CRITICAL🇬🇧 English

CVE-2017-8013

CVSS 9.8v3.0pub. 2018-03-16upd. 2024-11-21

EMC Data Protection Advisor 6.3.x before patch 67 and 6.4.x before patch 130 contains undocumented accounts with hard-coded passwords and various privileges. Affected accounts are: "Apollo System Test", "emc.dpa.agent.logon" and "emc.dpa.metrics.logon". An attacker with knowledge of the password could potentially use these accounts via REST APIs to gain unauthorized access to EMC Data Protection Advisor (including potentially access with administrative privileges).

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Emc Data Protection Advisor

    APP
    Emc
    6.3.06.4.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2018-1206HIGH7.8ten sam produkt

Dell EMC Data Protection Advisor versions prior to 6.3 Patch 159 and Dell EMC Data Protection Advisor versions...

CVE-2017-10955HIGH8.8ten sam produkt

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Data P...

CVE-2017-8002HIGH8.8ten sam produkt

EMC Data Protection Advisor prior to 6.4 contains multiple blind SQL injection vulnerabilities. A remote authe...

CVE-2012-0406HIGH7.8ten sam produkt

The DPA_Utilities.cProcessAuthenticationData function in EMC Data Protection Advisor (DPA) 5.5 through 5.8 SP1...

CVE-2017-8003MEDIUM4.9ten sam produkt

EMC Data Protection Advisor prior to 6.4 contains a path traversal vulnerability. A remote authenticated high ...

CVE-2017-8013 — CRITICAL 9.8 | CVEbaza.pl