Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-1215

An arbitrary file upload vulnerability was discovered in vApp Manager which is embedded in Dell EMC Unisphere for VMAX, Dell EMC Solutions Enabler, Dell EMC VASA Virtual Appliances, and Dell EMC VMAX Embedded Management (eManagement): Dell EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4.0.18, Dell EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.21, Dell EMC VASA Virtual Appliance versions prior to 8.4.0.514, and Dell EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4 (Enginuity Release 5977.1125.1125 and earlier). A remote authenticated malicious user may potentially upload arbitrary maliciously crafted files in any location on the web server. By chaining this vulnerability with CVE-2018-1216, the attacker may use the default account to exploit this vulnerability.

Published

2018-03-08T15:29:00.563

Last Modified

2024-11-21T03:59:24.370

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 8.8 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: SINGLE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

8.0

Impact Score

10.0

Weaknesses
  • Type: Primary
    CWE-434
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application dell emc_solutions_enabler_virtual_appliance < 8.4.0.21 Yes
Application dell emc_unisphere_for_vmax_virtual_appliance < 8.4.0.18 Yes
Application dell emc_vasa_virtual_appliance < 8.4.0.514 Yes
Application dell emc_vmax_embedded_management ≤ 1.4 Yes
References