CVE-2017-10949
N/A
N/A
Summary
Directory Traversal in Dell Storage Manager 2016 R2.1 causes Information Disclosure when the doGet method of the EmWebsiteServlet class doesn't properly validate user provided path before using it in file operations. Was ZDI-CAN-4459.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Zero Day Initiative | Dell Storage Manager | 2016 R2.1 | affected |
Weaknesses
- Directory Traversal
ADP Enrichment
CVE Program Container
Additional References
- http://topics-cdn.dell.com/pdf/dell-compellent-sc8000_release%20notes24_en-us.pdf
- http://www.zerodayinitiative.com/advisories/ZDI-17-523
- http://www.securityfocus.com/bid/100138
References
- http://topics-cdn.dell.com/pdf/dell-compellent-sc8000_release%20notes24_en-us.pdf
- http://www.zerodayinitiative.com/advisories/ZDI-17-523
- http://www.securityfocus.com/bid/100138
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.