CVE-2016-0889

Published: Apr 15, 2016Modified: May 6, 2026

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

An HTTP servlet in vApp Manager in EMC Unisphere for VMAX Virtual Appliance before 8.2.0 allows remote attackers to write to arbitrary files via a crafted pathname.

Affected (1)

Products: Dell: Emc Unisphere

Dell

1 product

Emc Unisphere

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Dell Emc Unisphere	Up to 8.1

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (4)

http://seclists.org/bugtraq/2016/Apr/83

Source: security_alert@emc.com

Vendor Advisory

http://www.securitytracker.com/id/1035580

Source: security_alert@emc.com

http://seclists.org/bugtraq/2016/Apr/83

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securitytracker.com/id/1035580

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.