Vulnerability Name:

CVE-2012-4616 (CCN-80810)

Assigned:2012-12-26
Published:2012-12-26
Updated:2012-12-27
Summary:Directory traversal vulnerability in the Web UI in EMC Data Protection Advisor (DPA) 5.6 through SP1, 5.7 through SP1, and 5.8 through SP4 allows remote attackers to read arbitrary files via unspecified vectors.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-22
Vulnerability Consequences:Gain Access
References:Source: BUGTRAQ
Type: UNKNOWN
20121220 ESA-2012-060: EMC Data Protection Advisor Information Disclosure Vulnerability.

Source: CCN
Type: ESA-2012-060
EMC Data Protection Advisor Information Disclosure Vulnerability

Source: MITRE
Type: CNA
CVE-2012-4616

Source: CCN
Type: SA51672
EMC Data Protection Advisor Web UI Directory Traversal Vulnerability

Source: CCN
Type: BID-57046
EMC Data Protection Advisor CVE-2012-4616 Directory Traversal Vulnerability

Source: XF
Type: UNKNOWN
data-protection-webui-dir-traversal(80810)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:emc:data_protection_advisor:5.6:*:*:*:*:*:*:*
  • OR cpe:/a:emc:data_protection_advisor:5.6:sp1:*:*:*:*:*:*
  • OR cpe:/a:emc:data_protection_advisor:5.7:*:*:*:*:*:*:*
  • OR cpe:/a:emc:data_protection_advisor:5.7:sp1:*:*:*:*:*:*
  • OR cpe:/a:emc:data_protection_advisor:5.8:*:*:*:*:*:*:*
  • OR cpe:/a:emc:data_protection_advisor:5.8:sp1:*:*:*:*:*:*
  • OR cpe:/a:emc:data_protection_advisor:5.8:sp4:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:emc:data_protection_advisor:5.8:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    emc data protection advisor 5.6
    emc data protection advisor 5.6 sp1
    emc data protection advisor 5.7
    emc data protection advisor 5.7 sp1
    emc data protection advisor 5.8
    emc data protection advisor 5.8 sp1
    emc data protection advisor 5.8 sp4
    emc data protection advisor 5.8