Lucene search
RgodZDI-17-711HistoryAug 25, 2017 - 12:00 a.m.
EMC Data Protection Advisor ScheduledReportResource Directory Traversal Information Disclosure Vulnerability
2017-08-2500:00:00
rgod
www.zerodayinitiative.com
12
0.003 Low
EPSS
Percentile
70.2%
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of EMC Data Protection Advisor. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be easily bypassed. The specific flaw exists within the EMC DPA Application service, which listens on TCP port 9002 by default. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose any files accessible to the SYSTEM user.
References
Related
cvelist
cvelist
CVE-2017-8003
2017-07-09 20:00:00
cve
cve
CVE-2017-8003
2017-07-09 20:29:00
prion
prion
Path traversal
2017-07-09 20:29:00
nvd
nvd
CVE-2017-8003
2017-07-09 20:29:00
openvas
openvas
EMC Data Protection Advisor Multiple Vulnerabilities (Jul 2017)
2017-07-11 00:00:00
zdt
zdt
EMC Data Protection Advisor SQL Injection / Path Traversal Vulnerabilities
2017-07-08 00:00:00
nessus
nessus
EMC Data Protection Advisor < 6.4 Multiple Vulnerabilities
2017-07-13 00:00:00