CVE-2017-10949

Published: Aug 4, 2017Modified: May 13, 2026

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Directory Traversal in Dell Storage Manager 2016 R2.1 causes Information Disclosure when the doGet method of the EmWebsiteServlet class doesn't properly validate user provided path before using it in file operations. Was ZDI-CAN-4459.

Affected (1)

Products: Dell: Storage Manager 2016

Dell

1 product

Storage Manager 2016

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Dell Storage Manager 2016	Version r2.1

Related CWEs

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (6)

http://topics-cdn.dell.com/pdf/dell-compellent-sc8000_release%20notes24_en-us.pdf

Source: zdi-disclosures@trendmicro.com

Release NotesVendor Advisory

http://www.securityfocus.com/bid/100138

Source: zdi-disclosures@trendmicro.com

Third Party AdvisoryVDB Entry

http://www.zerodayinitiative.com/advisories/ZDI-17-523

Source: zdi-disclosures@trendmicro.com

Third Party AdvisoryVDB Entry

http://topics-cdn.dell.com/pdf/dell-compellent-sc8000_release%20notes24_en-us.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

http://www.securityfocus.com/bid/100138

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.zerodayinitiative.com/advisories/ZDI-17-523

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.