cvelistv5 - cve-2016-8211

CVE-2016-8211 (GCVE-0-2016-8211)

Vulnerability from cvelistv5 – Published: 2017-02-03 07:24 – Updated: 2024-08-06 02:13

Summary

Severity ?

No CVSS data available.

CWE

Path Traversal Vulnerability

Assigner

dell

References

URL

Tags

	http://www.securityfocus.com/archive/1/540067/30/…	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/95833	vdb-entryx_refsource_BID
	http://www.securitytracker.com/id/1037729	vdb-entryx_refsource_SECTRACK

Impacted products

	Vendor	Product	Version
	n/a	EMC Data Protection Advisor EMC Data Protection Advisor 6.1.x, EMC Data Protection Advisor 6.2, EMC Data Protection Advisor 6.2.1, EMC Data Protection Advisor 6.2.2, EMC Data Protection Advisor 6.2.3 prior to patch 446	Affected: EMC Data Protection Advisor EMC Data Protection Advisor 6.1.x, EMC Data Protection Advisor 6.2, EMC Data Protection Advisor 6.2.1, EMC Data Protection Advisor 6.2.2, EMC Data Protection Advisor 6.2.3 prior to patch 446

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:13:21.920Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/540067/30/0/threaded"
          },
          {
            "name": "95833",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/95833"
          },
          {
            "name": "1037729",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037729"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "EMC Data Protection Advisor EMC Data Protection Advisor 6.1.x, EMC Data Protection Advisor 6.2, EMC Data Protection Advisor 6.2.1, EMC Data Protection Advisor 6.2.2, EMC Data Protection Advisor 6.2.3 prior to patch 446",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "EMC Data Protection Advisor EMC Data Protection Advisor 6.1.x, EMC Data Protection Advisor 6.2, EMC Data Protection Advisor 6.2.1, EMC Data Protection Advisor 6.2.2, EMC Data Protection Advisor 6.2.3 prior to patch 446"
            }
          ]
        }
      ],
      "datePublic": "2017-02-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "EMC Data Protection Advisor 6.1.x, EMC Data Protection Advisor 6.2, EMC Data Protection Advisor 6.2.1, EMC Data Protection Advisor 6.2.2, EMC Data Protection Advisor 6.2.3 prior to patch 446 has a path traversal vulnerability that may potentially be exploited by malicious users to compromise the affected system."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Path Traversal Vulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-02-10T21:57:01",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.securityfocus.com/archive/1/540067/30/0/threaded"
        },
        {
          "name": "95833",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/95833"
        },
        {
          "name": "1037729",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037729"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security_alert@emc.com",
          "ID": "CVE-2016-8211",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "EMC Data Protection Advisor EMC Data Protection Advisor 6.1.x, EMC Data Protection Advisor 6.2, EMC Data Protection Advisor 6.2.1, EMC Data Protection Advisor 6.2.2, EMC Data Protection Advisor 6.2.3 prior to patch 446",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "EMC Data Protection Advisor EMC Data Protection Advisor 6.1.x, EMC Data Protection Advisor 6.2, EMC Data Protection Advisor 6.2.1, EMC Data Protection Advisor 6.2.2, EMC Data Protection Advisor 6.2.3 prior to patch 446"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "EMC Data Protection Advisor 6.1.x, EMC Data Protection Advisor 6.2, EMC Data Protection Advisor 6.2.1, EMC Data Protection Advisor 6.2.2, EMC Data Protection Advisor 6.2.3 prior to patch 446 has a path traversal vulnerability that may potentially be exploited by malicious users to compromise the affected system."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Path Traversal Vulnerability"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.securityfocus.com/archive/1/540067/30/0/threaded",
              "refsource": "CONFIRM",
              "url": "http://www.securityfocus.com/archive/1/540067/30/0/threaded"
            },
            {
              "name": "95833",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/95833"
            },
            {
              "name": "1037729",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037729"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2016-8211",
    "datePublished": "2017-02-03T07:24:00",
    "dateReserved": "2016-09-13T00:00:00",
