CVE-2017-8002 – EMC Data Protection Advisor RequestHistoryResource orderby SQL Injection Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2017-8002
EMC Data Protection Advisor prior to 6.4 contains multiple blind SQL injection vulnerabilities. A remote authenticated attacker may potentially exploit these vulnerabilities to gain information about the application by causing execution of arbitrary SQL commands. Data Protection Advisor anterior a versión 6.4 de EMC, contiene múltiples vulnerabilidades de inyección SQL ciega. Un atacante autenticado remoto puede potencialmente explotar estas vulnerabilidades para conseguir información sobre la aplicación causando la ejecución de comandos SQL arbitrarios. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of EMC Data Protection Advisor. • http://seclists.org/fulldisclosure/2017/Jul/12 http://www.securityfocus.com/bid/99487 http://www.securitytracker.com/id/1038841 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2017-8003 – EMC Data Protection Advisor ScheduledReportResource Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2017-8003
EMC Data Protection Advisor prior to 6.4 contains a path traversal vulnerability. A remote authenticated high privileged user may potentially exploit this vulnerability to access unauthorized information from the underlying OS server by supplying specially crafted strings in input parameters of the application. Data Protection Advisor de EMC anterior a versión 6.4, contiene una vulnerabilidad de salto de directorio. Un usuario autenticado remoto con privilegios elevados puede potencialmente explotar esta vulnerabilidad para acceder a información no autorizada desde el servidor del sistema operativo subyacente mediante la proporción de cadenas especialmente creadas en los parámetros de entrada de la aplicación. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of EMC Data Protection Advisor. • http://seclists.org/fulldisclosure/2017/Jul/12 http://www.securityfocus.com/bid/99487 http://www.securitytracker.com/id/1038841 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2011-1742
https://notcve.org/view.php?id=CVE-2011-1742
EMC Data Protection Advisor before 5.8.1 places cleartext account credentials in the DPA configuration file in unspecified circumstances, which might allow local users to obtain sensitive information by reading this file. EMC Data Protection Advisor anterior a v5.8.1 coloca credenciales de cuentas en texto claro en el fichero de configuración DPA en circunstancias no especificadas, lo que permite a usuarios locales obtener información sensible leyendo este fichero. • http://securityreason.com/securityalert/8318 http://www.securityfocus.com/archive/1/519012/100/0/threaded • CWE-255: Credentials Management Errors •