Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiRgodZDI-17-394
HistoryJun 12, 2017 - 12:00 a.m.

EMC Data Protection Advisor ImageServlet Directory Traversal Information Disclosure Vulnerability

2017-06-1200:00:00
rgod
www.zerodayinitiative.com
14

EPSS

0.004

Percentile

74.0%

JSON

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of EMC Data Protection Advisor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ImageServlet servlet which listens on TCP ports 9002 and 9004. The issue lies in the failure to properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose files under the context of SYSTEM.

Related

openvas 1
cvelist 1
nvd 1
prion 1
cve 1
openvas
openvas
EMC Data Protection Advisor Directory Traversal Vulnerability (Jan 2017)
2017-01-30 00:00:00
cvelist
cvelist
CVE-2016-8211
2017-02-03 07:24:00
nvd
nvd
CVE-2016-8211
2017-02-03 07:59:00
prion
prion
Path traversal
2017-02-03 07:59:00
cve
cve
CVE-2016-8211
2017-02-03 07:59:00

EPSS

0.004

Percentile

74.0%

JSON
Related for ZDI-17-394
openvas1cvelist1nvd1prion1cve1