    "dateUpdated": "2024-08-06T02:13:21.920Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dell:emc_data_protection_advisor:6.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7FE380D1-FAAD-456C-8B27-2FC319EBA9B2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dell:emc_data_protection_advisor:6.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D1941D69-2AFA-46AF-B5A6-DA54A704919A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dell:emc_data_protection_advisor:6.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AB940714-D9FD-4980-9F0C-430A36E4AEEC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dell:emc_data_protection_advisor:6.2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DB16268F-3AF2-40E1-B762-8735112B193A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dell:emc_data_protection_advisor:6.2.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A6BF7A92-9944-48FA-81A5-74853E38B678\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"EMC Data Protection Advisor 6.1.x, EMC Data Protection Advisor 6.2, EMC Data Protection Advisor 6.2.1, EMC Data Protection Advisor 6.2.2, EMC Data Protection Advisor 6.2.3 prior to patch 446 has a path traversal vulnerability that may potentially be exploited by malicious users to compromise the affected system.\"}, {\"lang\": \"es\", \"value\": \"EMC Data Protection Advisor 6.1.x, EMC Data Protection Advisor 6.2, EMC Data Protection Advisor 6.2.1, EMC Data Protection Advisor 6.2.2, EMC Data Protection Advisor 6.2.3 anterior al parche 446 tiene una vulnerabilidad de salto de ruta que puede ser potencialmente explotada por usuarios malintencionados para comprometer el sistema afectado.\"}]",
      "id": "CVE-2016-8211",
      "lastModified": "2024-11-21T02:58:59.730",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-02-03T07:59:00.327",
      "references": "[{\"url\": \"http://www.securityfocus.com/archive/1/540067/30/0/threaded\", \"source\": \"security_alert@emc.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securityfocus.com/bid/95833\", \"source\": \"security_alert@emc.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1037729\", \"source\": \"security_alert@emc.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/540067/30/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securityfocus.com/bid/95833\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1037729\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}]",
      "sourceIdentifier": "security_alert@emc.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-22\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-8211\",\"sourceIdentifier\":\"security_alert@emc.com\",\"published\":\"2017-02-03T07:59:00.327\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"EMC Data Protection Advisor 6.1.x, EMC Data Protection Advisor 6.2, EMC Data Protection Advisor 6.2.1, EMC Data Protection Advisor 6.2.2, EMC Data Protection Advisor 6.2.3 prior to patch 446 has a path traversal vulnerability that may potentially be exploited by malicious users to compromise the affected system.\"},{\"lang\":\"es\",\"value\":\"EMC Data Protection Advisor 6.1.x, EMC Data Protection Advisor 6.2, EMC Data Protection Advisor 6.2.1, EMC Data Protection Advisor 6.2.2, EMC Data Protection Advisor 6.2.3 anterior al parche 446 tiene una vulnerabilidad de salto de ruta que puede ser potencialmente explotada por usuarios malintencionados para comprometer el sistema afectado.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dell:emc_data_protection_advisor:6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7FE380D1-FAAD-456C-8B27-2FC319EBA9B2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dell:emc_data_protection_advisor:6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D1941D69-2AFA-46AF-B5A6-DA54A704919A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dell:emc_data_protection_advisor:6.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB940714-D9FD-4980-9F0C-430A36E4AEEC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dell:emc_data_protection_advisor:6.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB16268F-3AF2-40E1-B762-8735112B193A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dell:emc_data_protection_advisor:6.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6BF7A92-9944-48FA-81A5-74853E38B678\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/archive/1/540067/30/0/threaded\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/95833\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1037729\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/archive/1/540067/30/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/95833\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1037729\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}"
  }
}

