CVE-2017-8011

EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R for SAS Solution Packs (EMC ViPR SRM prior to 4.1, EMC Storage M&R prior to 4.1, EMC VNX M&R all versions, EMC M&R (Watch4Net) for SAS Solution Packs all versions) contain undocumented accounts with default passwords for Webservice Gateway and RMI JMX components. A remote attacker with the knowledge of the default password may potentially use these accounts to run arbitrary web service and remote procedure calls on the affected system.
References
Link Resource
http://seclists.org/fulldisclosure/2017/Jul/21 Mailing List Third Party Advisory
http://www.securitytracker.com/id/1038905 Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/99555 Third Party Advisory VDB Entry
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:dell:emc_m\&r:-:*:*:*:*:*:*:*
cpe:2.3:a:dell:emc_storage_monitoring_and_reporting:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:dell:emc_vipr_srm:*:*:*:*:*:*:*:*
cpe:2.3:a:dell:emc_vnx_monitoring_and_reporting:-:*:*:*:*:*:*:*

Information

Published : 2017-07-17 07:29

Updated : 2021-09-13 05:06


NVD link : CVE-2017-8011

Mitre link : CVE-2017-8011


JSON object : View

CWE
CWE-798

Use of Hard-coded Credentials

Advertisement

dedicated server usa

Products Affected

dell

  • emc_storage_monitoring_and_reporting
  • emc_vipr_srm
  • emc_m\&r
  • emc_vnx_monitoring_and_reporting