-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ESA-2017-075: EMC Data Protection Advisor Multiple Vulnerabilities EMC Identifier ESA-2017-075 CVE Identifier CVE-2017-8002, CVE-2017-8003 Severity: Medium Severity Rating: CVSS Base Score View details below for individual CVSS Score for each CVE Affected products: EMC Data Protection Advisor versions prior to 6.4 Summary: A software update to EMC Data Protection Advisor contains fixes for multiple security vulnerabilities that could potentially be exploited by malicious users to compromise the affected system. Details Multiple Blind SQL Injection Vulnerabilities (CVE-2017-8002) EMC Data Protection Advisor contains multiple blind SQL injection vulnerabilities. A remote authenticated attacker may potentially exploit these vulnerabilities to gain information about the application by causing execution of arbitrary SQL commands. CVSSv3.0 Base Score 6.5 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) Path Traversal Vulnerability (CVE-2017-8003) EMC Data Protection Advisor contains a path traversal vulnerability. A remote authenticated high privileged user may potentially exploit this vulnerability to access unauthorized information from the underlying OS server by supplying specially crafted strings in input parameters of the application. CVSSv3.0 Base Score: 6.8 (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N) Resolution: The following EMC Data Protection Advisor release contains resolutions to these vulnerabilities: EMC Data Protection Advisor version 6.4 EMC recommends all customers upgrade at the earliest opportunity. Link To Remedies: Registered EMC Online Support customers can download the required patch from support.emc.com at https://support.emc.com/downloads/829_Data-Protection-Advisor If you have any questions, contact DELL EMC Support. Credits: DELL EMC would like to thank rgod working with Trend Micro's Zero Day Initiative for reporting these vulnerabilities. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJZXkz+AAoJEHbcu+fsE81ZvNEH/0YKEHJ4qAoXc9ZrZOMvDbqE Di79jtHeikuinWA+E6lyUd+0dblVwEdScEf4NHTBRtLLXxj53LAkey1CUt3hpNoG oUWghsLKw/YUeXvjn2EDmv85OPKsxGOWNw0HedAt5MqSuJhkOroHTK13FwR+y9sE XeClCnX86n89e6V0Ac4/ivBmBUUvSDcy5DBkrHBYIbArSjnYzeBFTiKN7YFQjIZz LJ2nKiUNOeIgI/ziBz4zXoEJXSvP4g5vtwW3Za6NrFZLkIw5KTgLJdRRumh+fJ1N bU3pa1b/DtxoIvsvUXZ+CBhtt1mEbkO9OyleJtJeIrGDf3E1D1L4lO+l8qWResw= =D6YP -----END PGP SIGNATURE----- # Iranian Exploit DataBase = http://IeDb.Ir [2017-07-07]