CVE-2017-8017

Published: Oct 11, 2017Modified: May 13, 2026

6.1

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

EMC Network Configuration Manager (NCM) 9.3.x, 9.4.0.x, 9.4.1.x, and 9.4.2.x is affected by a reflected cross-site scripting Vulnerability that could potentially be exploited by malicious users to compromise the affected system.

Affected (4)

Products: Emc: Smarts Network Configuration Manager

1 product

Smarts Network Configuration Manager

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Emc Smarts Network Configuration Manager	Version 9.3
Emc Smarts Network Configuration Manager	Version 9.4.1
Emc Smarts Network Configuration Manager	Version 9.4.2
Emc Smarts Network Configuration Manager	Version 9.4

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (6)

http://seclists.org/fulldisclosure/2017/Oct/11

Source: security_alert@emc.com

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/101194

Source: security_alert@emc.com

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1039517

Source: security_alert@emc.com

Third Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2017/Oct/11

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/101194

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1039517

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.