
"id": "100957"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008470"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1083"
},
{
"db": "NVD",
"id": "CVE-2017-8007"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:emc:m%26r",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:emc:storage_m%26r",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:emc:vnx_m%26r",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:emc:vipr_srm",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008470"
}
]
},
"credits": {
"_id": null,
"data": "rgod working with Trend Micro\u0027s Zero Day Initiative",
"sources": [
{
"db": "BID",
"id": "100957"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1083"
}
],
"trust": 0.9
},
"cve": "CVE-2017-8007",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2017-8007",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "ZDI",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2017-8007",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CNVD-2017-35396",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2017-8007",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-8007",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-8007",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-8007",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2017-8007",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-35396",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-1083",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-827"
},
{
"db": "CNVD",
"id": "CNVD-2017-35396"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008470"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1083"
},
{
"db": "NVD",
"id": "CVE-2017-8007"
}
]
},
"description": {
"_id": null,
"data": "In EMC ViPR SRM, Storage M\u0026R, VNX M\u0026R, and M\u0026R (Watch4Net) for SAS Solution Packs, the Webservice Gateway is affected by a directory traversal vulnerability. Attackers with knowledge of Webservice Gateway credentials could potentially exploit this vulnerability to access unauthorized information, and modify or delete data, by supplying specially crafted strings in input parameters of the web service call. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Dell EMC VNX Monitoring and Reporting. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.The specific flaw exists within Scheduler.class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute arbitrary code under the context of SYSTEM. EMCViPRSRM and other products are products of American company. EMCViPRSRM is a set of storage resource management software. StorageM\u0026R is a data storage collector. WebserviceGateway is one of the gateways. A remote attacker could use the vulnerability to access information, change or delete data by sending a request with a directory traversal sequence of \\342\\200\\230../\\342\\200\\231. \nRemote attackers can use specially crafted requests with directory-traversal sequences (\u0027../\u0027) to read arbitrary files in the context of the application. This may aid in further attacks. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nESA-2017-081: EMC ViPR SRM, EMC Storage M\u0026R, EMC VNX M\u0026R, EMC M\u0026R (Watch4Net) for SAS Solution Packs Multiple Vulnerabilities \n\nEMC Identifier: ESA-2017-081\nCVE Identifier: CVE-2017-8007, CVE-2017-8012\t\nSeverity Rating: CVSS Base Score: See below for individual scores. \n\nCVSSv3 Base Score: 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\n*\tJMX Denial of Service Vulnerability (CVE-2017-8012)\nThe Java Management Extensions (JMX) protocol used to communicate between components in the Alerting and/or Compliance components in these products can be leveraged to create a denial of service (DoS) condition. Please see ESA-2017-089 for more details on how to change the credentials. \n*\tCustomers are strongly advised to review product documentation and use firewall controls to limit access to WebService Gateway and all other internal ports only to those servers that require access to them. \no\tFor vApp installations, please review Knowledge Base article 503844 (https://support.emc.com/kb/503844) for guidance on making firewall changes within the vApp. \n\nMitigation information for CVE-2017-8012 for all customers:\n*\tChange any default JMX agent credentials. Please see ESA-2017-089 for more details on how to change the credentials. \n*\tReview product documentation and use firewall controls to limit access to the JMX ports and all other internal ports only to those servers that require access to them. \no\tFor vApp installations, please review Knowledge Base article 503844 (https://support.emc.com/kb/503844) for guidance on making firewall changes within the vApp. \n*\tFuture releases will contain further measures to remove or harden communication via the JMX protocol. EMC VNX M\u0026R customers must migrate to EMC Storage M\u0026R version 4.1 or later to receive future security fixes. \n\nLink to remedies:\n\n*\tFor EMC ViPR SRM and EMC Storage M\u0026R, registered EMC Online Support customers can download patches and software from support.emc.com at: https://support.emc.com/downloads/34247_ViPR-SRM. \n\n*\tFor EMC M\u0026R (Watch4Net) for SAS Solution Packs, registered EMC Online Support customers can download patches and software from support.emc.com at:\nhttps://support.emc.com/downloads/6175_Smarts-Service-Assurance-Manager\n\n*\tFor VNX M\u0026R, registered EMC Online Support customers can follow the mitigation steps described above. \n\n\nCredits: \nEMC would like to thank rgod working with Trend Micro\u0027s Zero Day Initiative for reporting these vulnerabilities. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v2\n\niQEcBAEBCAAGBQJZwl9WAAoJEHbcu+fsE81ZLegH+wU8RTmKZt33ThZsOJcGekEJ\nCuD+v/JawNGDxK6nheFPreMa/IQRTTskGeVmbqypcV6Gh5pfx711OYzMnXBsufqH\nLNNywQ6q1hsM5LPYkZ1hu9bHcotM5Uvd80Lpsld1xU3TGbU+ruULPK2WY1QHcIyL\nIvU43HW803SCTS5lNaL+OKX3Coa+UUW1t7psJ0mVdCC3U19Qh+RrZPSnyHBThe5Z\nBtho0WoKauY+jqO6RxML+BT8D02Dn/+kjnlWyaca0QTXu8k0oEBqLI+vnO+KJCKY\nHxkxI1uvWsWy+z7x3MdsatFCl9ksMpXsWBoPR4EgZGbebDX38R9+ww/ryWQDPQ8=\n=jk2j\n-----END PGP SIGNATURE-----\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-8007"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008470"
