漏洞标题
N/A
漏洞描述信息
在vApp Manager中发现了任意文件上传漏洞,该漏洞被嵌入在Dell EMC Unisphere中用于VMAX、Dell EMC Solutions Enabler、Dell EMC VASA Virtual Appliances和Dell EMC VMAX Embedded Management(eManagement):8.4.0.18之前的VMAX虚拟Appliance版本、8.4.0.21之前的Dell EMC Solutions Enabler虚拟Appliance版本、8.4.0.514之前的Dell EMC VASA Virtual Appliance版本以及8.4.0.1.4之前的Dell EMC VMAX Embedded Management(eManagement)版本( Enginuity Release 5977.1125.1125和更早)。远程授权恶意用户可能可以在服务器上的任何位置上传恶意构造的任意文件。通过将这个漏洞与CVE-2018-1216连接起来,攻击者可以使用默认账户利用此漏洞。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
An arbitrary file upload vulnerability was discovered in vApp Manager which is embedded in Dell EMC Unisphere for VMAX, Dell EMC Solutions Enabler, Dell EMC VASA Virtual Appliances, and Dell EMC VMAX Embedded Management (eManagement): Dell EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4.0.18, Dell EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.21, Dell EMC VASA Virtual Appliance versions prior to 8.4.0.514, and Dell EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4 (Enginuity Release 5977.1125.1125 and earlier). A remote authenticated malicious user may potentially upload arbitrary maliciously crafted files in any location on the web server. By chaining this vulnerability with CVE-2018-1216, the attacker may use the default account to exploit this vulnerability.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
多款Dell产品安全漏洞
漏洞描述信息
Dell EMC Unisphere for VMAX Virtual Appliance等都是美国戴尔(Dell)公司的产品。Dell EMC Unisphere for VMAX Virtual Appliance(vApp)是一款针对VMAX存储阵列的管理工具。EMC Solutions Enabler Virtual Appliance是一款解决方案应用虚拟设备。 多款Dell产品中存在任意文件上传漏洞。远程攻击者可借助默认账户利用该漏洞向任意位置上传恶意制作的文件。以下产品和版本受到影响:Del
CVSS信息
N/A
漏洞类别
授权问题