GSD-2016-8211

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2016-8211

Aliases

CVE-2016-8211

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-8211",
    "description": "EMC Data Protection Advisor 6.1.x, EMC Data Protection Advisor 6.2, EMC Data Protection Advisor 6.2.1, EMC Data Protection Advisor 6.2.2, EMC Data Protection Advisor 6.2.3 prior to patch 446 has a path traversal vulnerability that may potentially be exploited by malicious users to compromise the affected system.",
    "id": "GSD-2016-8211"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-8211"
      ],
      "details": "EMC Data Protection Advisor 6.1.x, EMC Data Protection Advisor 6.2, EMC Data Protection Advisor 6.2.1, EMC Data Protection Advisor 6.2.2, EMC Data Protection Advisor 6.2.3 prior to patch 446 has a path traversal vulnerability that may potentially be exploited by malicious users to compromise the affected system.",
      "id": "GSD-2016-8211",
      "modified": "2023-12-13T01:21:22.102311Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security_alert@emc.com",
        "ID": "CVE-2016-8211",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "EMC Data Protection Advisor EMC Data Protection Advisor 6.1.x, EMC Data Protection Advisor 6.2, EMC Data Protection Advisor 6.2.1, EMC Data Protection Advisor 6.2.2, EMC Data Protection Advisor 6.2.3 prior to patch 446",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "EMC Data Protection Advisor EMC Data Protection Advisor 6.1.x, EMC Data Protection Advisor 6.2, EMC Data Protection Advisor 6.2.1, EMC Data Protection Advisor 6.2.2, EMC Data Protection Advisor 6.2.3 prior to patch 446"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "EMC Data Protection Advisor 6.1.x, EMC Data Protection Advisor 6.2, EMC Data Protection Advisor 6.2.1, EMC Data Protection Advisor 6.2.2, EMC Data Protection Advisor 6.2.3 prior to patch 446 has a path traversal vulnerability that may potentially be exploited by malicious users to compromise the affected system."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Path Traversal Vulnerability"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.securityfocus.com/archive/1/540067/30/0/threaded",
            "refsource": "CONFIRM",
            "url": "http://www.securityfocus.com/archive/1/540067/30/0/threaded"
          },
          {
            "name": "95833",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/95833"
          },
          {
            "name": "1037729",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1037729"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:dell:emc_data_protection_advisor:6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dell:emc_data_protection_advisor:6.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dell:emc_data_protection_advisor:6.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dell:emc_data_protection_advisor:6.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dell:emc_data_protection_advisor:6.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@dell.com",
          "ID": "CVE-2016-8211"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "EMC Data Protection Advisor 6.1.x, EMC Data Protection Advisor 6.2, EMC Data Protection Advisor 6.2.1, EMC Data Protection Advisor 6.2.2, EMC Data Protection Advisor 6.2.3 prior to patch 446 has a path traversal vulnerability that may potentially be exploited by malicious users to compromise the affected system."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-22"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.securityfocus.com/archive/1/540067/30/0/threaded",
              "refsource": "CONFIRM",
              "tags": [
                "Mailing List",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/archive/1/540067/30/0/threaded"
            },
            {
              "name": "95833",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/95833"
            },
            {
              "name": "1037729",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1037729"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2020-01-23T18:21Z",
      "publishedDate": "2017-02-03T07:59Z"
    }
  }
}

VAR-201702-0309

Vulnerability from variot - Updated: 2023-12-18 13:39

EMC Data Protection Advisor 6.1.x, EMC Data Protection Advisor 6.2, EMC Data Protection Advisor 6.2.1, EMC Data Protection Advisor 6.2.2, EMC Data Protection Advisor 6.2.3 prior to patch 446 has a path traversal vulnerability that may potentially be exploited by malicious users to compromise the affected system. Authentication is not required to exploit this vulnerability.The specific flaw exists within the ImageServlet servlet which listens on TCP ports 9002 and 9004. The issue lies in the failure to properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose files under the context of SYSTEM. The solution enables the automation and centralization of all such data collection and analysis, obtaining a single comprehensive view of the data protection environment and activities, and more.

Link to remedies: Registered EMC Online Support customers can download the required patch from support.emc.com at https://support.emc.com/downloads/829_Data-Protection-Advisor

If you have any questions, contact DELL/EMC Support.

Credits: EMC would like to thank rgod working with Trend Micro's Zero Day Initiative for reporting this vulnerability.

Read and use the information in this EMC Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this product alert, contact EMC Software Technical Support at 1-877-534-2867.

For an explanation of Severity Ratings, refer to EMC Knowledgebase solution emc218831. EMC recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability.

