CVE-2017-8003

EPSS 0.69%
Published 09.07.2017 20:29:00
Last modified 20.04.2025 01:37:25
Source security_alert@emc.com
Teams watchlist Login
Open Login

EMC Data Protection Advisor prior to 6.4 contains a path traversal vulnerability. A remote authenticated high privileged user may potentially exploit this vulnerability to access unauthorized information from the underlying OS server by supplying specially crafted strings in input parameters of the application.

Affected products Warnungen 0 Metrics 3 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Emc ≫ Data Protection Advisor Version <= 6.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.69%	0.695

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.9	1.2	3.6	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	6.8	8	6.9	AV:N/AC:L/Au:S/C:C/I:N/A:N

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

http://seclists.org/fulldisclosure/2017/Jul/12

Third Party Advisory

Mailing List

http://www.securityfocus.com/bid/99487

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1038841

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2017-8003

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-8003

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-8003

EUVD