CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2017-8013

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1310%
EPSS Percentile9.95th
Published2018年3月16日
Last Modified2024年11月21日

Vulnerability Description

EMC Data Protection Advisor 6.3.x before patch 67 and 6.4.x before patch 130 contains undocumented accounts with hard-coded passwords and various privileges. Affected accounts are: "Apollo System Test", "emc.dpa.agent.logon" and "emc.dpa.metrics.logon". An attacker with knowledge of the password could potentially use these accounts via REST APIs to gain unauthorized access to EMC Data Protection Advisor (including potentially access with administrative privileges).

Affected Platforms (CPE)

📦
Emc

Data Protection Advisor

= 6.3.0
📦
Emc

Data Protection Advisor

= 6.4.0

References & Advisories

🔗 http://seclists.org/fulldisclosure/2017/Sep/36
🔗 http://www.securityfocus.com/bid/100846
🔗 http://www.securitytracker.com/id/1039370
🔗 http://seclists.org/fulldisclosure/2017/Sep/36
🔗 http://www.securityfocus.com/bid/100846
🔗 http://www.securitytracker.com/id/1039370

相關漏洞威脅

CVE-2020-53528.8

Dell EMC Data Protection Advisor 6.4, 6.5 and 18.1 contain an OS command injection vulnerability. A remote authenticated malicious...

CVE-2017-109558.8

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Data Protection Advisor 6....

CVE-2017-80028.8

EMC Data Protection Advisor prior to 6.4 contains multiple blind SQL injection vulnerabilities. A remote authenticated attacker ma...

CVE-2018-110488.1

Dell EMC Data Protection Advisor, versions 6.2, 6,3, 6.4, 6.5 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2....