Main Vulnerability Database SB2017071406

SB2017071406 - Security restrictions bypass in EMC ViPR SRM

Published: July 14, 2017

Security Bulletin ID SB2017071406

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Security restrictions bypass (CVE-ID: CVE-2017-8011)

The vulnerability allows a remote attacker to gain access to the target system.

The weakness exist due to use of undocumented accounts with default passwords for Webservice Gateway and RMI JMX components. A remote attacker can gain access to the system to run arbitrary web service and remote procedure calls.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Install update from vendor's website.

References

http://seclists.org/fulldisclosure/2017/Jul/21