CVE-2018-1235

Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, contain a command injection vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to execute arbitrary commands on the affected system with root privilege.
References
Link Resource
http://seclists.org/fulldisclosure/2018/May/61 Mailing List Third Party Advisory
http://www.securityfocus.com/bid/104246 Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/44920/ Exploit Third Party Advisory VDB Entry
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:emc:recoverpoint_for_virtual_machines:*:*:*:*:*:*:*:*
cpe:2.3:a:emc:recoverpoint:*:*:*:*:*:*:*:*

Information

Published : 2018-05-29 10:29

Updated : 2019-10-02 17:03


NVD link : CVE-2018-1235

Mitre link : CVE-2018-1235


JSON object : View

CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Advertisement

dedicated server usa

Products Affected

emc

  • recoverpoint
  • recoverpoint_for_virtual_machines