Data Protection Advisor Security Vulnerabilities and Issues — Data Protection Advisor CVE List

EmcData Protection Advisor

9 matches found

CVE•added 2018/03/12 5:0 p.m.•55 views

CVE-2018-1206

Dell EMC Data Protection Advisor is affected by CVE-2018-1206 in versions prior to 6.3 Patch 159 and prior to 6.4 Patch 110, due to a hardcoded admin database account named apollosuperuser. A local attacker with server access and knowledge of this password could gain unauthorized access to the Da...

7.8CVSS7.6AI score0.00359EPSS

CVE•added 2017/10/19 7:0 p.m.•51 views

CVE-2017-10955

The CVE-2017-10955 issue affects EMC Data Protection Advisor 6.3.0, where the EMC DPA Application service listens on TCP port 9002. The root cause is improper validation of the user-supplied preScript parameter before it is used to execute a system call, enabling remote code execution. An attacke...

9CVSS9.2AI score0.06685EPSS

CVE•added 2017/07/09 8:0 p.m.•50 views

CVE-2017-8003

CVE-2017-8003 relates to EMC Data Protection Advisor prior to 6.4, which contains a path traversal vulnerability. A remote authenticated high-privilege user can supply specially crafted strings in input parameters of the application to access unauthorized information from the underlying OS server...

6.8CVSS5.9AI score0.02585EPSS

CVE•added 2017/07/09 8:0 p.m.•47 views

CVE-2017-8002

EMC Data Protection Advisor prior to 6.4 is affected by multiple blind SQL injection vulnerabilities (CVE-2017-8002). The authenticated remote attacker could exploit these to cause arbitrary SQL commands and disclose/manipulate data via the backend database. Affected component behavior is tied to...

8.8CVSS9.1AI score0.02275EPSS

CVE•added 2012/12/26 8:0 p.m.•46 views

CVE-2012-4616

CVE-2012-4616 affects EMC Data Protection Advisor (DPA) Web UI. A directory traversal vulnerability in the DPA Web UI enables remote attackers to copy/read arbitrary files from the server. Affected products/versions include DPA 5.6 (SP1), 5.7 (SP1), and 5.8 (SP1–SP4). The root cause is a Web UI d...

5CVSS6.8AI score0.01824EPSS

CVE•added 2011/08/01 7:0 p.m.•45 views

CVE-2011-1742

CVE-2011-1742 affects EMC Data Protection Advisor prior to 5.8.1, where cleartext account credentials may be written into the DPA configuration file, potentially readable by local users. The issue is documented across multiple sources (NVD entry; EMC advisories) and is limited to situations in wh...

2.1CVSS6AI score0.00315EPSS

CVE•added 2018/03/16 8:0 p.m.•45 views

CVE-2017-8013

CVE-2017-8013 affects EMC Data Protection Advisor 6.3.x (before patch 67) and 6.4.x (before patch 130). Root cause: undocumented accounts with hard-coded passwords (Apollo System Test, emc.dpa.agent.logon, emc.dpa.metrics.logon) enabling access via REST APIs and potentially administrative privile...

9.8CVSS9.5AI score0.02217EPSS

CVE•added 2012/04/20 1:0 a.m.•40 views

CVE-2012-0406

EMC Data Protection Advisor (DPA) 5.5–5.8 SP1 contains a NULL pointer dereference DoS in DPA_Utilities.cProcessAuthenticationData triggered by AUTHENTICATECONNECTION without a password or with an empty password. Exploitation can crash the daemon. The public disclosures (ESA-2012-018) indicate a S...

7.8CVSS7.1AI score0.08648EPSS

CVE•added 2012/04/20 1:0 a.m.•40 views

CVE-2012-0407

CVE-2012-0407 : In EMC Data Protection Advisor (DPA) 5.5–5.8 SP1, an integer overflow can occur in the DPA_Utilities library when a negative 64-bit value is used in a particular size field, leading to a denial of service (infinite loop). The issue is separate from a NULL pointer dereference (CVE-...

5CVSS6.9AI score0.03215EPSS