EMC recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. EMC disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall EMC or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if EMC or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2

iQEcBAEBCAAGBQJYiiHdAAoJEHbcu+fsE81ZK0MH/3ClnyYIsR4ztTld+TCIzWO1 ber0FmYs7iRUyiU6XPVxoOYvEQTTmZRwFzdKwXNQMwxwUc2TQoJy2Bqkf8OrMbB/ yA4sJkyCFD6pkX14Rp6RvOFYK+4MtkbLQkmyIyi4bpM19U33XIfojBH28zmFvQlG Tzj8wUkXP+/BLLz4c80Ffs9G4JbueBgCc24CVjVN8Ygh2ykAQLAyahfsw5nC3LZO qQdOo3yV6qn4OSHBqg6nLkFJXhvuUxl+OFm1C/Rl1xdIJ21tG54nKyxswQFr9M7+ MuvHCmooXSUNOtiznS/9cBRg5hKcB5Ug/OdWe3SzrP0D0sWekcsrGClUpES1EgI= =CMLs -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201702-0309",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "emc data protection advisor",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "dell",
        "version": "6.1"
      },
      {
        "model": "emc data protection advisor",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "dell",
        "version": "6.2.3"
      },
      {
        "model": "emc data protection advisor",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "dell",
        "version": "6.2"
      },
      {
        "model": "emc data protection advisor",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "dell",
        "version": "6.2.1"
      },
      {
        "model": "emc data protection advisor",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "dell",
        "version": "6.2.2"
      },
      {
        "model": "data protection advisor",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "emc",
        "version": "6.2.3"
      },
      {
        "model": "data protection advisor",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "emc",
        "version": "6.2.2"
      },
      {
        "model": "data protection advisor",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "emc",
        "version": "6.2.1"
      },
      {
        "model": "data protection advisor",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "emc",
        "version": "6.1"
      },
      {
        "model": "data protection advisor",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "emc",
        "version": "6.2"
      },
      {
        "model": "data protection advisor",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "dell emc old emc",
        "version": "6.2.1"
      },
      {
        "model": "data protection advisor",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "dell emc old emc",
        "version": "6.1.x"
      },
      {
        "model": "data protection advisor",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "dell emc old emc",
        "version": "6.2"
      },
      {
        "model": "data protection advisor",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "dell emc old emc",
        "version": "6.2.2"
      },
      {
        "model": "data protection advisor",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "dell emc old emc",
        "version": "6.2.3"
      },
      {
        "model": "data protection advisor",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "dell emc old emc",
        "version": "6.2.3 patch 446"
      },
      {
        "model": "data protection advisor",
        "scope": null,
        "trust": 0.7,
        "vendor": "emc",
        "version": null
      },
      {
        "model": "data protection advisor patch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "emc",
        "version": "6.2.3446"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-17-394"
      },
      {
        "db": "BID",
        "id": "95833"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007968"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8211"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-031"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:dell:emc_data_protection_advisor:6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dell:emc_data_protection_advisor:6.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dell:emc_data_protection_advisor:6.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dell:emc_data_protection_advisor:6.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dell:emc_data_protection_advisor:6.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-8211"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "rgod",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-17-394"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2016-8211",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2016-8211",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 1.5,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-97031",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2016-8211",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2016-8211",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "ZDI",
            "id": "CVE-2016-8211",
            "trust": 0.7,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201702-031",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-97031",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-17-394"
      },
      {
        "db": "VULHUB",
        "id": "VHN-97031"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007968"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8211"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-031"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "EMC Data Protection Advisor 6.1.x, EMC Data Protection Advisor 6.2, EMC Data Protection Advisor 6.2.1, EMC Data Protection Advisor 6.2.2, EMC Data Protection Advisor 6.2.3 prior to patch 446 has a path traversal vulnerability that may potentially be exploited by malicious users to compromise the affected system. Authentication is not required to exploit this vulnerability.The specific flaw exists within the ImageServlet servlet which listens on TCP ports 9002 and 9004. The issue lies in the failure to properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose files under the context of SYSTEM. The solution enables the automation and centralization of all such data collection and analysis, obtaining a single comprehensive view of the data protection environment and activities, and more. \n\n\nLink to remedies:\nRegistered EMC Online Support customers can download the required patch from support.emc.com at https://support.emc.com/downloads/829_Data-Protection-Advisor\n\nIf you have any questions, contact DELL/EMC Support. \n\nCredits:\nEMC would like to thank rgod working with Trend Micro\u0027s Zero Day Initiative for reporting this vulnerability. \n\n\nRead and use the information in this EMC Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this product alert, contact EMC Software Technical Support at 1-877-534-2867. \n\nFor an explanation of Severity Ratings, refer to EMC Knowledgebase solution emc218831. EMC recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability. \n\nEMC recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided \"as is\" without warranty of any kind. EMC disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall EMC or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if EMC or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v2\n\niQEcBAEBCAAGBQJYiiHdAAoJEHbcu+fsE81ZK0MH/3ClnyYIsR4ztTld+TCIzWO1\nber0FmYs7iRUyiU6XPVxoOYvEQTTmZRwFzdKwXNQMwxwUc2TQoJy2Bqkf8OrMbB/\nyA4sJkyCFD6pkX14Rp6RvOFYK+4MtkbLQkmyIyi4bpM19U33XIfojBH28zmFvQlG\nTzj8wUkXP+/BLLz4c80Ffs9G4JbueBgCc24CVjVN8Ygh2ykAQLAyahfsw5nC3LZO\nqQdOo3yV6qn4OSHBqg6nLkFJXhvuUxl+OFm1C/Rl1xdIJ21tG54nKyxswQFr9M7+\nMuvHCmooXSUNOtiznS/9cBRg5hKcB5Ug/OdWe3SzrP0D0sWekcsrGClUpES1EgI=\n=CMLs\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-8211"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007968"
      },
      {
        "db": "ZDI",
        "id": "ZDI-17-394"
      },
      {
        "db": "BID",
        "id": "95833"
      },
      {
        "db": "VULHUB",
        "id": "VHN-97031"
      },
      {
        "db": "PACKETSTORM",
        "id": "140788"
      }
    ],
    "trust": 2.7
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-97031",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-97031"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-8211",
        "trust": 3.6
      },
      {
        "db": "BID",
        "id": "95833",
        "trust": 1.4
      },
      {
        "db": "SECTRACK",
        "id": "1037729",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007968",
        "trust": 0.8
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-3844",
        "trust": 0.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-17-394",
        "trust": 0.7
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-031",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "140788",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-97031",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-17-394"
      },
      {
        "db": "VULHUB",
        "id": "VHN-97031"
      },
      {
        "db": "BID",
        "id": "95833"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007968"
      },
      {
        "db": "PACKETSTORM",
        "id": "140788"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8211"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-031"
      }
    ]
  },
  "id": "VAR-201702-0309",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-97031"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:39:04.519000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "EMC Data Protection Advisor",
        "trust": 0.8,
        "url": "https://japan.emc.com/data-protection/data-protection-advisor.htm"
      },
      {
        "title": "EMC has issued an update to correct this vulnerability.",
        "trust": 0.7,
        "url": "http://seclists.org/bugtraq/2017/jan/att-87/esa-2016-133.txt"
      },
      {
        "title": "EMC Data Protection Advisor Repair measures for path traversal vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=67419"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-17-394"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007968"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-031"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-22",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-97031"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007968"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8211"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://www.securityfocus.com/archive/1/540067/30/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/95833"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1037729"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-8211"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8211"
      },
      {
        "trust": 0.7,
        "url": "http://seclists.org/bugtraq/2017/jan/att-87/esa-2016-133.txt"
      },
      {
        "trust": 0.3,
        "url": "http://www.emc.com/"
      },
      {
        "trust": 0.1,
        "url": "https://support.emc.com/downloads/829_data-protection-advisor"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-17-394"
      },
      {
        "db": "VULHUB",
        "id": "VHN-97031"
      },
      {
        "db": "BID",
        "id": "95833"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007968"
      },
      {
        "db": "PACKETSTORM",
        "id": "140788"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8211"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-031"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "ZDI",
        "id": "ZDI-17-394"
      },
      {
        "db": "VULHUB",
        "id": "VHN-97031"
      },
      {
        "db": "BID",
        "id": "95833"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007968"
      },
      {
        "db": "PACKETSTORM",
        "id": "140788"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8211"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-031"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-06-12T00:00:00",
        "db": "ZDI",
        "id": "ZDI-17-394"
      },
      {
        "date": "2017-02-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-97031"
      },
      {
        "date": "2017-01-25T00:00:00",
        "db": "BID",
        "id": "95833"
      },
      {
        "date": "2017-04-03T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-007968"
      },
      {
        "date": "2017-01-28T10:21:11",
        "db": "PACKETSTORM",
        "id": "140788"
      },
      {
        "date": "2017-02-03T07:59:00.327000",
        "db": "NVD",
        "id": "CVE-2016-8211"
      },
      {
        "date": "2017-02-06T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201702-031"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-06-12T00:00:00",
        "db": "ZDI",
        "id": "ZDI-17-394"
      },
      {
        "date": "2020-01-23T00:00:00",
        "db": "VULHUB",
        "id": "VHN-97031"
      },
      {
        "date": "2017-02-02T01:03:00",
        "db": "BID",
        "id": "95833"
      },
      {
        "date": "2017-04-03T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-007968"
      },
      {
        "date": "2020-01-23T18:21:31.447000",
        "db": "NVD",
        "id": "CVE-2016-8211"
      },
      {
        "date": "2017-07-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201702-031"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-031"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "EMC Data Protection Advisor Path traversal vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007968"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-031"
      }
    ],
    "trust": 1.4
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "path traversal",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-031"
      }
    ],
    "trust": 0.6
  }
}

