Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): Dell Storage Manager
- Search Type: Search All
- Match: Exact
- CPE Name Search: false
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2017-14384 |
In Dell Storage Manager versions earlier than 16.3.20, the EMConfigMigration service is affected by a directory traversal vulnerability. A remote malicious user could potentially exploit this vulnerability to read unauthorized files by supplying specially crafted strings in input parameters of the application. A malicious user cannot delete or modify any files via this vulnerability. Published: March 16, 2018; 4:29:00 PM -0400 |
V3.0: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2017-14374 |
The SMI-S service in Dell Storage Manager versions earlier than 16.3.20 (aka 2016 R3.20) is protected using a hard-coded password. A remote user with the knowledge of the password might potentially disable the SMI-S service via HTTP requests, affecting storage management and monitoring functionality via the SMI-S interface. This issue, aka DSM-30415, only affects a Windows installation of the Data Collector (not applicable to the virtual appliance). Published: December 05, 2017; 7:29:00 PM -0500 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2017-10949 |
Directory Traversal in Dell Storage Manager 2016 R2.1 causes Information Disclosure when the doGet method of the EmWebsiteServlet class doesn't properly validate user provided path before using it in file operations. Was ZDI-CAN-4459. Published: August 04, 2017; 11:29:00 AM -0400 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |