← Back

CVE-2016-9870

nvd nist
Published: Jan 23, 2017Modified: May 13, 2026

JSON object

Loading...
6.7
Vector
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploitability: 0.8 / Impact: 5.9
Source: NVD

Description

EMC Isilon OneFS 8.0.0.0, EMC Isilon OneFS 7.2.1.0 - 7.2.1.2, EMC Isilon OneFS 7.2.0.x, EMC Isilon OneFS 7.1.1.0 - 7.1.1.10, and EMC Isilon OneFS 7.1.0.x is affected by an LDAP injection vulnerability that could potentially be exploited by a malicious user to compromise the system.

Affected (26)

Products: Emc: Isilon Onefs
Emc
1 product
Isilon Onefs
Configuration A
26 vulnerable
Vulnerable SoftwareAffected Versions
Emc
Isilon Onefs
Version 7.1.0.0
Isilon Onefs
Version 7.1.0.1
Isilon Onefs
Version 7.1.0.2
Isilon Onefs
Version 7.1.0.3
Isilon Onefs
Version 7.1.0.4
Isilon Onefs
Version 7.1.0.5
Isilon Onefs
Version 7.1.0.6
Isilon Onefs
Version 7.1.1.0
Isilon Onefs
Version 7.1.1.1
Isilon Onefs
Version 7.1.1.2
Isilon Onefs
Version 7.1.1.3
Isilon Onefs
Version 7.1.1.4
Isilon Onefs
Version 7.1.1.5
Isilon Onefs
Version 7.1.1.6
Isilon Onefs
Version 7.1.1.7
Isilon Onefs
Version 7.1.1.8
Isilon Onefs
Version 7.2.0.0
Isilon Onefs
Version 7.2.0.1
Isilon Onefs
Version 7.2.0.2
Isilon Onefs
Version 7.2.0.3
Isilon Onefs
Version 7.2.0.4
Isilon Onefs
Version 7.2.0.5
Isilon Onefs
Version 7.2.1.0
Isilon Onefs
Version 7.2.1.1
Isilon Onefs
Version 7.2.1.2
Isilon Onefs
Version 8.0.0.0

Related CWEs

CWE-90
Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
The product constructs all or part of an LDAP query using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended LDAP query when it is sent to a downstream component.

References (4)

Source: security_alert@emc.com
MitigationThird Party AdvisoryVDB Entry
Source: security_alert@emc.com
Source: af854a3a-2127-422b-91ae-364da2661108
MitigationThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.