CNVD-2017-01153

Vulnerability from cnvd - Published: 2017-02-09

Title

EMC Data Protection Advisor目录遍历漏洞

Description

EMC Data Protection Advisor是一款统一的数据保护管理解决方案。 EMC Data Protection Advisor存在目录遍历漏洞，允许远程攻击者利用漏洞提交特殊的请求查看系统文件内容。

Severity

中

Patch Name

EMC Data Protection Advisor目录遍历漏洞的补丁

Patch Description

EMC Data Protection Advisor是一款统一的数据保护管理解决方案。 EMC Data Protection Advisor存在目录遍历漏洞，允许远程攻击者利用漏洞提交特殊的请求查看系统文件内容。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下厂商提供的安全补丁以修复该漏洞： https://www.emc.com

Reference

http://www.securityfocus.com/archive/1/540067/30/0/threaded http://www.securityfocus.com/bid/95833

Impacted products

Name
['EMC Data Protection Advisor 6.2.3', 'EMC Data Protection Advisor 6.2.2', 'EMC Data Protection Advisor 6.2.1', 'EMC Data Protection Advisor 6.1', 'EMC Data Protection Advisor 6.2']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "95833"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-8211"
    }
  },
  "description": "EMC Data Protection Advisor\u662f\u4e00\u6b3e\u7edf\u4e00\u7684\u6570\u636e\u4fdd\u62a4\u7ba1\u7406\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nEMC Data Protection Advisor\u5b58\u5728\u76ee\u5f55\u904d\u5386\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u63d0\u4ea4\u7279\u6b8a\u7684\u8bf7\u6c42\u67e5\u770b\u7cfb\u7edf\u6587\u4ef6\u5185\u5bb9\u3002",
  "discovererName": "rgod working with Trend Micro\u0027s Zero Day.",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://www.emc.com",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-01153",
  "openTime": "2017-02-09",
  "patchDescription": "EMC Data Protection Advisor\u662f\u4e00\u6b3e\u7edf\u4e00\u7684\u6570\u636e\u4fdd\u62a4\u7ba1\u7406\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nEMC Data Protection Advisor\u5b58\u5728\u76ee\u5f55\u904d\u5386\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u63d0\u4ea4\u7279\u6b8a\u7684\u8bf7\u6c42\u67e5\u770b\u7cfb\u7edf\u6587\u4ef6\u5185\u5bb9\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "EMC Data Protection Advisor\u76ee\u5f55\u904d\u5386\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "EMC Data Protection Advisor 6.2.3",
      "EMC Data Protection Advisor 6.2.2",
      "EMC Data Protection Advisor 6.2.1",
      "EMC Data Protection Advisor 6.1",
      "EMC Data Protection Advisor 6.2"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/archive/1/540067/30/0/threaded\r\nhttp://www.securityfocus.com/bid/95833",
  "serverity": "\u4e2d",
  "submitTime": "2017-02-06",
  "title": "EMC Data Protection Advisor\u76ee\u5f55\u904d\u5386\u6f0f\u6d1e"
}

