CyberSec.Space Logo
Back to CVE Browser

CVE-2017-8013

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1310%
EPSS Percentile9.95th
PublishedMar 16, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

EMC Data Protection Advisor 6.3.x before patch 67 and 6.4.x before patch 130 contains undocumented accounts with hard-coded passwords and various privileges. Affected accounts are: "Apollo System Test", "emc.dpa.agent.logon" and "emc.dpa.metrics.logon". An attacker with knowledge of the password could potentially use these accounts via REST APIs to gain unauthorized access to EMC Data Protection Advisor (including potentially access with administrative privileges).

Affected Platforms (CPE)

πŸ“¦
Emc

Data Protection Advisor

= 6.3.0
πŸ“¦
Emc

Data Protection Advisor

= 6.4.0

References & Advisories

πŸ”— http://seclists.org/fulldisclosure/2017/Sep/36
πŸ”— http://www.securityfocus.com/bid/100846
πŸ”— http://www.securitytracker.com/id/1039370
πŸ”— http://seclists.org/fulldisclosure/2017/Sep/36
πŸ”— http://www.securityfocus.com/bid/100846
πŸ”— http://www.securitytracker.com/id/1039370

Related Vulnerabilities

CVE-2020-53528.8

Dell EMC Data Protection Advisor 6.4, 6.5 and 18.1 contain an OS command injection vulnerability. A remote authenticated malicious...

CVE-2017-109558.8

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Data Protection Advisor 6....

CVE-2017-80028.8

EMC Data Protection Advisor prior to 6.4 contains multiple blind SQL injection vulnerabilities. A remote authenticated attacker ma...

CVE-2018-110488.1

Dell EMC Data Protection Advisor, versions 6.2, 6,3, 6.4, 6.5 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2....