CVE-2017-8007

Description

In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Webservice Gateway is affected by a directory traversal vulnerability. Attackers with knowledge of Webservice Gateway credentials could potentially exploit this vulnerability to access unauthorized information, and modify or delete data, by supplying specially crafted strings in input parameters of the web service call.

References

Link	Tags
http://www.securityfocus.com/bid/100957	vdb entry third party advisory
http://www.securitytracker.com/id/1039418	vdb entry third party advisory
http://seclists.org/fulldisclosure/2017/Sep/51	third party advisory mailing list
http://www.securitytracker.com/id/1039417	vdb entry third party advisory

Frequently Asked Questions

What is the severity of CVE-2017-8007?: CVE-2017-8007 has been scored as a high severity vulnerability.
How to fix CVE-2017-8007?: To fix CVE-2017-8007, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2017-8007 being actively exploited in the wild?: It is possible that CVE-2017-8007 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~2% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2017-8007?: CVE-2017-8007 affects n/a EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R (Watch4Net) for SAS Solution Packs.

Description

Category

CWE-22 – Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

References

Frequently Asked Questions