GHSA-97HR-W4X9-QRWP

Vulnerability from github – Published: 2022-05-13 01:28 – Updated: 2022-05-13 01:28

Details

Severity ?

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-8211"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-02-03T07:59:00Z",
    "severity": "HIGH"
  },
  "details": "EMC Data Protection Advisor 6.1.x, EMC Data Protection Advisor 6.2, EMC Data Protection Advisor 6.2.1, EMC Data Protection Advisor 6.2.2, EMC Data Protection Advisor 6.2.3 prior to patch 446 has a path traversal vulnerability that may potentially be exploited by malicious users to compromise the affected system.",
  "id": "GHSA-97hr-w4x9-qrwp",
  "modified": "2022-05-13T01:28:45Z",
  "published": "2022-05-13T01:28:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8211"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/540067/30/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/95833"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1037729"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2016-8211

Vulnerability from fkie_nvd - Published: 2017-02-03 07:59 - Updated: 2025-04-20 01:37

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
security_alert@emc.com	http://www.securityfocus.com/archive/1/540067/30/0/threaded	Mailing List, Third Party Advisory, VDB Entry
security_alert@emc.com	http://www.securityfocus.com/bid/95833	Third Party Advisory, VDB Entry
security_alert@emc.com	http://www.securitytracker.com/id/1037729	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/540067/30/0/threaded	Mailing List, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/95833	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1037729	Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
dell	emc_data_protection_advisor	6.1
dell	emc_data_protection_advisor	6.2
dell	emc_data_protection_advisor	6.2.1
dell	emc_data_protection_advisor	6.2.2
dell	emc_data_protection_advisor	6.2.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:dell:emc_data_protection_advisor:6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FE380D1-FAAD-456C-8B27-2FC319EBA9B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dell:emc_data_protection_advisor:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1941D69-2AFA-46AF-B5A6-DA54A704919A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dell:emc_data_protection_advisor:6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB940714-D9FD-4980-9F0C-430A36E4AEEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dell:emc_data_protection_advisor:6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB16268F-3AF2-40E1-B762-8735112B193A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dell:emc_data_protection_advisor:6.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6BF7A92-9944-48FA-81A5-74853E38B678",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "EMC Data Protection Advisor 6.1.x, EMC Data Protection Advisor 6.2, EMC Data Protection Advisor 6.2.1, EMC Data Protection Advisor 6.2.2, EMC Data Protection Advisor 6.2.3 prior to patch 446 has a path traversal vulnerability that may potentially be exploited by malicious users to compromise the affected system."
    },
    {
      "lang": "es",
      "value": "EMC Data Protection Advisor 6.1.x, EMC Data Protection Advisor 6.2, EMC Data Protection Advisor 6.2.1, EMC Data Protection Advisor 6.2.2, EMC Data Protection Advisor 6.2.3 anterior al parche 446 tiene una vulnerabilidad de salto de ruta que puede ser potencialmente explotada por usuarios malintencionados para comprometer el sistema afectado."
    }
  ],
  "id": "CVE-2016-8211",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-02-03T07:59:00.327",
  "references": [
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/540067/30/0/threaded"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/95833"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1037729"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/540067/30/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/95833"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1037729"
    }
  ],
  "sourceIdentifier": "security_alert@emc.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-8211 (GCVE-0-2016-8211)

GSD-2016-8211

VAR-201702-0309

CNVD-2017-01153

GHSA-97HR-W4X9-QRWP

FKIE_CVE-2016-8211

Tags

Sightings

Nomenclature