},
{
"db": "ZDI",
"id": "ZDI-17-827"
},
{
"db": "CNVD",
"id": "CNVD-2017-35396"
},
{
"db": "BID",
"id": "100957"
},
{
"db": "PACKETSTORM",
"id": "144273"
}
],
"trust": 3.15
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2017-8007",
"trust": 4.1
},
{
"db": "BID",
"id": "100957",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1039417",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1039418",
"trust": 1.6
},
{
"db": "ZDI",
"id": "ZDI-17-827",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008470",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-4754",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-35396",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1083",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "144273",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-827"
},
{
"db": "CNVD",
"id": "CNVD-2017-35396"
},
{
"db": "BID",
"id": "100957"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008470"
},
{
"db": "PACKETSTORM",
"id": "144273"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1083"
},
{
"db": "NVD",
"id": "CVE-2017-8007"
}
]
},
"id": "VAR-201709-1103",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-35396"
}
],
"trust": 0.9749999933333333
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-35396"
}
]
},
"last_update_date": "2024-11-23T22:12:50.698000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://japan.emc.com/about/index.htm"
},
{
"title": "Dell EMC has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "http://seclists.org/fulldisclosure/2017/Sep/51"
},
{
"title": "Patches for a variety of EMC product WebserviceGateway directory traversal vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/106849"
},
{
"title": "Multiple EMC product Webservice Gateway Repair measures for path traversal vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75071"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-827"
},
{
"db": "CNVD",
"id": "CNVD-2017-35396"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008470"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1083"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-22",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008470"
},
{
"db": "NVD",
"id": "CVE-2017-8007"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 4.0,
"url": "http://seclists.org/fulldisclosure/2017/sep/51"
},
{
"trust": 2.2,
"url": "http://www.securityfocus.com/bid/100957"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1039418"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1039417"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8007"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8007"
},
{
"trust": 0.3,
"url": "http://www.emc.com/"
},
{
"trust": 0.3,
"url": "http://www.zerodayinitiative.com/advisories/zdi-17-827/"
},
{
"trust": 0.1,
"url": "https://support.emc.com/downloads/6175_smarts-service-assurance-manager"
},
{
"trust": 0.1,
"url": "https://support.emc.com/kb/503844)"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8012"
},
{
"trust": 0.1,
"url": "https://support.emc.com/downloads/34247_vipr-srm."
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-827"
},
{
"db": "CNVD",
"id": "CNVD-2017-35396"
},
{
"db": "BID",
"id": "100957"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008470"
},
{
"db": "PACKETSTORM",
"id": "144273"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1083"
},
{
"db": "NVD",
"id": "CVE-2017-8007"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-17-827",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2017-35396",
"ident": null
},
{
"db": "BID",
"id": "100957",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008470",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "144273",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1083",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2017-8007",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2017-09-26T00:00:00",
"db": "ZDI",
"id": "ZDI-17-827",
"ident": null
},
{
"date": "2017-11-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-35396",
"ident": null
},
{
"date": "2017-09-20T00:00:00",
"db": "BID",
"id": "100957",
"ident": null
},
{
"date": "2017-10-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008470",
"ident": null
},
{
"date": "2017-09-20T22:33:33",
"db": "PACKETSTORM",
"id": "144273",
"ident": null
},
{
"date": "2017-09-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-1083",
"ident": null
},
{
"date": "2017-09-22T01:29:25.467000",
"db": "NVD",
"id": "CVE-2017-8007",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2017-09-26T00:00:00",
"db": "ZDI",
"id": "ZDI-17-827",
"ident": null
},
{
"date": "2017-11-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-35396",
"ident": null
},
{
"date": "2017-10-03T13:01:00",
"db": "BID",
"id": "100957",
"ident": null
},
{
"date": "2017-10-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008470",
"ident": null
},
{
"date": "2021-09-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-1083",
"ident": null
},
{
"date": "2024-11-21T03:33:09.033000",
"db": "NVD",
"id": "CVE-2017-8007",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-1083"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "plural EMC Product vulnerable to path traversal",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008470"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-1083"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…